Setup VLAN and HA tutorial

Bless you!
I tried adding a vlan using your method just now and I am getting this error
Error: Failed to add ‘enp0****@vlan20’ connection: ipv4.dns-data: unknown property
what could be the issue?

Edit: Apparently a lot of people have this issue

Looks like a bug/feature in NetworkManager :confused: Does it make any sense to have a dns server defined per vlan connection if these are not used for internet access? Maybe if you have a locally available DNS server answering in each vlan/network segment :stuck_out_tongue: Given the fact that HA really only needs one connection with gateway and dns to be able to update itself and connect to other networks, I would try to edit out/remove DNS references manually from each Connection file with “nmcli con edit ConnectionName” and then save and reload, as HA does not really need these DNS entries or other gateways.

If you are following the tutorial from the beginning, just change the command in step 4 from :
#nmcli con add type vlan con-name eth0@vlan10 dev eth0 id 10 ip4 10.0.0.2/8 ipv4.dns 10.0.0.1 gw4 10.0.0.1
To:
#nmcli con add type vlan con-name eth0@vlan10 dev eth0 id 10 ip4 10.0.0.2/8 gw4 10.0.0.1
Or you can also remove the gateway altogether:
#nmcli con add type vlan con-name eth0@vlan10 dev eth0 id 10 ip4 10.0.0.2/8

If you have already the connection created:
#nmcli con edit eth0@vlan10

Then edit/remove the data, save and exit, reload and that should do it.

Please let us know how that goes :slight_smile:

this worked. I was able to add the vlan then went back and added dns. Though there must be an issue with my opnsense rules because I keep losing connection to HA if I connect to the HA vlan address through my Lan network. I am not very knowledgeable of networking and it’s a little daunting tbh lol

1 Like

Watch out for multiple gateways. One gateway is enough, and one address that HA goes through the firewall. Remember, you should NOT be traversing the firewall when other VLANs clients to talk to HA, unless you are using one IP only in HA and mdns. All clients/members of a specific VLAN should talk to Home Assistant directly through its appropriate/dedicated VLAN address.

It’s when you start adding more gateways to HA or going to other HA IPs through the firewall that your network gets messy. Let’s imagine this setup:

Firewall/gateway for main LAN set as 192.168.0.1
Firewall /gateway for VLAN2 set 192.168.1.1

Main LAN address for HA set as 192.168.0.2
Secondary VLAN2/address for HA set as 192.168.1.2

VLAN2 segregated client address is 192.168.1.3

Remember:

DON’T add 192.168.1.1 as a gateway to HA VLAN2 interface (only VLAN2 clients should have this gateway defined if you want them to exit the VLAN2 and go to internet or other VLANs)
DON’T use 192.168.1.2 to visit your HA page from main LAN, always use 192.168.0.2
DON’T use 192.168.0.2 as HA IP to configure clients outside of Main LAN (unless this is your only HA IP)
DON’T use 192.168.1.2 as HA IP to configure clients outside VLAN2 (they should see themselves nevertheless)

If you follow these rules, everything should be ok.

1 Like

This is what I’ve been using.
192.168.10.1 is my main LAN.
HA main address is 192.168.10.6
192.168.10.4 is Pi-hole.
Valn 20 is where I keep all IOTs on opnsense
HA vLan 20 address is 192.168.20.3
Should just remove the gate way from this interface then for mdns and HA discovery to work?


Like you said, I was sometimes accessing vlan20 HA instance from my main LAN PC which is wrong as you mentioned.

If you are using the GUI of Home Assistant for network definitions, there is a way to set up an empty gateway easily: just enter “0.0.0.0” in every gateway field in each network interface (VLAN or not) that is not the main one (the one that you open the GUI in and usually the one that is set up first) :slight_smile:

Thank you. Which network adaptor should choose in my case? The vlan adaptor or the default?

Obviously it depends on what you are trying to achieve, but taking into account your description, your vlan adaptor is the segregated one, so it should not have a gateway nor a dns set up (HA does not need them in fact). If this is correct, then what you should have in HA network config is:

Main LAN
Network interface is ENP0S31F6.
Network is 192.168.10.0/24
HA main address is 192.168.10.6/24.
Gateway for this network is 192.168.10.1
DNS for this network is 192.168.10.4

VLAN
VLAN network interface is ENP0S31F6.20.
Network is 192.168.20.0/24
HA address is 192.168.20.3/24.
Gateway for this network is 0.0.0.0
DNS for this network is 0.0.0.0

Go to the terminal and run

ip r

output should be similar to this (some elements may be different, as I’m just guessing here):

 default via 192.168.10.1 dev enp0s6s31f6  metric 110 
 172.30.32.0/23 dev hassio scope link  src 172.30.32.1 (these are HA specific)
 172.30.232.0/23 dev docker0 scope link  src 172.30.232.1 (these are HA specific)
 192.168.10.0/24 dev enp0s6s31f6 scope link  src 192.168.10.6  metric 110
 192.168.20.0/24 dev enp0s6s31f6.20 scope link  src 192.168.20.3  metric 110

ha network info

should produce:


- connected: true
  enabled: true
  interface: enp0s6s31f6
  ipv4:
    address:
    - 192.168.10.3/24
    gateway: 192.168.10.1
    method: static
    nameservers:
    - 192.168.10.1
    ready: true
- connected: true
  enabled: true
  interface: enp0s6s31f6.20
  ipv4:
    address:
    - 192.168.20.3/24
    gateway: null
    method: static
    nameservers:
    - 0.0.0.0
    ready: true

That’s it!

