Hello.
I recently moved and decided to reconfigure my HA setup to include an IOT network on a separate vlan.
One thing I wasn’t considering was accessing devices directly for purposes of setup/updates/etc.
Anyone have a solution for proxying device web portals through HA so they can be easily accessed on the main lan?
I know this could be accomplished a few different ways via firewall or switch but I’d like to avoid creating a “bridge” between the vlans if possible.
HA already exists on both so I wondered if it might have an option to pass the portal traffic across but my searches have turned up nothing so far.
Thanks.
So, you have one HA on your “lan” and another one on your “vlan” and you want to be able to access the latter HA and its devices from the former one, right?
I’m not aware about any solution like that, but even if it existed, you need to enable the flow of IP traffic between the “lan” and “vlan.” That is enable the IP routing between the “lan” subnet and “vlan” subnet. After that, you use the available firewall to allow only the traffic that is necessary to access the “vlan” HA and its devices.
Your router should take care of routing between the vlans.
Why?
Just because or for the purpose of blocking device from the internet?
Just wanting to know the goal.
what firewall/router are you using?
You can create “allow” rules that allow specific devices, groups of devices or all to pass accross vlans and connect to specific, groups or all devices on another vlan.
not sure what portal your asking about.
Sounds like a case of Enterprise Smart Home Syndrome maybe.
1 Like
I have HA on two vlans and I do not allow my router to pass any traffic between them. My IoT vlan, in fact, has no default gateway setting.
However I decided it was far more time-consuming and complex to set up mgmt proxies than it was to just sit down at my desktop (which is tagged to both vlans) or change my mobile ssid the occasional time I needed access. Basically there are a handful of phone apps requiring this, and it’s extremely rare I need to use them. As “cool” as it would be it just wasn’t a project I found worthwhile.
I did try TasmoAdmin (I have lots of Tasmota devices), but frankly I really didn’t like it. Drives me crazy that it lists relays instead of devices, suggesting emphasis on control instead of admin.
Thank you for the replies everyone.
Yes this is exactly what I was talking about and I think your configuration is probably the most logical way of dealing with it.
Thanks again.