Reserved IP ranges for Hass.io VLAN configuration

Hi,

I was having trouble finding information on how to get Hass.io working with a separated IoT vlan.
Eventually I was able to find out what the problem was.
My IoT vlan IP range happened to conflict with some internal IP ranges used by the Docker components.

I would like for someone to verify this information before I update the github network.md document and create a topic on how to use Hass.io with an IoT vlan and help everyone who is looking info on how to do this.

Below are the ranges and subnets that someone needs to verify:

  • My conflicting IoT IP range was 172.17.0.0/16.
  • Docker also uses 172.30.0.0/16

The vlan configuration that eventually worked, after also changing my firewall IP IoT and IoT nodes was:

  1. Create a USB stick named CONFIG
  2. Create a folder named network
  3. Create a file without extension containing the specifics of your vlan (ex: vlan20):
  4. Replace the IP at addresses1 to your interface on the IoT network, followed by subnetmask bits and gateway. For DHCP, delete the addresses1 line and change method=auto
  5. Insert the USB stick in your RPi’s USB port and from the webinterface select System / Import from USB
  6. Reboot the device
    [connection]
    id=vlan20
    uuid=0974657d-c94b-40eb-9033-da091906473a
    type=vlan
    autoconnect=true

    [vlan]
    parent=eth0
    id=20

    [ipv4]
    method=manual
    addresses1=172.28.0.4;16;172.28.0.1;

    [ipv6]
    addr-gen-mode=stable-privacy
    method=auto

Regards,

Hi @FreddyLauwers,

Tnx for sharing your experience and knowledge with us!
Question… are you running your config on a pi?

I’m a bit confused on how to configure this for my virtual box Hass OS.
any chance you have some tips for me on that particular case?

kind regards,

Sebastiaan

Hi Sebastiaan,

Thank you for your comment.
Yes, I’m running hassio on my pi.

The most confusing part for me was that the Docker config used in Hassio also uses some internal IP ranges that happened to be exactly the same range I choose for my IoT Lan segment in the past… Took me some time to figure out why no trafic was exiting the pi on the IoT Lan segment.

If your using vlans on your config, make sure the vlans can reach your virtual box machine on the lan interface by configuring tagging correctly. There is probably an extra layer to configure here compared to the pi. Maybe run some tests in another vm to confirm this works and you can communicate on the configured vlan.

Hope you’re able to progress beyond this problem.

Wonderfull @FreddyLauwers,

Thx for you reaction!
I am still figuring out stuff… but much progress thx to you and a guy called oicydwa on Discord.

If I may ask you another question:
Are you running single or dual connection to your HA?
With that I mean single vlan or is your HA availible on two vlans.

Thing I would love to do is: have HA connected on one vlan (main) and have most of my other IOT in another vlan so that’s separated from my main lan.

Kind regards and thanks again!

Rosiaantje

Hi, glad I can help.

I’m using only one ethernet interface on the Pi.
This interface is connected to my firewall and has the default lan untagged and my IoT lan Tagged.
My access points also have a SSID on the IoT vlan. All wireless devices connect to the IoT SSID.
The pi can be reached from the default lan (to access HA), all IoT devices access HA on its ip address on the IoT vlan. This way I can isolate the IoT devices and HA can still see my Sonos and Chromecast devices that are located on the default lan.

So this is basicaly what you want to do and in my opinion it is best practice…

You must be sure that the untagged and tagged network is available to your vm. I don’t know if you can connect your vm’s network interface through bridging, maybe you loose the vlan tagging this way. Not sure how virtual box does this, I’m more of a vmware esxi guy for my job… sorry

Hope this helps in any way.

Best regards,
Freddy Lauwers

Hi all and of course @FreddyLauwers in particular!

Decided to do an total U turn…
Did the HW setup in front of my Mac mini headless server a bit different.
Now i use 2 separate untagged NIC’s each on their own vlan.
This to work around the many challenges the interface of VBox i giving me…
Made 2 nic’s in the Vbox config connected to the HASSOS virtual machine.
now i get to the point of getting the second connection up in the air.
Any tips on that?
This whole NMCLI is new to me… and the USB route is also not functioning well for me…

so who has a pointer about how to setup the second connection?
Tnx a lot in advance!

(i know ESXI have it at work to and that wouldn’t gave me these VLAN problems :wink: but off course that’s enterprise stuff and way overkill for my home use…)