Topology: Keep It Simple

You may find people suggesting that you should create a separate network for your smart (or Internet of Things) devices to keep them on their own "dedicated" network, for "security" and/or "improved performance". Some recommend separating your 2.4GHz and 5GHz bands, or turning off the 5GHz band altogether. I have even seen people recommending turning off the 2.4GHz bands! Don't do it.

Unless you have very specific needs, are technically experienced with networking, and have enterprise networking equipment, you will be better off creating a simple one-subnet, one-SSID, clean network. This is for several reasons:

  • HomeKit relies heavily on mDNS (Bonjour, ZeroConf) for all of its communications. mDNS does not normally travel between subnets without special configurations, and even then it can be buggy, especially with consumer networking gear.

  • Complex networks are difficult to mange and even more difficult to troubleshoot. Often times you end up shooting yourself in the foot, trying to do something clever.

  • Consumer networking gear does not have good enough hardware or software to reliably handle and mange complex networks.

  • Having multiple SSIDs increases the amount of extra noise and headroom in your home network, decreasing network performance.

  • Simply creating a separate subnet or SSID does not make your network more secure. You have to make it secure. You may as well just make your main network secure (see below).

  • A simple, well-configured network is going to offer you better performance and a better experience.

Static/Reserved IPs

Honestly, having reserved IPs (oftentimes mis-called "static" IPs) is not a requirement, but I assign all of my HomeKit devices reserved IPs, mostly because it makes me feel better having all of my HomeKit devices in block of well-organized IP addresses. I like to keep things tight and organized. This can also help with security (see below), as all of your HomeKit devices will be assigned IP addresses in a block of space. And again, anything that keeps your network consistent is a good thing.


Many of the people recommending setting up a separate IoT network say they do it for security to prevent a hacker gaining access to your home network through a "smart" device. Simply creating a separate subnet or SSID does not make your network more secure. You have to specifically make it secure, through manually configurations on your network and your network devices. You may as well just make your main network secure, instead of building and managing two networks. You can simply block any Internet access to your IoT devices with firewall rules. This is especially simple to do if you have setup your devices with reserved IPs, as mentioned above, because all of those items will be in a block of IPs. Also, firewall rules are easier to manage and troubleshoot than creating multiple home networks, and consumer routers handle firewall rules reasonably well and efficiently. [Since writing this article, HomeKit routers have become available which can help in making your HomeKit devices more secure. While HomeKit routers may be give people with limited networking/technical skills more security than doing nothing at all, I still stand by what I say here: It is better having a simple network, and it is better to secure your entire network, not just your HomeKit devices. Also, you don't have to limit yourself to selecting from the limited number of HomeKit Secure Routers. See below.]