VLAN Support

[BrunoVic]

Good morning. I was in the process of going from a single network to multiple networks to allow my Unifi Controller Docker to pass multi VLAN traffic onto the trunk link for multiple WiFi SSIDs. The problem I am running into is that on the UNRAID host the main interface insist on getting an IP address. I don't want the main interface to get an IP address. I just want to set up each individual VLAN and assign IP address to those. So instead IF I don't give the main interface an IP address it assigns itself an APIPA address instead. The problem is that now the Docker containers inherit that IP address and it throws the whole network off. The temp work around I've made so far is that on the trunk link I've assigned a native VLAN of the server VLAN so that the main interface would be happy. But now my switch isn't happy because I have TWO native VLANs and it's causing confusion. What I ultimately want to do is to stop the main interface from trying to get an IP address.

[BrunoVic]

Is there anyone who knows about networking that can answer this question please?

[Vr2Io]

On 8/11/2021 at 8:52 PM, BrunoVic said:

Unifi Controller Docker to pass multi VLAN traffic onto the trunk link for multiple WiFi SSIDs.

In fact, not quite understanding your question or problem, your WiFi have multiple VALN then you need router gateway suppprt this too, otherwise couldn't routing out to internet.

 

Unifi docker just a network management tool for UBNT equipment, it only need to attach management subnet (one of VALN subnet).

 

You use Unraid as VLAN router ?

[BrunoVic]

37 minutes ago, Vr2Io said:

In fact, not quite understanding your question or problem, your WiFi have multiple VALN then you need router gateway suppprt this too, otherwise couldn't routing out to internet.

 

Unifi docker just a network management tool for UBNT equipment, it only need to attach management subnet (one of VALN subnet).

 

You use Unraid as VLAN router ?

Yes I already have a router/gateway supporting this. I have a pfSense firewall running multiple VLANs and a Cisco 2960 switch set up with the VLAN trunks to pass multi-VLAN traffic. The problem I have is that in order to get the WAP working with the controller AND have a trunk interface going to the WAP the host(UNRAID) that the controller is on needs to be configured for trunk as well. Otherwise the controller can no longer see the WAP. The ONLY way the controller can see the WAP without a trunk is if I give the interface that the WAP is on an access port on the same VLAN the host (UNRAID) is on. ONLY then can the controller see the WAP. Unfortunately doing that makes it impossible for the WAP to pass multi-VLAN traffic and the WAP doesn't work as it should.

[BrunoVic]

Here is a updated Visio diagram. I had the numbers backwards.

 

 

Edited August 19, 2021 by BrunoVic
Fourth time is a charm

[Vr2Io]

In my opinion, it is not network problem. It is Unraid / docker not support multiple subnet/VLAN access, this should be know issue.

 

May be someone have solution, may be add multiple docker for same service for different subnet/VLAN or make a reverse proxy between Unraid and the switch. But I haven't those experiences.

[BrunoVic]

So if you see the diagram and explanation hopefully you can understand my predicament. My goal was to make 1 and 2 both trunk interfaces so that the AP might see the controllers if the controllers docker interface was configured with a VLAN id on the host (UNRAID). However when I configure VLAN ids on the host (UNRAID) it expects the main interface to still have an IP address otherwise it assigns an APIPA (169 address) and the docker bridge wants to use that 169 address instead of a specific VLAN.

[BrunoVic]

5 minutes ago, Vr2Io said:

In my opinion, it is not network problem. It is Unraid / docker not support multiple subnet/VLAN access, this should be know issue.

 

May be someone have solution, may be add multiple docker for same service for different subnet/VLAN or make a reverse proxy between Unraid and the switch. But I haven't those experiences.

No I kinda get what you're saying. It's somewhat a networking problem but you're right it's an engineering design problem. I'm just hoping someone might have dealt with this and can give me some insight.

[bonienl]

On 8/11/2021 at 2:52 PM, BrunoVic said:

I don't want the main interface to get an IP address

 

Unraid needs the main interface to operate, you can not move it to a VLAN.

