This is a more up-to-date version of this older first tutorial, taking into account that HA has changed a little bit. Starting from version 11, the UI already supports VLAN configuration in the menu Settings > System > Network, so these old tutorials will only be left here available, to others looking for different options.
VLAN in HA:
- Install and configure (according to documentation) the “Home Assistant Community Add-on: SSH & Web Terminal” add-on in System > Add-ons
- Open the terminal and confirm you are the root user
~ whoami
root
-
From here you will use the
nmcliconfiguration tool.
#nmcli connection showwill list the connections available, its UUIDs, types and devices. -
Create the VLAN interface with a static address choosing whichever network physical interface (parent interface) you want the VLAN to traverse (in this example, we use eth0, but it might change depending on your setup), by defining the VLAN’s connection name, id, ip, gateway and dns (adjust the numbers to your network and needs), as in the example below:
#nmcli con add type vlan con-name eth0@vlan10 dev eth0 id 10 ip4 10.0.0.2/8 ipv4.dns 10.0.0.1 gw4 10.0.0.1
Let’s break down this last command:
“nmcli con add” - Add a new connection
“type vlan” - a vlan type interface
“con-name eth0@vlan10” - the name of the new VLAN interface
“dev eth0” - the parent device where the VLAN will attach
“id 10” - the vlan id number
“ip4 10.0.0.2/8” - ip and netmask of the VLAN interface
“ipv4.dns 10.0.0.1” - dns server of the VLAN interface
“gw4 10.0.0.1” - gateway of the VLAN interface
More information here:
and here:
- Show connections again and it should list your new VLAN (fake uuids)
#nmcli connection show
NAME UUID TYPE DEVICE
eth0 aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa ethernet eth0
eth0@vlan10 bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb vlan eth0.10
-
To see more detailed info about the connection
#nmcli -p con show eth0@vlan10 -
To force all HA generated traffic through the “normal”/more private route and avoid some problems caused by having now two default gateways, there are three possible solutions:
a) first is that you can change/set the gateways’ priorities/metric values in each interface so that traffic first chooses the interface you want (by default, network manager sets ethernet as 100 and vlan as 400). If you use only tagged VLANs and remove the physical network interface ip configuration, it could be important to choose which VLAN carries default network traffic from HA. You can set priorities like this:
#nmcli con modify eth0@vlan10 ipv4.route-metric value
The lower the value, the higher will be the priority for the interface.
#nmcli con modify eth0@vlan1 ipv4.route-metric 400
#nmcli con modify eth0@vlan10 ipv4.route-metric 401
would give priority to vlan1 as a default gateway for internet access.
b) second is to disable/block default routing altogether in the unwanted device(s), so that each interface only uses its assigned network:
#nmcli con modify eth0@vlan10 ipv4.never-default yes
would disable default routing through this VLAN interface.
c) third option is to remove the gateway from the interface by setting the gateway as empty (note the empty value between the ticks):
#nmcli con mod eth0@vlan10 ipv4.gateway ''
More information here:
-
Repeat steps 4 to 7 to create additional VLANS, adjusting network settings
-
Now enter the nmcli editor to “edit” your connection
#nmcli con edit eth0@vlan10 -
Just save the settings and properties and it should report a successful update to the connection
#nmcli> save -
To double-check settings of the vlan interface
#nmcli> print ipv4 -
Quit the nmcli editor
#nmcli> quit
(depending on the type of HA installation, your files might not be visible at all! That is ok, and you can proceed to 15, if nmcli is listing the connections.)
-
Check for the creation of a new file(s) with VLAN(s) definitions (there should be an eth0@vlan10 file and one for each new VLAN created)
#ls -la /etc/NetworkManager/system-connections/ -
(optionally) Check the contents of the file (possible output below)
#cat /etc/NetworkManager/system-connections/eth0@vlan10
[connection]
id=eth0@vlan10
uuid=bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb
type=vlan
permissions=
timestamp=1546212011
[ethernet]
mac-address-blacklist=
[vlan]
egress-priority-map=
flags=1
id=10
ingress-priority-map=
parent=eth0
[ipv4]
address1=10.0.0.2/8,10.0.0.1
dns=10.0.0.1;
dns-search=
method=manual
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
- Exit the session and reboot the HA host to test (after rebooting you can login to HA again like in 1st step and see if file with definitions still exists)