SOLVED VLANs and bridge - Something is broken

[Volts]

Sweet!

Switch port profile is tagging LAN as VLAN 1

You don't need to change anything if it's working.

I just want to reiterate that "LAN" is merely the name of the network configured in Unifi that's assigned to VLAN 1.

And there's nothing special about the name "LAN": It's just a Unifi default, you could rename it if you wanted.
There's also nothing special about VLAN 1 except that it's untagged by default on most devices.

I mention this because a common mental model is that there's a real LAN and then other virtual LANs, that are somehow inferior.

But actually every VLAN is treated identically - Are untagged frames allowed on a port? If so, which VLAN does the switch associate them with internally? Are tagged frames allowed on a port? - and that's identical for every VLAN.

 

[Volts]

Can you check for TrueNAS updates within TrueNAS?
Can you ping github.com from the console?
Can you curl https://github.com from the console?

But also, which plugins are you looking at? Many plugins aren't really maintained, and so it can be much less frustrating to use standard jails and install the software components yourself.

 

[victort]

Can you ping github.com from the console?
Can you curl https://github.com from the console?

Getting no route to host.

edit: Working after setting my default DNS.

 

[Volts]

Is a Default Gateway configured in Network/Global Configuration?
Share the output of ifconfig -a and netstat -rn.

 

[Volts]

@Patrick M. Hausen do you have an opinion about running an IP address on the vlan1 interface if it isn't also being bridged to VMs? I think that's fine, right?

 

[Patrick M. Hausen]

Don't use plugins. Roll your own jails. The plugins rely on built-in NAT and an overall quirky network setup that is not really compatible with a proper one.

 

[Patrick M. Hausen]

@Patrick M. Hausen do you have an opinion about running an IP address on the vlan1 interface if it isn't also being bridged to VMs? I think that's fine, right?

Yes, of course. Make sure to never start a jail with vnet_default_interface set to "auto". This will dynamically create a bridge with whatever interface has got he default route and whatever bridge interface you assigned down in the "Network Settings" section. Possibly creating a loop.

The fundamental problem is: there is a lot of undocumented magic in the jails/plugibs subsystem in TrueNAS that assumes you have a single network interface and no VLANs, link aggregation, or other fancy stuff.
If you want any of that, you need to disable the magic and do some more manual confuguration.

 

[Volts]

Oh! That's not exactly what I was asking, but it's good advice and I agree.

I meant - when VLANs aren't in use - it's fine to put an IP address on em0 as long as it isn't also bridged for jails. If bridged, then it's not appropriate to also use em0 as a Layer3 interface - there's some Layer2/Layer3 spaghetti badness if you do.

Here, vlan1 isn't bridged to anything.
vlan1 and vlan50 share an underlying physical interface
Because vlan50 is bridged, vlan50 shouldn't be used as a Layer3 interface.
But there's nothing that would contra-indicate use of vlan1 as a Layer3 interface. Right?

(vlan1 will get the same MAC as em0, but every switch I've touched in 10+ years defaults to per-VLAN MAC tables. And there shouldn't be any Layer3 traffic on em0 anyway if your other advice is followed.)

 

[victort]

So, I have everything set up and working for me using VLAN1 and VLAN50.

There is a problem though, in connection speed when going to VLAN50. I have a nextcloud server running on VLAN50 and it is painfully slow. If I put it on VLAN1 (LAN) its blazing fast.

Any ideas?

 

[victort]

So, I have everything set up and working for me using VLAN1 and VLAN50.

There is a problem though, in connection speed when going to VLAN50. I have a nextcloud server running on VLAN50 and it is painfully slow. If I put it on VLAN1 (LAN) its blazing fast.

Any ideas?

It seems after doing some toying around that the reason was that it had to traverse a bit of a distance twice to my router in order to get to the NAS shares. I moved both to the VLAN50 and now its working fine.

 

[Patrick M. Hausen]

Why does your jail need to get at NAS shares via the network? You can configure local filesystem mounts - which is part of the case for jails.

 

[victort]

Why does your jail need to get at NAS shares via the network? You can configure local filesystem mounts - which is part of the case for jails.

I haven't heard of this.

 

[Patrick M. Hausen]

My Nextcloud jail. In Jails > <your jail> > Mount Points

 

[victort]

My Nextcloud jail. In Jails > <your jail> > Mount Points

View attachment 60848

Is there a thread showing in greater detail how to do this?

 

[Volts]

Is there a thread showing in greater detail how to do this?

Does this help?

Setting Up Jail Storage

Describes how to set up jail storage in TrueNAS CORE.

www.truenas.com

 

[victort]

Does this help?

Setting Up Jail Storage

Describes how to set up jail storage in TrueNAS CORE.

www.truenas.com

Thanks!

 

[Patrick M. Hausen]

Just to add to that: this is one of the killer features of jails. If you deploy your application in a VM you are forced to use some kind of network share - NFS or SMB in most cases. With jails you can create a local mount - read-only if you so desire - in an instant. File access overhead for the application in question: zero, zilch, nada.

 

[victort]

Is all this still true with TrueNAS Scale?

The idea that it can’t handle tagged and untagged traffic?

Would the setup of VLANs be the same or similar to core?

 

[Patrick M. Hausen]

FreeBSD can handle tagged and untagged. It can't handle tagged if there is a bridge configured with the untagged interface as a member. That's why it's discouraged - among other things - to mix. If you know exactly what you are doing, go ahead. No idea about how Linux handles this, sorry.

 

[victort]

FreeBSD can handle tagged and untagged. It can't handle tagged if there is a bridge configured with the untagged interface as a member. That's why it's discouraged - among other things - to mix. If you know exactly what you are doing, go ahead. No idea about how Linux handles this, sorry.

Sorry what I meant is on a single NIC.