After a lot of searching, I finally found out how to configure VLANs via “ha network” in the terminal. But after successfully setting them, there is no way to get rid of them or alter the VLAN tag.
Where are these settings stored, so I can modify the files? Why can’t these VLAN-settings be changed? And, finally, WHY-Oh-WHY can’t VLANs be set using the UI; this should be very easy to implement. Every self-respecting IT person splits his network in separate VLANs nowadays to harden the home network against hacks.
Because VLAN settings are set in your router/managed switches, not Home Assistant.
Great question! I searched around the ha-cli some and even look at the code a bit and nothing obvious on how to do a delete/remove. However as a last resort, if you can get access to the hassio linux shell you possibly can get the following to work:
ip link delete dev ETHNAME.VLANNUM
# ip link delete dev eth1.10
That is only true if you are using a device via an untagged switch port (an access port), but in that case you can only access the HA-server via a single LAN.
What I want is to access the HA-server from multiple VLANS, in which case the HA-instance has to listen to multiple tagged VLANs. This is common practice if you have a well-separated, thus hardened, home network. Of course access on all these ports should be monitored for ingress by a firewall, but I haven’t found a suitable one yet.
Great tip, thanks! To my amazement this ip command works, even from the core-ssh. This might solve a lot of my problems.
Nope; I mean the VLANs that the system that is running HA is listening to.
For example: a Synology NAS allows the admin (application level) to exactly specify from which VLANs (this can be quite a number of them) it will receive datagrams and, vice versa, it will send datagrams to (Level 2 communication).
A Synology also has a firewall, specifying all / any allowed IPv4/IPv6-addresses/ports (Level 3 comms), specified per NIC!
Running HA on a Synology would solve my problem, but I’m instead using an Odroid and although I’ve managed to configure max 4 VLANs through the crappy and cumbersome CLI
ha net command, it would be a lot easier to have a more flexible GUI to set VLANs and a basic firewall, similar to that of the Synology.
Nowadays one has to separate one’s home network into several Subnets/VLANs in order to be safe from hackers.