You are not logged in.
- Topics: Active | Unanswered
#1 2019-12-16 00:45:47
- firecat53
- Member
- From: Lake Stevens, WA, USA
- Registered: 2007-05-14
- Posts: 1,542
- Website
[SOLVED] Trying to get 2 ports on a 4 port NIC assigned to one VLAN
Hopefully the picture is worth more than just words. I'm trying to get 2 ports on a 4 port NIC to be automatically assigned to VLAN 10 without creating any other VLANs. Currently the Unifi AP and pfsense are assigning anything on the -IOT wireless SSID to VLAN 10 (which assigns DHCP IP addresses in the 192.168.10.x range) and that works perfectly with no intervention required on the bare metal side of the Arch server running the VM.
I've tried adding the 'vlan_filtering' option to switch0, but that seems to knock out my other connections. I've also tried adjusting the VLAN settings on the ports so that the output of
bridge vlan show dev enp1s0f2is
enp1s0f2 10 PVID but that seems to do nothing. Plugging in my laptop to that port still gets an IP from the non-VLAN DHCP server (192.168.1.x).
+---------------------+ Server
|Unifi AP | - Internet via eno1 passed through to pfsense VM
| - Untagged traffic | - 4 port NIC enp1s0f*
| - VLAN 10 for IOT |
| |
+----------+----------+ +------------+----------------------------------------------+
| | | |
| +---+ | +----------------------+ |
+------------->+ | | enp1s0f0 | | pfsense VM | |
+---+ | | 192.168.1.1/24 | |
+---+ |Bridge: | | |
| | | enp1s0f1 |switch0 | | |
+---+ +--------------> | |
+--------------+ +---+ |192.168.1.101 | | |
|WANT: devices +------>+ | | enp1s0f2 |IP addr set on| | |
|plugged into | +---+ |switch0 | | |
|these 2 ports | +---+ |for server | | |
|are assigned +------>+ | | enp1s0f3 |internet access | |
|VLAN 10 | +---+ | | | |
+--------------+ | | +----------^-----------+ |
| | | |
| | | |
+------------+ | |
| | |
+-----------+ +---+ | |
| +------->+ | | eno1+------------------------------+ |
|Cable Modem| +---+ |
| | | |
| | | |
+-----------+ | |
+-----------------------------------------------------------+Any ideas? I'm struggling a bit with some of the VLAN concepts, I think.
Thanks!
Last edited by firecat53 (2019-12-17 21:14:29)
Offline
#2 2019-12-16 00:59:22
- Zod
- Member
- From: Hoosiertucky
- Registered: 2019-03-10
- Posts: 630
Re: [SOLVED] Trying to get 2 ports on a 4 port NIC assigned to one VLAN
https://wiki.archlinux.org/index.php/VLAN
?
Edit: Conceptually, what your doing is defining broadcast domains. By tagging a packet of data with a vlan number your giving a switching device, that is configurable at layer 2, information to make switching decisions.
The desired effect is that devices that are assigned to vlan10 (or whatever) will not receive broadcast traffic from devices assigned to vlan100.
Taken further, it can be configured at layer 3 that devices on vlan10 either never see, or only see, traffic from vlan100 when it is desired (inter-vlan routing).
Ordinarily, this would all be defined on a smart switch on a per port basis.
Last edited by Zod (2019-12-16 02:11:36)
Offline
#3 2019-12-16 04:36:23
- firecat53
- Member
- From: Lake Stevens, WA, USA
- Registered: 2007-05-14
- Posts: 1,542
- Website
Re: [SOLVED] Trying to get 2 ports on a 4 port NIC assigned to one VLAN
I think I understand the big picture for the most part...it's the details about how to implement that's tripping me up. For example, what's the difference between:
sudo bridge vlan add dev enp1s0f2 vid 10 pvid untaggedand
sudo bridge vlan add dev enp1s0f2 vid 10 pvid 10?
Nothing I change on the enp1* ports as far as the VLANs go seem to change anything. The one time I set 'vlan_filtering' on the switch0 interface it seemed to kill the network completely...although I couldn't test for too long cause I took out interwebz for the family...
On my laptop, I set up a pfsense VM with two client VMs attached via a bridge with 'vlan_filtering' enabled. I actually got one of the VMs to get assigned an IP from the VLAN 10 network setup on pfsense, but the vnet interface that libvirt created on the laptop had to have the 'bridge vlan add' command above run manually and then the client network restarted. I can't see a way to alter the libvirt vnet interfaces automatically to add the vlan information.
Offline
#4 2019-12-17 21:22:11
- firecat53
- Member
- From: Lake Stevens, WA, USA
- Registered: 2007-05-14
- Posts: 1,542
- Website
Re: [SOLVED] Trying to get 2 ports on a 4 port NIC assigned to one VLAN
I was oh so close to getting it right...
1. Enable VLAN filtering on switch0
2. `bridge vlan add dev enp1s0f2 vlan 10 pvid 10 untagged` for both ports
3. `bridge vlan add dev vnet0 vlan 10` for the pfsense LAN interface once the VM starts up
I actually setup systemd-networkd to accomplish the first two items:
/etc/systemd/network/switch0.netdev
[NetDev]
Name=switch0
Kind=bridge
[Bridge]
VLANFiltering=yes/etc/systemd/network/enp1s0f2-3 vlan 10.network
[Match]
Name=enp1s0f2 enp1s0f3
[Network]
Bridge=switch0
[BridgeVLAN]
VLAN=10
EgressUntagged=10
PVID=10And to automatically set the vnet0 VLAN after the pfsense VM starts:
/etc/libvirt/hooks/qemu
#!/bin/bash
# Add vlan 10 to vnet0 (LAN interface)
if [[ "$1" == "pfsense" ]] && [[ "$2" == "started" ]]
then
bridge vlan add dev vnet0 vid 10
fiI'd like to make this a bit more robust, especially if I ever run more VMs on
startup, but it works for now!
Offline