Currently running Unifi. I have my Home Assistant connected to my IoT Network, which it was able to successfully discover devices on that network. However, I have other networks that I would like the Home Assistant to detect devices on those networks, for example, Unifi Cameras on my Security VLAN or my UDM PRO SE on my Trusted Network. What should I do to allow the Home Assistant to detect devices on other networks / VLANs?
You need to set up mDNS reflection so device discolvery will work across VLANS. I had to do that with my TP-Link OMADA equipment, so I assume Unifi has that capability as well. Search this forum for mDNS
I have mDNS enabled for my IoT network and Trusted network. I’ll enable it for my Security network. I also have Zone Based Firewall rules in place. Do I need to add a rule to allow communication from my Home Assistant to my Security network and Trusted network?
I have everything blocked, then static IP’s for everything (except for guests) and then have firewall rules to allow communication from my HA instance to each specific device IP on the other vlan. Other than mDNS, the HA instance and each IOT device can communicate both ways but only HA can initiate each connection. Also within the mDNS, you need to ensure the correct bonjour services used by the IOT devices are included, so your issue might be firewall related and/or bonjour service related.
Ok, I’ll do some firewall checks. Right now, since my HA is on my IoT network, it was able to detect all my IoT devices. I’ll create a few rules to allow communication from my HA to my Security network and my Trusted network to see if that will resolve the issues. Right now I have everything blocked except allowing communication from my trusted network to all other VLANs (Guest, IoT, Security).
So… (1) I enabled mDNS for all networks that I want Home Assistance to discover in terms of devices. (2) I created a Zone Based Firewall Allow Rule where the source is my Home Assistance on the IoT Network and the Destinations are my Trusted network and my Management network while also allowing Auto Allow Return Traffic. Once that was in place, I went back into Home Assistance to see if any additional devices were discovered from the other networks, but I don’t see anything. I still just see all my IoT devices.
Maybe remove vlans.
I have vlan for items i dont want touching the internet. IOT
I have vlan for media players, smart devices that need cloud or internet and guests. Presumption is guest will connect to the media players and I don’t want firewall rules to allow it. GUEST
I have vlan for network switch and servers. LAN
That said, I could just geoblock IPs and maybe block some dns/IP address and do away with vlans. This would be much easier and pretty much get me what I want. Just putting it out there.
For your current issue i think that there are 2 things to check. Mdns reflector and avahi or something. Not at home to check in my system and can’t remember but I wanna say mdns reflect was not enough. Something In “settings” area not “network” area where you set IPs and such
If you find that setting, please let me know. Also, do you think if I make the port where the HA is connected to a Trunk port while keeping the firewall rules in place, do you think that would make a difference?
I have HA connected to multiple VLANs. Connect it to a trunk port, then configure in the host OS the network adapters for each VLAN.
1 Like
Are you running Unifi?
No, Cisco switches and pfsense
PFsense or OPNsense = amazing
Ah ok, I’ll try making the port HA is connected to a Trunk port to see if that resolves the issue.
Did you enable the proper bonjour services for the IOT device discovery?