The primary reason I hadn’t yet migrated these devices to Matter was my desire to maintain network separation for IoT devices, even when using Matter.
Network Segmentation Challenges
Previously, I set up an IoT VLAN where devices on this virtual network are isolated from the main network. Devices like my phone, computer, and Home Assistant server, which are on the main network, can still access the IoT VLAN. However, this setup presented a few hurdles for Matter integration:
-
IPv6 Requirement: I hadn’t enabled IPv6 on the IoT VLAN to reduce the attack surface for potential network threats. Unfortunately, Matter requires IPv6 for communication, so enabling it became a necessity.
-
Local Network Limitation: Home Assistant’s Matter implementation only scans the local network for devices. Since my Home Assistant server resides on the main network, it couldn’t detect Matter devices located on the IoT VLAN.
First Attempt and Challenges
I explored solutions, including this guide on setting up Home Assistant across multiple VLANs. While I managed to connect Matter devices to Home Assistant, this configuration caused my non-Matter devices to become unavailable. Upon inspection, I realized that Home Assistant had designated the IoT VLAN as its default network. This occurred because Home Assistant appears to sort networks by IP subnet, and my IoT VLAN (10.0.15.0/24) was prioritized over my main network (172.16.1.1/24).
Given that the IoT VLAN blocks connections to other networks, this default setting broke many of my integrations. Frustrated, I reset the virtual machine to its previous state and decided to revisit the problem later.