For help, advice and discussion about stuff not related to aviation. Play nice: no religion, no politics and no axe grinding please.
  • 1
  • 11
  • 12
  • 13
  • 14
  • 15
By Colonel Panic
#1786601
Many thanks - that did the trick, and I now have automated an old Echo Dot announcing (through TTS) if the solar panels trip out during daylight hours. The cookie isn't persisting, but I will investigate and hopefully sort that out today. EDITED TO ADD: Cookie now persistent

I do love the way so many technologies can be linked together to create something "useful" (debatable, I know). :oops:

PV panels
Inverter
OpenEnergyMonitor CT clamp
ESP8266 wifi module
TP-Link powerline adapters
RaspberryPi
Node-RED
Text To Speech
Amazon Alexa
Flyin'Dutch' liked this
User avatar
By GrahamB
#1786662
Colonel Panic wrote:Many thanks - that did the trick, and I now have automated an old Echo Dot announcing (throvugh TTS) if the solar panels trip out during daylight hours. The cookie isn't persisting, but I will investigate and hopefully sort that out today. EDITED TO ADD: Cookie now persistent

I do love the way so many technologies can be linked together to create something "useful" (debatable, I know). :oops:

PV panels
Inverter
OpenEnergyMonitor CT clamp
ESP8266 wifi module
TP-Link powerline adapters
RaspberryPi
Node-RED
Text To Speech
Amazon Alexa

Have you written the 1000 page manual for Mrs CP yet, in case one day you happen to be incapacitated or otherwise unavailable? :lol:
By Colonel Panic
#1788184
Any recommendations for what to look out for when ordering 305 metres of Cat5e cable? At Amazon it ranges from £26 to £88. Is AWG24 important?

External cable is between £110 - £136.

Or should I swap to Cat6 now? It is approx twice the price...

TIA
User avatar
By stevelup
#1788201
I only ever buy network cable from Black Box.

https://www.blackbox.co.uk/gb-gb/1233/Copper-Bulk-Cable

GigaBase = Cat5e
GigaTrue = Cat6

It's way more expensive than the stuff you've listed though...

Every single time I've ever had a problem on site, it is where someone has -not- used Black Box cable. For example we will refuse to even connect HDBaseT kit to anything other than Black Box. Other stuff is just too variable.

It pulls absolutely beautifully out of the box as well - no twists / kinks.

As with most things in life, you get what you pay for...
User avatar
By rikur_
#1788204
Colonel Panic wrote:
Or should I swap to Cat6 now? It is approx twice the price...

for domestic lengths, unlikely to have problems running 1Gbps on cat5e
5e doesn't have the rigid plastic core that 6 has, so can be easier to get through tight spaces - e.g. behind dab and dot plasterboard.
By Colonel Panic
#1788229
Thanks both - will concentrate on Cat5e. Is stranded worth 15% more than solid? I've only ever used solid before.

EDITED TO ADD: I've bought some GigaBase Cat5e solid core; more expensive than the stuff on Amazon, but if one asks for advice it is only polite to accept it :)

Thanks all.
User avatar
By stevelup
#1788378
5e is fine for almost all use cases in a domestic environment and it's much easier to terminate.

You do -not- want stranded, ever, unless you're making up patch leads.

Good choice going for the decent stuff. As I said, it's all made perfectly to spec and it pulls out of the box beautifully. It's worth the £££
Colonel Panic liked this
By Colonel Panic
#1795380
Despite previous attempts at setting up an IoT VLAN being unsuccessful, pumped by the fact that it only took me 9 months to sort out a VPN in to my home network, I'm now re-visiting the topic. :shock:

Using this video as a starting point, and using a screen grab from it as an aide memoire, he puts his Pi-Hole device within his main (secure) VLAN rather than in his IoT VLAN. This seems counter intuitive.

Thoughts?

FWIW, I have planned to segregate things as follows; does this seem reasonable?

"Secure" VLAN (192.168.2.x)
    all Unifi products
    all Apple airports / time capsules
    all computers
    all iOS devices
    both NAS & NVR (but maybe the NVR should not be included here?)

"IoT" VLAN (192.168.107.x)
    all Raspberry Pi based stuff
    all printers & scanners
    all CCTV cameras (& maybe the NVR too?)
    all Audio / Video stuff
    all bridges and hubs
    all smart curtains, Shelly controllers and smart plugs etc

Would I be right in thinking that so long as I get the firewall rules right, I will be able to interact with IoT stuff via a laptop without having to change the laptop's (V)LAN IP address in order to do so? And presumably my existing VPN (192.168.3.x) will have access to both VLANs also?

TIA

Image
Flyin'Dutch' liked this
User avatar
By rikur_
#1795395
I've some experience of this albeit with different hardware ..... we have four VLANs: normal; IoT; Kids; guests.

