Xiaomi Gateway broke after I moved gateway to a VLAN

xbmcnut · January 7, 2022, 2:29am

Thanks for the tips. I’m keen to give this another try and wondering if you could elaborate a bit more on how to create the virtual interfaces?

pluskal · January 7, 2022, 6:32am

Well, I am not sure how I managed that exactly. It is a bit different on each Linux distro, but you can look for a “VLAN Linux”.

There is a thread describing the approach on HASS

Or, just generically, if there is an ip utility present, you can use 10.4. Configure 802.1Q VLAN Tagging Using the Command Line Red Hat Enterprise Linux 7 | Red Hat Customer Portal otherwise, write the /etc/sysconfig/network-scripts/ifcfg-device_name by hand.

maple550 · January 20, 2023, 5:32pm

I was playing with the same problem for several weeks now. Aqara HUB M1S in IOT VLAN subnet and HA in home LAN (sitting in KVM-QEMU). IOT cannot access LAN, LAN can access IOT. So HA can see IOT VLAN, but thanks to multicasts cannot acccess Aqara. And I do not want to put HA into both those VLANs (LAN and IOT).

I have read many posts about this topic and they have different infos here and there, so I tried my own inspection with tcpdump to see, how the communication is going.

In my case it looks like Aqara is shouting multicast to 224.0.0.251 (mDNS port 5353) “hey, I am here” and avertising services endpoints and ports (ports seems to be random), eg.:

Aqara-Hub-M1S-A343._hap._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 49283, target Aqara-Hub-M1S-A343.local
Aqara-Hub-M1S-A343._aqara-setup._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 33686, target Aqara-Hub-M1S-A343.local
Aqara-Hub-M1S-A343._aqara._tcp.local: type SRV, class IN, cache flush, priority 0, weight 0, port 47897, target Aqara-Hub-M1S-A343.local

HA is catching this mDNS packet, picking _hap_ service and then opening TCP connection to it. All events and data is then using this connection.

So I have installed Avahi on my OpenWrt router and configured /etc/avahi/avahi-daemon.conf this way:

[reflector]
enable-reflector=yes
[server]
allow-interfaces=br-lan.100, br-lan.25 # looks it needs space after colon (!)

Enable and restart service on OpenWrt

/etc/init.d/dbus start
/etc/init.d/dbus enable
/etc/init.d/avahi-daemon start
/etc/init.d/avahi-daemon enable

Avahi is sending mDNS from one VLAN to all other subnets (listed in config).

Then I opened firewall hole to allow mDNS between those VLANs
from any, to this device, UDP, 224.0.0.251:5353, allow

And thats it. HA can discover Aqara HUB. I can see all zigbee devices and can read their states and values as before. Maybe something will pop up, I am testing it for a week, but it looks good so far.

Hope it can help someone.

ilshatms · June 25, 2023, 7:27am

Unfortunately, this does not work for the lumi.gateway.v3 version.