Setup VLAN and HA tutorial

In terminal:

ip -4 route

it should show the metric for each routing entry.

but maybe from command line i can add this interface with vlan but without GATEWAY ?

Now i add with gateway. Is any command to delete for this interface gateway ?

You really need to improve your googling/reading skills

Two possible ways (choose one)

1. Set gateway as empty (note the empty value between the ticks):

#nmcli con mod <connection> ipv4.gateway ''

2. Change gateway using editor:

Enter the editor mode for nmcli

#nmcli con edit <connection>

Set gateway if wanted or not set yet

#nmcli> set ipv4.gateway <gateway_ip>

Check if gateway ip is set

#nmcli> print ipv4.gateway
ipv4.gateway: <gateway_ip>

Remove gateway from interface:

#nmcli> remove ipv4.gateway

Check if removed:

#nmcli> print ipv4.gateway
ipv4.gateway: (null)

Save:

#nmcli> save

Exit:

#nmcli> quit

very very thanks. Now looks that works ok and communication betwen HA and Samsung TV works ok.
I also test when come back to home. But you are very veru good expert. Thanks

My problem is that I’m using VMware ESXi 7u3. The system dynamically assigns an interface name similar to ens1p2 or something. I’ve tried to attach vlans via the commanding but that just caused a duplicate address to show up on the network and didn’t solve the problem.

Best solution ice found so far is to only staticly assign and IP to an interface you want as default. Then let the rest pick up their is via DHCP Reservations. Haven’t had any trouble since, but I’ve also moved onto ipv6

Thank you for the detailed tutorial. I followed every step. and I got 2 interfaces showing in HA network settings and in cli menu.

The thing is I am using HA on proxmox as a vm and I have a physical Ethernet cable coming from my repurposed laptop to the port 3 of my tp-link sg108e switch. The switch is behind opnsense on baremetal. I don’t exactly know where to go from here lol

I have the similar issue, now when I have 2 devices setup, is there any way to “get rid” of the ethernet device IP and route all traffic via VLAN device only?

6. To force all HA generated traffic through the “normal”/more private route and avoid some problems caused by having now two default gateways, there are three possible solutions:

a) first is that you can change/set the gateways’ priorities/metric values in each interface so that traffic first chooses the interface you want (by default network manager sets ethernet as 100 and vlan as 400). If you use only tagged VLANs and remove the physical network interface ip configuration, it could be important to choose which VLAN carries default network traffic from HA. You can set priorities like this:

#nmcli con modify eth0@vlan10 ipv4.route-metric value

The lower the value, the higher will be the priority for the interface.

#nmcli con modify eth0@vlan1 ipv4.route-metric 400
#nmcli con modify eth0@vlan10 ipv4.route-metric 401

would give priority to vlan1 as a default gateway for internet access.

b) second is to disable/block default routing altogether in the unwanted device(s), so that each interface only uses its assigned network:

#nmcli con modify eth0@vlan10 ipv4.never-default yes

would disable default routing through this VLAN interface.

c) third option is to remove the gateway from the interface by setting the gateway as empty (note the empty value between the ticks):

#nmcli con mod eth0@vlan10 ipv4.gateway ''

More information here:

I read up a little more and managed to get the new Vlan interface working, and I can use that Vlan ip (vlan20 in my case. I changed it to match my ioT already established Vlan in OPNsense) to access HA web UI. I did a mqtt local dns record in pihole to resolve to the HA vlan20 and devices are working now.
my question now is which option to choose as far as gateway goes. I really don’t want to lose auto discovery or have too much stress on the network if I leave both default gateway and Vlan gateway.

Hi, glad you could make it

Auto discovery will always work, as long as traffic from IOT client to HA and from HA to IOT client does not traverse the firewall and changes network range. Summing it up:

• Any IOT client should have a default gateway corresponding to the firewall/router IP, usually received from DHCP server, if you want internet access for that device (read my lips: NOT Home Assistant )

• HA assistant should have only one gateway for a default internet access, which is NOT in the same IP range as the other VLANed interfaces that we create in the tutorial. HA does not need any other gateways configured, unless you have some special routing needs. That is why in the tutorial they are either disabled or have priority reduced.

• Neither HA nor the IOT clients need gateways/routing if they are physically/virtually/logically connected through a network interface in the same network range, broadcasting will announce them and make them visible/reachable to each other.

• By blocking other gateways (other than the default one) we are not blocking traffic between clients and HA (directly connected), we are just stopping traffic that belongs to a specific VLAN/network segment to escape to other VLANs/network segments via routing.

More or less. You can’t remove the parent interface where the VLAN attaches itself to (it would be like removing the physical network card and still wanting to have network connection), but we can disable the network configuration, so that it does not have a valid/working setup. Fortunately, there is already a post on that right here
Setup VLAN and HA tutorial - #70 by BoneyAz
thanks to @BoneyAz

Thank you soo much for you time and knowledge. So option b) for me then should be safe right?

Also, I created more vlan interfaces in HA that I cared for lol, what cmd do I use to remove them?

More than welcome.
Any of the options is safe, so you can take your pick.
To delete interfaces, nmcli is again your friend:
First, check list of connections and copy connection name with
#nmcli connection show
Then remove with
#nmcli con del connection_name
or
#nmcli connection delete connection_name
Check deletion with
#nmcli connection show

You can find here a list of useful nmcli commands

I had to use the UUID to delete the extra connections but #nmcli connection show is looking clean and organized again Thank you!

I have two vlans that are working fine with the above instructions. However, upon rebooting HAOS completely, they do not come up immediately upon NetworkManager initiating. This is quite irritating because then it wastes a minute and a half trying to do a time synchronization that fails due to the vlan connections not being configured. I have to get on the console and “nmcli con up” the vlans to get them activated. I believe they come up up later via the supervisor, but since this is in production, I haven’t tested that yet. Is there a way for NetworkManager to up these connections properly upon startup?

Hello and thank you so much for this great tutorial,

I followed the steps indicated, however, I am unable to see the new vlan connection once created in the system-connection.
The nmcli connection was saved and reported to be saved succesfully, it is also shown correctly in the UI. Moreover, I got a lot of new connection that were created automatically after reboot and autodiscovery is not working. Did I missed something?

Screenshot 2023-04-21 at 21.10.361204×234 22.8 KB

Screenshot 2023-04-21 at 15.20.54894×132 14.6 KB

Issue solved I just deleted every entry and created a clean new vlan. The problem is solved

Hi (sorry for the late reply and I hope you managed to figure it out by now)
Are these network interfaces configured with static ip or dhcp? (the delay might come not from vlan setup but from ip configuration, if dhcp)

Static. No DHCP.

You didn’t say if your problem is solved or not, but my first attempt would be to try using a static ip and check how long it takes for network connectivity to be alive and replying by pinging the address of HA during its boot process from another network client and compare with dhcp configuration.

I have been using a static all along. The problem remains.