Management IP VLAN issues?

[Guizado]

Hello everyone, having a bit of a strange issue.

Have some interfaces configured, VLANS and BRIDGES, vnet0 is the physical interface, i then statically configure IP addresses for these vlans, so I have VLAN 10, 20 and 30 and BRIDGE 10, 20 and 30, vlan 10, 20 and 30 with vnet0 as parent and bridge 10, 20 and 30 with vlan 10, 20 and 30 as parent respectively.

When I have Bridge30 IP address configured, i can acess the management IP of truenas no problem, through vlan30.
As soon as I setup an IP for VLAN10, then VLAN30 stops responding and i can only access the GUI through VLAN10 address, if i delete VLAN10 address then i can get access through vlan 30 again, no routing is changed, nothing else is changed, webgui bind address is set to 0.0.0.0, obviously is not a routing change as I can still ping vlan 30 address and I dont change any routing, i literally assign a IP to VLAN10 and thats the only IP i can access TrueNas on.
The reason I want to do this is I assign an IP to Vlan30 for management, and I want an IP in VLAN10 to bind to the SMB Share, but I dont want Truenas management to be done through vlan10.

Can anyone help?

Thanks

 

[Samuel Tai]

IIRC, bridges can contain VLAN interfaces as members, but not vice versa. Also, unless you're running TrueNAS Core as a VM, vnet0 shouldn't be a physical interface, but is a virtual interface associated with a bridge. Can you provide the output of ifconfig -a?

 

[Guizado]

Hello, thanks for your reply.
vnet0 in this case is a proxmox bridge from a proxmox bond (LACP), so bond0 contains 2 physical nics, when i said physical, i meant from truenas point of view on the network gui.
So my config is vnet0 >> vlan10 >> bridge10, same for 20 and 30.

Code:

root@GG-NAS-01[~]# ifconfig -a
vtnet0: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu1500
        options=4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
        ether ce:2f:fc:9b:84:29
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
        groups: pflog
bridge10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 58:9c:fc:10:ff:a0
        inet 192.168.10.20 netmask 0xffffff00 broadcast 192.168.10.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vlan10 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 9 priority 128 path cost 2000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 58:9c:fc:10:a4:4c
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
vlan10: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu1500
        description: vlan10
        options=480703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
        ether ce:2f:fc:9b:84:29
        groups: vlan
        vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: vtnet0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
vlan20: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu1500
        options=480703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,LINKSTATE,TXCSUM_IPV6>
        ether ce:2f:fc:9b:84:29
        groups: vlan
        vlan: 20 vlanproto: 802.1q vlanpcp: 0 parent interface: vtnet0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
bridge20: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 58:9c:fc:10:ff:90
        inet 192.168.20.20 netmask 0xffffff00 broadcast 192.168.20.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vlan20 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 10 priority 128 path cost 2000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
vlan30: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu1500
        options=80401<RXCSUM,LRO,LINKSTATE>
        ether ce:2f:fc:9b:84:29
        groups: vlan
        vlan: 30 vlanproto: 802.1q vlanpcp: 0 parent interface: vtnet0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
bridge30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 58:9c:fc:10:94:5c
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0.5 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 8 priority 128 path cost 2000
        member: vlan30 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 2000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
vnet0.5: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: speedtest as nic: epair0b
        options=8<VL

 

[Samuel Tai]

This seems unnecessarily complex. Is there a reason you need the bridge interfaces? Were you thinking of having jails on different VLANs? So far as I know, iocage can't support that, and will only bind to a single bridge. Since you're already running ProxMox, you don't really have a reason to run VMs within TrueNAS Core, so you don't need bridges for the VM tap interfaces.

 

[Guizado]

I am running a plex jail and wanted to run some other light tools on jails, for example Home-Assistant I run on a proxmox VM, Plex Media Server I run on a Jail, I assumed I could run jails on different vlans through bridges even though im not using them now, so i guess im wrong, but even if I dont my issue still persists.
So Truenas I want to manage on vlan 30 its a management vlan, but plex and the smb share in truenas i want to run on vlan10, to bind the smb share to vlan10 i need to have an address associated with an interface since smb needs to bind to an intgerface IP.
All those bridges created there its because i already tried without bridges, I even went as far as having a separate interface just for management, and the same happens, as soon as I assign an IP to another vlan i lose access to vlan30 or i lose access to the separate interface.

 

[Samuel Tai]

You have a routing problem. See https://www.truenas.com/community/t...nsfers-when-vlans-are-used.107541/post-742297.

 

[Guizado]

I can ping both interfaces, no problem, i can ping them locally and i can ping them from a remote network, so i dont see how it can be a routing problem.
Its just the GUI become unavailable from the vlan30 IP, but i can still reach that same IP address via ping from a different subnet. Truenas stops responding from the webGUI for that IP, as soon as i remove the IP from vlan10 i have access again.
So Routing is not a problem, otherwise I would neber be able to reach the IP, I am able to reach all the IPs all the time, its just the WEB interface stops responding for one IP when i create another one.

 

[Guizado]

Hello, i got it now, yes this is the problem thanks for your help Samuel, much appreciated.