I’ve had this setup stable for 5 days it seems to be working well, I thought I’d share.
There are a few great threads on how to get HA to have VLANS on bare-metal (HAOS directly on a Pi or something) and prox-mox but I haven’t seen anything for windows + vbox.
Long story short if you want your cheap chinesium IOT devices and/or cameras to be isolated from the rest of your network you gotta do VLANS.
But why?
- I have outdoor POE cameras and I don’t want someone to just unplug one and start dinkin around on my LAN and I refuse to put passwords on my IOT devices
- When you get up to 50+ devices on your network, it gets way easier to manage them
- You can ELIMINATE the ability of your IoT/camera stuff to phone home, or at least turn it on/off for OTA updates
- VLANS are super cool and therefore make you super cool. While the routers/switches may cost more all the software is free
Note: This method limits you to 4 VLANs, works by setting up Virtual NICs through Hyper-V in windows and then using those virtual NICs in HA through VBox. If you need more than 4 just stop reading.
My Setup
- Windows 11 Pro (unlicensed)
- BlueIris for Cameras
- Virtualbox (latest version)
- Home assistant in virtual box
- Ubiquity U7 Pro Wifi units x 2
- Note: Many users have had problems when they connect like 30+ IOT devices to these things. I’ve had no issues. Ubiquity is working hard on a possible software fix.
- PFsense router / DHCP
- Four VLANS 1- Default, 10 - Guest Wifi, 20 - IoT, 30 - Cameras
- Four Wifi SSIDs, one for each VLAN
Basics needs
-
Windows 11
-
VirtualBox (latest version)
-
Working copy of HAOS installed on VirtualBox
-
“Hyper-V-Services” and “Hyper-V-Module for Windows powershell”
- Search for “Turn Windows features on / off”
- Select “Hyper-V-Services” and “Hyper-V-Module for Windows powershell”
- Note: if you install Hypervisor, virtualbox will SH*T A CHICKEN. DO NOT INSTALL IT
-
Router that supports VLANS
-
Switches that support VLANS
- I got a $3,000 netgear enterprise switch off ebay for $150 and I WILL BRAG FOREVER
-
Wifi AP that supports vlans
-
Alternatively, a single router/switch/wifi AP combo with all of the above. Do your research first because 2 of them I looked at had bad reviews.
Basic steps to get Windows and your network setup for VLANS
- Learn the basics of VLANS
- Setup your DHCP server + Router for VLANS - For the love of God make the 3rd Octet the same number as the VLAN
- Default 1 VLAN - 192.168.1.x
- VLAN 10 - 192.168.10.x
- You don’t strictly speaking need a DHCP server but my U7 pro just Stops working without one and in general UUUGH.
- Setup all your switches for VLANS (if they are managed they should do this, if not you’ll need to buy new switches)
- Add your VLANS to your Windows network adapter. Do this in Powershell run as administrator
# Note: If you use a headless windows machine like me, you're going to have a bad
# time with the setup.
# This will return a list of network adapters, find your physical NIC and note its
# "Name" - In most cases "Ethernet"
Get-NetAdapter
# This creates a new vSwitch named VLAN-vSwitch and bridging our physical NIC
# called "Ethernet". Also we allow to add virtual Host-NICs to this switch.
New-VMSwitch -name VLAN-vSwitch -NetAdapterName Ethernet -AllowManagementOS $true
# OPTIONAL but NOT recommended: Hyper-V automatically creates a virtual NIC without a VLAN tag to keep the host
# online - you may Remove it, except you are using a Untagged/Tagged combination. (The virtual NIC labeled "VLAN-vSwitch" will be your untagged connection)
Remove-VMNetworkAdapter -ManagementOS -Name VLAN-vSwitch
# Now we create a new virtual Host-NIC and assign a VLAN tag 123 to it. Please
# note, that the interface name can be chosen freely. One might want to name them
# by purpose.
# For your own sanity, put the VLAN number into the NIC name (eg "VLAN123")
Add-VMNetworkAdapter -ManagementOS -Name "VLAN123" -SwitchName "VLAN-vSwitch" -Passthru | Set-VMNetworkAdapterVlan -Access -VlanId 123
# You can now add as many virtual NICs as you need
Add-VMNetworkAdapter -ManagementOS -Name "VLAN456" -SwitchName "VLAN-vSwitch" -Passthru | Set-VMNetworkAdapterVlan -Access -VlanId 456
# Finally, verify that all adapter are in place
Get-NetAdapter
- Optional but recommended: Setup static IP addresses on windows on all the new Virtual NICs you created like you would normally
- Search for “View Network Connections” in Windows 11
- Optional but strongly recommended: remove the gateway from your new VLANS except for the default
- Setup your Wifi APs- You’ll need an SSID for every VLAN - your AP should force your devices into whatever VLAN you have assigned.
Setting up Virtualbox
- Open Virtualbox
- Shut down your HA instance if you’re running it
- Open the settings for your HA VM, click on Networking
- Add your new virtual NICS - one for each adapter tab!
- Your new Virtual NICs are “Hyper-V Virtual Ethernet Adapter” and they are NUMBERED
- To get the numbers, go back into powershell and type Get-NetAdapter and it’ll show you which are whcih
- I think you should keep network adapter 1 the same. It should be your default VLAN.
- In my case, my default LAN turned into “Hyper-V Virtual Ethernet Adapter #6”
Setting up Home Assistant
- Start the VM instance of HA
- Open your web browser, navigate to network settings in HA
- Hopefully your default NIC is on the Default VLAN, scroll to the bottom to verify
- If you want integrations like MQTT to use your VLANs, enable them appropriately
- Scroll back up now
- Add static IP addresses to your new NICs it appears by default the new NICS will just be DHCP (again, if you set the 3rd octets to the VLAN you should be able to identify them immediately. If you did not then I TOLD YOU SO)
You should be good to go!
