Changing a Connection to a Different VLAN

[cortes]

I currently have this network setup:

I want to change eno2 to a different vlan to use it as a dedicated admin connection. I was logged in the server on eno1. I changed the port of eno2 on my Unifi UDM SE router to the new vlan. After doing so, I started getting spinning wheels on the eno1 connection. Eventually, it disconnected and tried to reconnect. I changed the port back to its original setting for eno2. The connection on eno1 then came back up.

Both connection were assigned via DHCP. I subsequently set their addresses to reserved. I unreserved eno2 before I made the port change.

I've seen a number of articles on setting up vlans on truenas, but that's not what I want to do if I understand correctly. I don't even see the option described in the articles to do so on my network page. I just want to use a vlan connection set up on my router. Am I missing a step here?

Update
I found a video that demoed the process of setting a static IP address. I was thrown off by the dialog asking for an alias. It's only after you click on it that it then asks for an IP address.

After entering the IP address, 10.0.50.10/24 in this instance, it said the default gateway would be deleted and that I should enter a new one. I tried entered the original one, 10.0.0.1. It said it couldn't connect. I'm guessing it wants the one for the vlan, 10.0.50.1. Now my question is what happens to the other interface when the default gateway is changed. It didn't appear that each interface had its own default gateway, but I could be wrong.

Update 2

After useful advice from @Patrick M. Hausen, I'm now at this point:

The eno1 connection is static. For the other Ethernet connection, I configured the router to map the port to vlan id 50 and the 10.0.50.0/24 range. I set the IP to 10.0.50.10, which is static. When I add those settings to eno2 and run the test, I can ping 10.0.50.10, but the browser times out. When I restore after the test, I can no longer ping the address. Since this would just be a nice to have feature on a home NAS, I'm giving up on this. I added the additional information in case someone else has this problem.

 

[Patrick M. Hausen]

You cannot have two interfaces in the same network. You cannot have more than one interface set to DHCP.

 

[cortes]

You cannot have two interfaces in the same network. You cannot have more than one interface set to DHCP.

Isn't the configuration above two interfaces and the same network? They work fine and they are both DHCP. Is it more the case that you SHOULDN'T have two interfaces on the same network? It could well be that I'm not understanding what you are saying.

 

[Patrick M. Hausen]

Your configuration is not supposed to work and will break in unexpected ways. It's unsupported. Don't do this. That's what I am saying.

For reference: https://www.truenas.com/community/resources/multiple-network-interfaces-on-a-single-subnet.45/

 

[cortes]

Your configuration is not supposed to work and will break in unexpected ways. It's unsupported. Don't do this. That's what I am saying.

Thanks for the link. When you say "the same network", does that mean two connections on different vlans are considered to be the same network? Would I have to have a stand alone switch and a stand alone computer connected to the second interface to be considered different networks? I'm guessing that's not the case, but just wan to be clear on what you mean.

What I want do is use the eno1 connection for file server traffic and eno2 for server administration. Iv'e seen several articles encouraging this configuration. Is it done by assigning multiple IP addresses to a single connection? Maybe that's why the static set up is called Add Alias. Just guessing here.

If that's the case, then whey do all the TrueNAS Mini's have two connections? Is that for link aggregation?

 

[Patrick M. Hausen]

Two connections on different VLANs with different IP networks are of course supported. Only one of them can be a DHCP client. Can of course be the same switch. "Same network" refers to the same IP network. You must use alias addresses on a single interface if you need more than one IP address in a single network for some reason.

Separating administrative access from production use in most cases means two different networks and e.g. a firewall in between. Of course these can also be VLANs and a single switch. It's the separation of IP networks or "broadcast domains" as these things are properly named that counts.

If that's the case, then whey do all the TrueNAS Mini's have two connections? Is that for link aggregation?

For example. Works like a charm.

