I’m just starting out on my Home Assistant adventure and am trying to determine the best place for it to “live” in my home network. I have several VLANs configured and would like to isolate IoT devices as much as possible from my main network, but I will need to be able to access/view my Home Assistant dashboard from outside my network. I am planning to do this through Nabu Case Remote UI.
Can my Home Assistant device (mini pc running HomeAssistant OS) be placed on my Main VLAN which has internet access and access to devices on my IoT VLAN? My IoT VLAN does not have internet access and cannot access devices on my Main VLAN.
Or is there another recommended configuration that allows isolation of IoT devices while still permitting remote dashboard access through Nabu Casa/Remote UI?
If you’re a network engineer by trade, having HA on a separate VLAN from all your iOT devices is probably fine. There’s a fair amount of cross VLAN discoverability you have to manage, but, again, if you know what you’re doing you’ll be good.
If you aren’t a network engineer, I’d recommend putting the HA instance on the same VLAN as the iOT devices and then grant just HA internet access from that VLAN. It’s one little hole you’re poking and will be much easier to manage.
Because of problems people have with pairing Matter devices to HA in a home network consisting of an IOT VLAN plus Main VLAN network, most are successful when HA is attached directly to both VLANs. There are a lot of multicast discovery going on for Matter (and this is true in general for many other types of non-Matter based IoT devices), so it is easier for discovery processing to work when HA is on the IoT VLAN.
When HA is on both IoT and Main VLAN, one may also have to configure HA to use the Main VLAN as the default interface to the default router (for internet access).