[Vr2Io]

10 minutes ago, BrunoVic said:

So if you see the diagram and explanation hopefully you can understand my predicament. My goal was to make 1 and 2 both trunk interfaces so that the AP might see the controllers if the controllers docker interface was configured with a VLAN id on the host (UNRAID). However when I configure VLAN ids on the host (UNRAID) it expects the main interface to still have an IP address otherwise it assigns an APIPA (169 address) and the docker bridge wants to use that 169 address instead of a specific VLAN.

OK, which VALN ID is main / management ? And Unraud in which VlLAN ?

Clearly, switch to Unifi AP must be trunk.

[Vr2Io]

9 minutes ago, bonienl said:

 

Unraid needs the main int Yes to operate, you can not move it to a VLAN.

Right, so simple set the management VLAN be untag when connect with Unraid and no need add different VLAN in Unraid.

Edited August 19, 2021 by Vr2Io

[BrunoVic]

4 hours ago, Vr2Io said:

OK, which VALN ID is main / management ? And Unraud in which VlLAN ?

Clearly, switch to Unifi AP must be trunk.

VLAN 30

[Vr2Io]

Just now, BrunoVic said:

VLAN 30

So pls set VLAN30 to Unraid with untag.

[BrunoVic]

4 hours ago, Vr2Io said:

Right, so simple set the management VLAN be untag when connect with Unraid and no need add different VLAN in Unraid.

That's what I am currently doing now. I have the native VLAN set to 30. The problem is that because the switch is STIGed to have an unused VLAN for the native VLAN which causes a native VLAN mismatch alert on my switch.

[Vr2Io]

If you set native ( management ) VLAN 30 in your switch, does Unraid port also in 30 and your commander PC port also in 30 ?

In simple say at least assign one port in native VLAN is normal, otherwise how you manage your switch.

Edited August 20, 2021 by Vr2Io

[BrunoVic]

14 hours ago, Vr2Io said:

If you set native ( management ) VLAN 30 in your switch, does Unraid port also in 30 and your commander PC port also in 30 ?

In simple say at least assign one port in native VLAN is normal, otherwise how you manage your switch.

I have a Management VLAN 10. I've set the default gateway on the switch to point to the gateway IP in VLAN 10. I have a jumper server that straddles two VLANs one in the User LAN and one in the Management VLAN. From there I am able to hit the management IPs of all devices that need to be managed through an RDP/VNC session.

[charlescc1000]

Did you ever solve this?  I believe I am having the same problem.

 

I am using pfSense & Unifi (both switch & AP).

My network is as follows:

VLAN1 - Unifi Management Network

VLAN20 - Home users

VLAN60 - Servers/Admins

 

I would simply assign the port on my Unifi switch to VLAN60 for the Unraid server, except the Unifi Controller (running on Unraid) needs VLAN1 for the management VLAN.

So I think the correct move is to make the switch profile (in the unifi controller) for the Unraid server as follows:

VLAN60 Native network + VLAN1 tagged.

 

Then on the Unraid side, setup the Unifi Controller docker to use the interface on VLAN1 instead of the standard bridge interface.

 

Can anyone provide confirmation or further suggestions?

[jcofer555]

for me i have my unraid on my switch with the management lan on untagged vlan same as my WAP, and for both the unraid and the WAP the ports on my switch have tagged vlans matching the vlans on the unifi controller for my wifis and all works, no vlan support in unraid turned on at all.

[Flemming]

I think I have the same issue, kind of.

I have been using UNRAID as a client (vlan not enabled) on VLAN 24 (configured on cisco switch). I also have a pfSense Router where untagged traffic is the management network and all other networks has vlans.
pfSense

 

My cisco is very default, 1 is default vlan

 

I try to install the UniFi Controller, so I first enabled vlan on UnRAID with vlan 24 as the first one. Looks like this is "native" for the UnRAID now? And it works, I can manage man unraid server with 10.0.24.10, an all my containers has 10.0.24.10:port.

So I tested adding a vlan "vlan1" that should how I understand it be the same as untagged. But how it looks, it is on br0.1 i don't know if this means it's tagged or if it is just a name for the virtual vlan nic(??)

 The unifi-controller is set to use Custom : br0.1 -- LAN_native_vlan, and it is as shown in the picture assigned (automatic?) 10.0.1.2.
But that address is not leased by pfSense, did UnRAID lease it from itself? It is not accessible. I think it might be two different vlan 1's here?