I have just recently installed home assistant on intel NUC pc. I have 2 vLANs in my home. One is dedicated for iot devices (192.168.2.xxx) and the other one is general purpose (192.168.0.xxx). My home assistant system is on iot vlan. However, I do have a few devices on my general purpose vlan such as Sonos, apple TVs etc. which I want to integrate with HA.
All the attempts to integrate the above devices to HA are failing with the error message “No devices found on the network”.
I can ping these devices from within HA using ssh. So, HA is able to reach the devices. In addition, I don’t have any firewall rules to block inter vlan communication (using Unifi UDM Pro to manage the network). Error logs on HA don’t show any logs pertaining to the failed integration attempt.
If I move the said device to the same vlan as HA, everything works. If I move it to the other vlan, it stops working.
As was stated most IoT utilize multicast and / or broadcast to find devices. It really comes down to a question of security vs convience. Make sure multicast and mDNS are running. The challenge is that likely won’t help. IoT is designed for the basic home user and your setup while basic from a networking and security posture perspective is still a step above the basic level IoT likes to operate at. I contemplated doing what you were doing but instead opted to do one network and filter outbound traffic from IoT where necessary.
I guess HA scans only default VLAN it is located on ots own for additional devices. So cannot find automatically devices on your general purpose VLAN.
Perhaps it is up to developers of integrations, to allow manual picking of IP and/or VLAN during setup process…
I have another instance of HA on the vlan that has all the media stuffs and use remote home-assistant to bring them over to my main HA on another Vlan.
It may not be this, but make sure you’re not using 255.255.255.0 as a subnet mask. Need 255.255.0.0 or slightly tighter. This may not be it since a ping might not get through, but at least worth looking into.
I have routing setup and when i open an IP on my firewall HA can see it just fine. So I dont think it has any issues where its limited just to the subnet for integration. I did have to manually add the device though.
I also have several VLANs, and what I did is install HA on Proxmox and create 2 virtual network cards for it, one for the main VLAN and another for the IoT VLAN.
I have several vlans and HA is secluded in one of them separate from the one for IoT. The firewall has rules to let HA talk to any other vlan as needed. Hooking HA to several vlans directly by adding NICs would defeat part of the segmentation security, although such strategy does have valid uses in some cases.
A drawback of segmentation is that almost no integration will be able to autodiscover devices. But that feature has never really appealed to me anyways as I prefer to manually dictate what HA talks to.
I have all my “IOT” stuff on one VLAN includind HA. Then i manually let down the firewall for devices not on that VLAN if i want them to talk to HA and only HA. This let me keep autodiscovery, and lets devices that want to talk, talk. Comes with its own set of security concerns, but i figure its low-risk if some Chinese devices sees other IOT devices or HA. It just wont be able to see the rest of my network.
