I had to implement VLANs on my farm network for various reasons. As a result I have a few teething issues. I have enabled “use ping for status” and I can ‘see’ my ESP devices in ESPHome Builder (online) but I am unable to update them or see logs. I get this error:
INFO ESPHome 2026.2.4
INFO Reading configuration /config/esphome/esphome-web-4ca634.yaml...
WARNING Captive portal is enabled but no WiFi AP is configured. The captive portal will not be accessible. Add 'ap:' to your WiFi configuration to enable the captive portal.
INFO Starting log output from 192.168.3.233 using esphome API
INFO Successfully resolved esphome-web-4ca634 @ 192.168.3.233 in 0.000s
My YAML is as follows, NOTE: my HomeAssistant server is able to see all networks. All other IoT devices are connecting.
That’s not an error, just a warning that means exactly what it says. You have a captive_portal: section but no `ap: section. An ap section is required for captive portal to work.
You can have an access point configured without captive portal, but not the other way around.
Your VLAN config appears to be working fine, the address I assume is correct? What else is in your YAML? If the whole config is as above, that’s all the log you will get. Add some sensors etc.
I have sensors in my YAML, i didn’t include them in the post that’s all… the main issue i have is i cant update the devices to use the new VLAN, or see logs. I have had to enable the old WiFi network to get them to connect.
without the captive portal section i still can’t connect.
INFO Connecting to 192.168.3.233 port 3232...
ERROR Connecting to 192.168.3.233 port 3232 failed: timed out
ERROR Connection failed.
WARNING Failed to upload to ['192.168.3.233']
My firewall rules are open for the HA server, i’m fairly sure its not an mDNS issue. I’ll try an install of the new YAML via USB/Serial.
two issues. captive portal was enabled without an ‘ap’ section as @zoogara flagged, and a manual USB/Serial update has sorted my issues out. I was reluctant to do this as two of my ESP devices are notorious for being uncooperative with serial connections.
The log indicates it knows the IP address to use. Normally mDNS is used to get the IP address based on a name. The real question is, is that the right IP address for the device?
yes it was the right IP. I can get the devices working for a while after installing via serial/USB then they become unresponsive after 30 minutes. I can see they are connected on my router. its my router being a turd.
Likely because VLANs are hard. I keep hearing about the general goodness of VLANs (and agree with that in general). But, I also see the struggles many people have setting them up and keeping them working. So far I haven’t seen enough goodness to be willing to endure the pain of setting it up and keeping it working.
The question here is if you trust those commercial devices on your local network. If so, then you don’t really need VLAN’s as you can use ‘Static’ IP’s either manually set on the device or via DHCP and then use a Firewall rule to stop them having Internet access.
A tip here is to use a separate firewall rule for each type of device, that way if you ever want a type of device to update via the Internet you can just disable a single firewall rule.
It all depends on how much you trust them (or don’t). It also depends on how much you trust your ability to set up a VLAN correctly and how well the router implemented it.
It can be a fun learning experience, just be sure you are ready for it.
If your setup supports tagged VLAN’s so you can add multiple VLAN to one port you could make your HA a member of the VLAN as well, bypassing any router/firewall ports. See here for example:
After creating the virtual interface, you can manage it from the HA gui.
You don’t need mDNS by the way, but if you don’t you need to be able to add local DNS records. By switching to ping for status and adding a “domain:” clause to the wifi settings, ESPHome will do the lookup based on normal DNS.
I have a Unifi environment and HomeAssistant running in Docker on a little Home Server. It was a steep learning curve to get VLANs and the trunk port on the switch running. I never regretted it - okay, once or twice in the last 5 years.
@xarmoda what is your network infrastructure look like?
I have around 50 devices on my network spanning a 20 hectare property (not including LoRa or ZigBee) It’s not practical to use only Ethernet but I do when I can. I use quite a bit of TP-Link network equipment on the IoT network because it copes with the extreme weather conditions in Australia, for instance WiFi bridges and remote smart switches. My public and private servers are FreeBSD, clients are Apple. My HomeAssistantis on a RPi 5 16Gb.
3 VLANS - One secure for clients and my servers, one for my home built devices, one for untrusted commercial devices. This includes physically separate ethernet so i don’t need to tag, but my switches support this if I ever want to.
Seems odd to be okay with that and the use VLANs because you care about security.
I have used TP-Link stuff before. It mostly worked, but I never had VLANs. I now use Unifi. Not because I think it really is that much better, but because it does have better management and UX and I am willing to pay for that.
Seems odd to be okay with that and the use VLANs because you care about security.
ROFL. To replace these network devices with another brand is prohibitively expensive… noting that any PRC manufactured devices are a risk. …some would say a redundant risk given western governments do the same thing. I live in Australia, we have no free speech and a socialist government anyway.
VLANs at the very least allow me to quarantine the part of the network that the outdoor WiFi uses.
It’s the after sales support, specifically with firmware updates to fix developing exploits where different vendors can make or break their reputation. TP-Link is one of those that has been found wanting in the past.
You -do- update your router firmware when patches become available, don’t you?
Then it is possible to add your home assistant to those networks. I don’t know the topology of your network, but this could make the network even more robust as the router isn’t needed persé.
The only thing to watch out for is the default route your HA is going to take for Internet access. For instance, if you have closed of your IoT network from Internet access HA could loose Internet access as well. Currently there is no way of setting route priority from the CLI.
I stopped fighting with that and just opened a hole in the firewall for HA to get through to the Internet. (While blocking the rest).
Don’t forget to configure IPv6 as well (if you have IPv6 capable Internet)
The issue was resolved some time back. A redundant entry in my YAML and a mDNS setting in a difficult to find part of my router settings. I use a VPN to access HA.