1 Like

Thank you so much for taking the time to explain in detail and provide examples.
I got the exact same results after deleting the Vlan gateway and DNS.
Again, Thank you so much.

image

Anyone else having an issue with your adapters no longer showing up in HA? I’ve had these setup for months, but now no longer seem to want to show up within HassOS. I’ve tried deleting and recreating

Wondering what changed causing adapters not to be available to the HA container? :frowning:

seems it maybe something with os 11

Looks like there was an interface rename within the HA container from eth0 to end0

As well you can now use ‘ha’ to create a new network vlan interface immediately without rebooting and without the use of nmcli

 ha network vlan end0 3 --ipv4-method static --ipv4-nameserver 192.168.2.6 --ipv4-address 192.168.3.14/28 --ipv4-gateway 192.168.3.1
1 Like

I have Home Assistant installed on a VM in Proxmox. In my network, I have several VLANs configured; the HA is on the server VLAN, and I have IoT devices on another VLAN.

Yesterday I bought an Aqara FP2, which only allows linking to HA through HomeKit. Since it was in two different VLANs, it was impossible for HA to detect it. I solved it by configuring an additional virtual network card in Proxmox for HA. I assigned the IoT network to that card, and now they can see each other. It seems like a good solution because this way mDNS works on the IoT network, and HA can access it.

Could you please share detail with newbie? Thanks!

Are you using HA in proxmox?

Thanks to @cr0muald0 's excellent tutorial I was able to create a second interface for my HA Yellow to connect to devices on my IoT VLAN on my Unifi-controlled network. I was able to configure my first device (a Sonoff Dual R3 relay) via the ESPhome dashboard, where it shows as ‘online’.

The problem is that HA doesn’t auto-discover the device. It does not show up in the Integrations dashboard. I am able to add it manually using the IP address of the device, after which all controls function as expected. While this will probably work fine for a relay which will be online 99.9% of the time, I would really like auto-discover to work properly for future devices that may not be present in my network all the time and may receive different IP addresses.

I’ve read a lot of similar issues, both on the HA forums and on other sources, but none give a definitive answer for my problem. Some suggest that mDNS network traversal should be allowed but that would be necessary only if my HA device was in a different broadcast domain. Since I added the VLAN interface to HA, that should not be necessary. Of course I tried that, but it did not work. This seems to describe my issue but it doesn’t describe exactly what he did to resolve the issue and it received no replies.

Can anyone give me some pointers on where to look next to be able to diagnose this issue?

Hey @gerritgleufhoed, so you are saying the device is in the same network segment, right? That excludes the mdns problem. What integration are you using? As far as I know, the auto-discovery only works with Tasmota flashed devices or ESPhome integrated devices, but you did not mention that clearly. Did you flash your relay with Tasmota (I’m guessing no)? Are you using the ESPhome control system? And you have the ESPhome integration installed? Only then it might auto discovery ESP flashed devices, in my understanding (my Sonoffs are all Tasmota flashed and mqtt’ed) :slight_smile:

Sorry for not stating that clearly. Yes, the relay is in the same network segment as the newly added IoT VLAN interface in HA.

I have installed the ESPhome integration into HA and flashed ESPhome to my Sonoff relay (using the web.esphome.io dashboard wizard because I’m not yet running HA on HTTPS). When looking at the ESPhome HA dashboard (not sure if I’m using the right terminology here), the relay shows as ‘online’ and I’m able to send OTA updates to it. But it does not show up as a device with sensors and switches in HA, unless I add it manually through an IP address. After doing this I can control the relay without any problems.

From what I read, ESPHome requires mdns to function properly, so you don’t have to specify an IP in Home Assistant. How did you configure your ESP?

mDNS Component

The mdns component makes the node announce itself on the local network using the multicast DNS (mDNS) protocol.

Both Home Assistant and the ESPHome dashboard use mDNS to identify the IP address of all ESPHome nodes on the network. If mDNS is disabled, they will no longer be able to automatically find your devices. It may be necessary to use a static IP for all nodes and to enable the ping option in the Home Assistant add-on.

It is recommended to leave mDNS enabled.

Example configuration entry

mdns:
disabled: false

Then Home Assistant should be able to get the node’s IP (from mDNS and create the sensors automatically). Remember, either you give the node a static IP, or if you are using DHCP server, a fixed lease.

Read the Notes on disabling mDNS here: https://esphome.io/guides/faq.html#notes-on-disabling-mdns
and you will understand better the trouble of having a misfunctioning mDNS :wink:

Thanks for the reply, but I did not specify anything regarding mDNS in my ESPhome device yaml. Because mDNS is enabled by default, it should announce itself to the ESPhome dashboard instance, which should make it available to HA. Sadly, the second part of that sentence is not happening.

From the FAQ:

Online status detection in ESPHome’s dashboard by default uses mDNS

Since the ESPHome dashboard shows the relay as online, I must conclude that mDNS is working properly. It must be something related to announcing the device’s presence to HA that is not functioning. I could use tips to start diagnosing this further.

I see. According to what you are describing, it looks like the node is added to the dashboard but not creating the sensors in HA, as it should. For that to happen, it needs to have the node’s IP properly configured, which should be configured automatically, but apparently not always. Check this thread here to see if it helps:

I had read that thread already. The quote solution unquote in that thread is to just add the ESPhome device integration manually via the IP, which works in my case as well but should not be the go-to route to add devices.

One thing I did notice is that I don’t have the captive_portal or fallback AP configured in my device setting as I don’t see the point: the device should be able to connect to the configured wifi or fail, in which case I have to fix the configuration. I cannot image that being the cause of the autodiscover failing in HA, but it’s worth a shot.

I’ll try to get some log output of the device to compare it to the log output in the thread you linked to see if I see similar output.