VLANs - What am I Doing Wrong?

[EagleTG]

Hi all,

Love FreeNAS, been a big fan for quite some time. I'm changing the networking approach I'm using in building a new deployment of FreeNAS, and have hit a road block that I've been poking at for days now without being able to resolve.

Here's the super simple basic diagram of what I'm trying to achieve:

I have tried this two different ways, with an IP Address on the interface directly , and the IP on the VLAN interface instead (VLAN 120 is currently set up this way). These configurations are reflected by the screenshots below.

When configuring the IP Address on the te2/0/1 interface directly and assigning that port natively (untagged traffic) to VLAN 121, everything works, however, I would like to have FreeNAS handle the VLAN tagging. No matter what I try, I can't seem to get that to happen. Relevant portion of the switch configuration for te2/0/1:

Code:

interface Te2/0/1
switchport mode trunk
switchport trunk native vlan 121
switchport trunk allowed vlan 121

I have the following configured in the FreeNAS 11.3 UI for ix0 on vlan121:

When trying the same with my test configuration of assigning the IP Address to the VLAN, it does not seem to work. Relevant portion of the switch configuration for that interface:

Code:

interface Te1/0/1
spanning-tree portfast
switchport mode trunk
switchport trunk native vlan 120
switchport trunk allowed vlan 120

The following is the ix0 interface on vlan120:

Naturally, I've tried the above with and without the associated 'switchport trunk native' commands.

I am not utilizing Jails, hence I do not believe I need to configure any Bridges. I am also not configuring LAGG ports as I'm planning on letting iSCSI MPIO handle that side of things. This should be easy, but I'm tearing (what's left) of my hair out. I'm sure it's something I'm missing on the FreeNAS side of things.

My goal is to configure things "correctly" per FreeNAS "best practice". To that end, I'm not entirely sure if configuring the IP Address on the VLAN or Interface is "correct". As I mentioned above, I'd really like to have FreeNAS handling the VLAN tagging, and have any untagged traffic default to a VLAN other than 120 or 121. No matter what I do, nor how I configure the interfaces in the FreeNAS UI, FreeNAS doesn't seem to be properly tagging the traffic.

TL;DR - How do I get FreeNAS to properly tag VLAN on network traffic?

THANKS!

 

[EagleTG]

Just noticed a typo above the first FreeNAS screenshot, obviously that should read:
"I have the following configured in the FreeNAS 11.3 UI for ix1 on vlan121"

Assuming since I'm a noob here I can't edit, or maybe edits are globally disabled. Anyway...

 

[Samuel Tai]

When you have things set up on the FreeNAS side as desired, please provide the output of ifconfig -a and netstat -rn. Also, do you have SVI interfaces up on the switch side to handle the Layer 3?

 

[EagleTG]

Hi Samuel, thanks for the reply. Here's the output from ix1 and vlan121 which are currently set up as I'd like in FreeNAS:

Code:

ix1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9000
    description: iSCSI
     options=e407bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether e4:43:4b:c9:89:32
    hwaddr e4:43:4b:c9:89:32
    inet 172.20.121.101 netmask 0xffffff00 broadcast 172.20.121.255
    nd6 options=9<PERFORMNUD,IFDISABLED>
    media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
    status: active

... snip ...

vlan121: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9000
    description: iSCSI
    options=600703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether e4:43:4b:c9:89:32
    nd6 options=9<PERFORMNUD,IFDISABLED>
    media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
    status: active
    vlan: 121 vlanpcp: 0 parent interface: ix1
    groups: vlan

 

[EagleTG]

Also, forgot to mention, yes, the switches are working at Layer 3 in the VLAN configuration.

 

[Samuel Tai]

Have you accounted for spanning-tree portfast on the switch side? What may appear to be the setup not working may be just not waiting for the port to converge. Both switch ports need to be spanning-tree portfast trunk.

You should absolutely be able to IP the VLAN interfaces of both ix0 and ix1, and have things work as your drawing depicts. Also check your routing on the FreeNAS side via netstat -rn.

 

[EagleTG]

I also missed your request for the netstat -rn in my other two replies, so here that is:

Code:

Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.121.254    UGS        igb0 (IP Address Redacted)
127.0.0.1          lo0                UHS         lo0
192.168.120.0/22   link#1             U          igb0 (IP Address Redacted)
192.168.120.19     link#1             UHS         lo0 (IP Address Redacted)
172.20.120.0/24    link#6             U       vlan120
172.20.120.101     link#6             UHS         lo0
172.20.121.0/24    link#4             U           ix1
172.20.121.101     link#4             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               lo0                           UHS         lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lo0/64                     link#5                        U           lo0
fe80::1%lo0                       link#5                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0

One of my other teams is sensitive about their IP addresses, so I've modified two lines in the above.

 

[EagleTG]

Have you accounted for spanning-tree portfast on the switch side? What may appear to be the setup not working may be just not waiting for the port to converge. Both switch ports need to be spanning-tree portfast trunk.

The answer (at one point) was yes, but upon further review, you are correct, I was missing the portfast entry. Adding that back in (as it was on all other interfaces) corrected the situation! THANK YOU, and GOOD EYE. I think I've been staring at this for far too long. Hahah

Thanks again!!