Points learnt:

1) You need at least one untagged network that your firewall/switches/WAPs are connected to .... this could be one of your planned VLANs, or a separate infrastructure VLAN.
2) Device discovery protocols tend not to work across VLANs unless you add configuration to make them work (e.g. multicast IGMP proxy). So for example, you'd probably find you can't DLNA/screencast to your SmartTV from one VLAN to the other. I run a Pi connected to multiple VLANs running pimd to allow discovery of devices across VLANs.
3) You'll probably find you need to connect your phone temporarily to the wrong VLAN to commission new devices on that VLAN for similar reasons (e.g. smartplugs)

I suspect there will be a few dozen posts on this topic as you tune the config and resolve the issues. Despite having routinely used VLANs at work, it took me several weeks of tweaking to get everything working the way I wanted in a domestic setting.
Colonel Panic liked this
By Colonel Panic
#1795415
Thanks.

A couple of quick questions on the practicalities of setting these VLANs up, assuming a slight change in nomenclature.

    LAN (192.168.2.x)
    VPN (192.168.3.x)
    VLAN_1 (computers etc) (192.168.4.x)
    VLAN_2 (IoT stuff) (192.168.5.x)
1: Having set up two new VLANs (.4.x and .5.x), along with associated new wi-fi SSIDs, is it better / easiest to go through & change the LAN IPs for all devices from, say, 192.168.2.8 > 192.168.4.8 and 192.168.2.30 > 192.168.5.30 and then set the devices up to connect to the appropriate SSID before getting involved with creating firewall rules etc etc?

2: Would anything be best left on the LAN (.2.x), or should I aim to remove everything (possibly other than my Unifi USG, maybe Pi-Hole, and maybe even allow guests to use it?) from that subnet?

I can see that there are so many steps that I want to do everything in the easiest order...
User avatar
By rikur_
#1795448
Colonel Panic wrote:Thanks.

A couple of quick questions on the practicalities of setting these VLANs up, assuming a slight change in nomenclature.

    LAN (192.168.2.x)
    VPN (192.168.3.x)
    VLAN_1 (computers etc) (192.168.4.x)
    VLAN_2 (IoT stuff) (192.168.5.x)
1: Having set up two new VLANs (.4.x and .5.x), along with associated new wi-fi SSIDs, is it better / easiest to go through & change the LAN IPs for all devices from, say, 192.168.2.8 > 192.168.4.8 and 192.168.2.30 > 192.168.5.30 and then set the devices up to connect to the appropriate SSID before getting involved with creating firewall rules etc etc?

2: Would anything be best left on the LAN (.2.x), or should I aim to remove everything (possibly other than my Unifi USG, maybe Pi-Hole, and maybe even allow guests to use it?) from that subnet?

I can see that there are so many steps that I want to do everything in the easiest order...

I'd keep the LAN purely for networking devices (all I have on my LAN is router, WAPs and managed switches)

Personally I'd aim to get it all done in a day ....

If your WAPs allow it, create the new SSIDs first - but initially both pointing to a single VLAN. You can then get everything migrated to the right SSID, and use the config on the WAP to toggle the separate VLANs on/off, without having to go round each individual device each time.

I started initially with wide open rules between VLANs, and dealt with getting multicast/IGMP proxying working. Then started locking down the rules between VLANs.

nb: Wired connections usually need the connection to be dropped/restarted if you move a port from one VLAN to another, to force the client to pick-up a new/working DHCP address.
By Colonel Panic
#1795787
Docker image within a Synology NAS

I am running a couple of Docker images within my Synology NAS, but I am trying to set up a new one. I've installed it and it is showing as running, but the instructions then say

1. Open the web interface http://your-ip-address:4000

I ordinarily access my Synology via 192.168.2.x:5000 , but if I put 192.168.2.x:4000 it fails, saying it can't connect to the server.

Is that the correct syntax to use - which would mean I have a different issue, or should I type something else?

TIA
User avatar
By stevelup
#1795804
It depends whether the docker image is using NAT or bridged networking.

If it's NAT, then it will be the IP of your NAS, if it's bridged, it will have it's own IP.

Look on your USG and see if you can see anything interesting in the DHCP table?

Or, on the NAS, go to the list of containers, find the one you're interested in, click Terminal > Create > bash

In the resulting window, type: ip addr and it will show you the ip of the container.
By Colonel Panic
#1795806
The only NAS related entry in the USG table is for the NAS itself (192.168.2.x), so I take it that it is working in NAT.

Terminal > Create > bash returns this reply, & I'm unable to proceed.

Image

Meanwhile, what I am trying to set up (TeslaMate) requires two containers, teslamate-teslamate and teslamate-grafana; I did the same for the latter and this comes back, which makes me think the teslamate-teslamate container isn't running. More work needed by me...

NB: 127.0.0.1:3000 nor 172.17.0.3:3000 get anywhere though. (:4000 is for teslamate-teslamate and :3000 is for teslamate:grafana).

Image
  • 1
  • 11
  • 12
  • 13
  • 14
  • 15