Hello,
I just got started with home automation as I had a raspberry pi 3 laying around.
I want to separate alot of components from my local network and only allow hassio to communicate with the devices and still allow hassio to be connected to the local network.
I was thinking of having a managed switch with VLAN and run port 1 on VLAN100 and have the local network connected to that port. Port 2 would have VLAN100 and VLAN200 as that is where I will connect the raspberry pi. port 3 and up would be VLAN200 and here I connect all the IoT devices that I want to have.
The isolation of VLAN200 is to protect my local network from rouge IoT devices.
In the local network I will be running kodi and hassio will have kodi configured.
So hassio will run automation when playing something on kodi (VLAN100) and controll IKEA trådfri inside VLAN200 to turn on/off lights.
I have not worked with VLANs that much, but know that I can map a port to a vlan, but when I truncate multiple vlans on one port I need the device to add the vlan flag on the packages.
Is it possible to do with hassio?
How would I do it?
Or should I just get a usb 2.0 to ethernet for the Pi and separate the networks that way?
Are you trunking both VLAN100 to VLAN200 to your pi so that it will have sub interfaces on both VLANs? ie. 2 IPs? if not, I’m not sure what you mean by having both VLAN100 and 200 going to your pi.
using the ethernet side of RasPi on one network and the Wi-Fi on another for Wifi IOT devices. Only issue is either getting something to bridge some of the traffic so the devices can hit the internet or as in my case where I don’t want them to I need an NTP server/relay to at least get the Hass.io time to them
Not sure about Hass.io, but why couldn’t you put your wired Ethernet on the Pi on one Vlan and the wireless (connected to your route/AP) on another Vlan.
My security camera server (Intel/CentOS) has 2 Ethernet connections and the cameras are all on a seperate Vlan from my “regular” home network. The server has access to both Vlans, but will not route IP traffic between them.
I don’t want to run wifi, as it can be jammed etc. more comfortable with ethernet.
But if I can run both wifi and ethernet, then I should be able to connect a second ethernet via usb instead and configure it that way without VLANs, correct?
That would’t be that nice looking, but if vlans are not possible with hass.io then that’s the way I guess.
Strictly speaking on a Raspberry Pi running Raspbian and the USB Ethernet adapter is support by the OS, yes. You don’t need Vlans. I run them anyway because if someone does manage to get on my "camera network and change the IP, they could reach my other network if the Pi is routing between.
Yes, that type of isolation is what I want, if any of the IoT devices gets compromised I want my local network not to be affected.
I dont like that hass.io is “locked” from core configuration. using the SSH server I think I get into a isolated (docker?) part and not the OS.
Guess I will have to install Raspbian and home assistant on top.
Don’t see why the way I did it with wi-fi wouldn’t work with another ethernet adaptor/connection, just create a new connection file in resin for it, and then set the dhcp server to work on that interface
Yes, I think that will work, I will have to buy a usb ethernet adapter first to test.
The best would have been with VLAN as then I only need one cable to the PI, now I will have an extra adapter and cable.
Hi, well… I have not done any of it at the moment.
Only thing I did was installing the new hassOS version which is now using NetworkManager.
It looks like it’s possible but have not looked deeper into this.
Probably something I will try sooner as I start to get more connected products that I want to isolate.
any one who has already progress on this?!
i’m also fighting NM at the momentent.
only thing more or less special on my setup is that i’m running it as an HassOS VM on mij mac mini through virtual box.
any tips or help to set it up would be much appreciated!