Hi all, did a bit of a search but hard to understand the recommendations. I have seen other examples but not necessarily what my home is setup to be, so here goes my iteration of a repeat question… sorry.
I have a unifi dream machine pro. I would like to have my vlans at home set up something like this:
main vlan, desktop, laptops, phones
Internal only VLAN: for IoT devices that can function without a cloud connection. This VLAN will NOT have access to the internet. But I’d like to be able to talk to devices on this vlan via the main vlan as that’s where my desktop/main controller will be
IoT out VLAN: there are a few devices that must connect to the internet to work. For those devices, I’d rather them be on their own vlan to create some segregation from the main devices.
I’m running HA on a raspberry pi4 connected via ethernet. I’m thinking the RP will be on the main vlan, but curious as to how I can get all the devices visible and maintainable from the RP HA if there are at least 2 other vlans that my IoT devices will be on?
For instance,
I have an airgradient sensor on my vlan 3 (IoT Out). Trying to bring it into Homeassistant…
Yes, this can be done. It’s not really an HA issue though, it’s more about making sure that your networking allows the needed connectivity.
I have HA sitting in it’s own VLAN, CCTV in another VLAN, desktops in another VLAN etc If the networking (firewall rules, DNS) allows the communication then it hasn’t been a problem for HA to interact with the devices.
Sorry, can’t comment on how this would work in a Unify environment though.
I did this by giving the home assistant server multiple vlan network adapters using a single ethernet port, and connect it to tagged port on my managed switch. Home assistant will have an ip address on each vlan.
For 2 vlans, you could simply do wifi and ethernet, one for each vlan, or add a usb 2nd ethernet port. This might be easier than configuring vlans on the rpi.
I did this by setting up the HA server on an Ubuntu VM hosted on a Windows 10 lenovo USFF machine. I could not deal with SD card speed on rpi anymore. mine has 4 IP address and spans 4 vlans plus a 5th IP for tailscale vpn so my phone can always see it outside my network. It works perfectly, no issues with HA devices on multiple subnets on different interfaces.
Sorry…so I didn’t try it, but I just inputted the ip address and HA went away with it. I suspect I have my vlans setup to allow for this…but not sure how…anyway if it ain’t broke?
HA is not a router.
Use your router for routing instead and remember routing is not just setting up routes.
Some protocols are not routable and need reflectors to move packets from one network to another.
This goes especially for discovery protocols, like Bonjour, ZeroConfig, SSDP and uPNP. This list is just the ordinary ones and some devices might have their own protocol that also needs to be handled.
On top of this you might also have to deal with IPv6, which is not the same as IPv4 and your IPv4 knowledge can’t be transferred to IPv6.
If you do not understand IPv6 then you will have. Hard time when the same network IDs exist on multiple separate interfaces.
IPv6 is a requirement for Matter.
I simplified my setup by having one IoT VLAN that has no internet access by default and then adding a rule that allows internet access for the very few devices that really need it. I started trying to do what you did, but it ended up never quite working right (mDNS discovery across VLANs is spotty at best on UniFi in my experience).
This is a great idea. I like the simplification. Also, if I end up having issues, I can look at turning on the wifi (or adding wifi) to the RP and then connecting it to both networks as I have read on here.
Interestingly, despite having set up the separate VLANs, it would seem that communications is not a problem without any additional setup. I only have the rules setup as per the screenshot I had. I wonder if my VLANs are as isolated from each other as I thought…
I simply plugged in the ip addresses and home assistant was able to see and action on my sensors. Seems almost too easy… more testing to ensue…
If anyone has suggestions on vlan setup would much appreciate it! I used CrossTalk Solution’s video to set up my VLANs, not a sysadmin, but have enough understanding to implement this though. But any additional feedback/guides would be much appreciated!