 

[cortes]

Two connections on different VLANs with different IP networks are of course supported. Only one of them can be a DHCP client. Can of course be the same switch. "Same network" refers to the same IP network. You must use alias addresses on a single interface if you need more than one IP address in a single network for some reason.

Great, it seems like we're on the same page here.

Separating administrative access from production use in most cases means two different networks and e.g. a firewall in between. Of course these can also be VLANs and a single switch. It's the separation of IP networks or "broadcast domains" as these things are properly named that counts.

I've set up an 'admin' vlan on my Unifi UDM SE router that will be firewalled off against the rest of the network. It uses the 10.0.50.0 range. I set the static IP address of eno2 to 10.0.50.10, which is outside of the DHCP address range. When I save the changes, it asks for a new default gateway to replace the existing one. It would seem the replacement should be 10.0.50.1, which is specified by the router as "Host Address". My concern is that when I set it to that address, the connection on eno1, 10.0.0.187, which uses the 10.0.0.1 gateway will no longer work. Does TrueNAS maintain separate gateway in this case?

 

[Patrick M. Hausen]

TrueNAS runs on a single IP stack and can manage only one, "the" default gateway. The apps can run on a separate one and have their own IP range and gateway. But TN itself only one. This is the reason behind the "only one interface with DHCP". If you get two gateways in two networks from two DHCP servers - which one is it?

 

[cortes]

TrueNAS runs on a single IP stack and can manage only one, "the" default gateway. The apps can run on a separate one and have their own IP range and gateway. But TN itself only one. This is the reason behind the "only one interface with DHCP". If you get two gateways in two networks from two DHCP servers - which one is it?

That makes sense. So I would keep the current default gateway 10.0.0.1 to be used with the DHCP generated address 10.0.0.187. I tried that after unchecking DHCP for eno2 and specifying a static IP. I got the message about changing the default gateway. I set it back to the current default, which it didn't like. That made sense in regards to the 10.0.50.10 address. I went ahead with the test and the browser connection for 10.0.0.187 hung. Is that normal behavior? I didn't try to connect on 10.0.50.10 for fear of making things worse. The trial timed out and the 10.0.0.187 reestablished.

I could make both connections static if that would be any easier.

 

[cortes]

Your configuration is not supposed to work and will break in unexpected ways. It's unsupported. Don't do this. That's what I am saying.

Well, it looks like my connection has broken in unexpected ways. I couldn't get the switch to a static IP address to work so I decided to disconnect the second connection (eno2) to get it run without it and try to make the change later. When I disconnect it, I loose both connections. I tried disconnecting eno1 in case I had them backwards. Nothing worked when I did. I reconnected both and it's up and running. I could try disconnecting the second connection and rebooting via the IPMI interface, but I'm concerned I won't be able to get it to restart successfully.

Progress

I tried setting eno1 to a static address. That worked. Then I tried setting eno2 to a static address in the same vlan. It worked, but wiped out the first one. After doing a bunch of switches I now have eno1 as a static IP address and eno2 reset. It doesn't show an IP address on the network panel. At least I eliminated the double connection on the same network.

Once more I tried setting eno2 to 10.0.50.10. I started the test. The router had already been changed to move the port to the correct vlan. I could then ping the address, but I couldn't connect with a browser. The vlan has a vlan id set whereas the default network (10.0.0.0) doesn't. I tried add a vlan interface. That didn't work either.

 

[nabsltd]

TrueNAS runs on a single IP stack and can manage only one, "the" default gateway.

The problem is that "default" is an overloaded term.

By definition, in all systems using IP routing, there can be only one true "default" gateway. That's the one with the route to 0.0.0.0 with the lowest cost.

However, you can add more routes to 0.0.0.0 at any time...just make sure the cost is higher, and you end up with a system of multiple "default" gateways. The is the overloading of the term, where any route to 0.0.0.0 shows up as "default" if you don't disable reverse DNS resolution (e.g., "route -n").