SOLVED Bridging between NICs

[dewhite04]

Hello All,

I'm still relatively new to TrueNAS and would like to ask for help with a networking configuration task that's probably pretty simple. I built my TrueNAS server on top of a Supermicro X10 board that includes i210 and i219 1GbE NICs. I also added a Broadcom 10G NIC with 2 SFP+ cages.

Presently, the only connection from the server to my network is via one of the 10G SFP+ modules, which is working great. The server is located in a part of our building where there was no connectivity to begin with, so I ran a dedicated fiber line to that location. Now, I want to connect an SNMP management card (RMCARD202) from the attached Cyberpower UPS. Since there is no copper to this location, I thought to bridge the i210 NIC to the Broadcom fiber to allow the management card to pull an IP of its own. I may also want to add an unmanaged switch and connect an IP phone or some other devices in the future.

I've looked at some posts and read some guides online, and fiddled a bit myself, but I haven't been successful yet. It looks to me like all the topics I've been able to find have been specific to bridging between VMs to the physical network, or intended to allow multiple hosts to share a single static IP, or depend on specifying IP addresses, instead of allowing each connected device to obtain an IP from the DHCP server upstream.

My desire is to allow the TrueNAS to continue to hold its current IP: 192.168.42.5, which it acquires via DHCP from a static map on the DHCP server that lives at 192.168.42.1. Any other devices which are connected through enp9s0 (the i210 NIC) would pull their own IPs, either dynamically, or from another static-map entry on the router (an OPNsense installation running on separate hardware). I think this should be easily configured in the GUI, but I just haven't quite figured it out yet. Can anybody point me to a definitive resource, or suggest the steps to take?

Any thoughts are appreciated!

 

[DaSnipe]

I might be wrong, but I remember only one IP being allowed to be set by DHCP in the GUI, haven't played with my networking settings in a while tho

 

[dewhite04]

I might be wrong, but I remember only one IP being allowed to be set by DHCP in the GUI, haven't played with my networking settings in a while tho

Thanks for your reply!

I'm not sure if this is good news, or not: It would mean that I'm not an idiot for being unable to figure this out, but it would also mean that I'm hosed on bridging from fiber to copper at this location...

 

[NickF]

I think perhaps you might want to consider a switch :P

 

[Patrick M. Hausen]

You can bridge just fine. Create an interface named "br0" and make the two physical ports members of that bridge.
But a bridge is a layer 2 device. So the two physical ports become "switch ports" in a sense. So they don't have IP addresses. You need to move the IP configuration to the br0 interface - DHCP or static, both should work.

 

[dewhite04]

I took a few more tries at it today. I was able to create a bridge and get it an IP address via DHCP which allowed me to still access the WebUI, but I haven't figured out how clients can obtain IPs by DHCP. I tried adding a desired IP for the management card to the interface it was attached to, which was a member of the bridge. That lost me access to the UI and I was running short of time so I just deleted the bridge and went back to DHCP on the attached fiber interface.

For now, I've engaged an effective workaround ($30 WiFi client bridge to connect the RMCARD, instead of a $300 switch that will draw more power from the UPS). It's working fine. Once I have the card configured and working properly, maybe I'll find time to come back and take another crack at configuring the bridge to do what I'm sure is possible without additional equipment.

Thanks all for your thoughts - I'll update if/when I find a solution!

 

[homer27081990]

Because of the ARP protocol and bridge topology (it effectively acts as a layer2 hub, not a switch, see here and here [line 24 of text]) you should try nesting bridges, each with one of the NICs and a third bridging them together, or find a way to create a vswitch (I don't really know if it is applicable in TrueNAS, but, here). I don't think you can pass ARP through a bridge that does not connect only switches and not endpoints.

 

[dewhite04]

Whelp, it was working, I just didn't know it.

After connecting the management card via WiFi client bridge, I figured out it was previously configured with a static IP in a different subnet, as well as with a user/password that was not the default. A quick factory reset and firmware upgrade later, I got it connected and working through the WiFi client bridge.

After that, I went back to re-create bridge br0 with all NICs as members, and used the bridge's mac address in the DHCP server's static assignment table to have it given the preferred IP for the TrueNAS. I also created a static route from 192.168.42.0/24 to 192.168.42.1 in the TrueNAS settings. After applying those settings and confirming access to the WebUI, I reconnected the management card to one of the gigabit NIC ports and it was assigned the correct IP by DHCP and is reachable from the rest of the network. For fun, I plugged in a provisioned IP phone into another NIC port and it connected right away and received the expected IP. Everything seems to be working great.

I hope my misadventure might be helpful to someone else in the future. I think the misconception I was hung up on was that I needed to do something in TrueNAS settings to tell the devices connected through bridge members whether to obtain an IP by DHCP or statically. In reality, those settings are for the ports themselves, which don't need IP addresses in my application. Instead, the devices connected to each NIC have their own configurations for establishing or obtaining an IP address (just like you'd expect). I knew all that - I just wasn't thinking about the obvious misconfiguration of the RMCARD...

 

[homer27081990]

Whelp, it was working, I just didn't know it.

After connecting the management card via WiFi client bridge, I figured out it was previously configured with a static IP in a different subnet, as well as with a user/password that was not the default. A quick factory reset and firmware upgrade later, I got it connected and working through the WiFi client bridge.

After that, I went back to re-create bridge br0 with all NICs as members, and used the bridge's mac address in the DHCP server's static assignment table to have it given the preferred IP for the TrueNAS. I also created a static route from 192.168.42.0/24 to 192.168.42.1 in the TrueNAS settings. After applying those settings and confirming access to the WebUI, I reconnected the management card to one of the gigabit NIC ports and it was assigned the correct IP by DHCP and is reachable from the rest of the network. For fun, I plugged in a provisioned IP phone into another NIC port and it connected right away and received the expected IP. Everything seems to be working great.

I hope my misadventure might be helpful to someone else in the future. I think the misconception I was hung up on was that I needed to do something in TrueNAS settings to tell the devices connected through bridge members whether to obtain an IP by DHCP or statically. In reality, those settings are for the ports themselves, which don't need IP addresses in my application. Instead, the devices connected to each NIC have their own configurations for establishing or obtaining an IP address (just like you'd expect). I knew all that - I just wasn't thinking about the obvious misconfiguration of the RMCARD...

Nice! Don't forget to mark as solved (add a prefix in the thread edit menu).