Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Isolating NICs

Featured Replies

I have some confusion about now unRAID is handling network adapters. I have two, physical adapters configured as follows:

eth0 - plugged into port 15 on my switch, configured with 172.16.17.252

eth1 - plugged into port 16 on my switch, configured with 172.16.17.251

Now, when I disable either of those ports on the switch, BOTH addresses will still answer. It's confusing to me, as I would expect one link to be down (unRAID says it is) but yet both IPs answer to pings. Why I'm confused is that I want to setup a VLAN for my Dockers and also segregate network traffic coming in on either interface from media servers (eg, some map NFS via .252 and some via .251 for primitive "load balancing").

I have the Dockers VLAN (666) setup as br.1 on eth1 and it's working... but I just don't know if it's sending over BOTH interfaces somehow as all traffic seems to traverse even if the port that .251 is plugged into it disabled. If I disable BOTH ports then all traffic stops, as expected.

Here's the hardware output and unRAID screens... I will attached logs / diags as well in case those help. I am just confused, and it's HIGHLY likely I'm just dumb :)

There is something interesting, the switch shows a third MAC address attached to port 15 ... not sure what this is or how it's being used.... image attached.

*** I think this is solved, I enabled bridging on eth0 and that mac went away, it was being added as vhost0, after enabling bridging on eth0 this went away ***

Screenshot 2025-06-22 at 4.07.17 AM.png

Screenshot 2025-06-22 at 4.16.16 AM.png

Screenshot 2025-06-22 at 4.16.01 AM.png

Screenshot 2025-06-22 at 4.15.33 AM.png

Screenshot 2025-06-22 at 4.15.15 AM.png

angband-diagnostics-20250622-0420.zip

Screenshot 2025-06-22 at 4.32.47 AM.png

Edited by Kristopher

  • Community Expert

eth0 toook primary as in linux you can't have 2 nics on teh same subnet.

eth0 - plugged into port 15 on my switch, configured with 172.16.17.252

eth1 - plugged into port 16 on my switch, configured with 172.16.17.251

run iproute. You will see that the subnet for 172.16.17.252 is set for routing the 172.16.17.0/24 thus any ting on unraid trying to reach the 172.16.17.x lan will use eth0 per the data of the iproute

*This is where you would setup bonding...

UNRIAD is not networking equipment! ...

further, you have Linux networking in unraid issues with tagged vs untaged...
"I have the Dockers VLAN (666) setup as br.1 on eth1 and it's working"

for the unriad interface to correctly use vlan 666 the interface needs to be setup and made as br0.666 and or eth0.666

In network setting in the web ui make sure you enable vlans and add valn 666. Unless your using a layer 3 switch and doing weird vlan cross talk br.1 is a network misconfiguration...

so whats your end goal here???

  • Author
1 hour ago, bmartino1 said:

eth0 toook primary as in linux you can't have 2 nics on teh same subnet.

eth0 - plugged into port 15 on my switch, configured with 172.16.17.252

eth1 - plugged into port 16 on my switch, configured with 172.16.17.251

run iproute. You will see that the subnet for 172.16.17.252 is set for routing the 172.16.17.0/24 thus any ting on unraid trying to reach the 172.16.17.x lan will use eth0 per the data of the iproute

*This is where you would setup bonding...

UNRIAD is not networking equipment! ...

further, you have Linux networking in unraid issues with tagged vs untaged...
"I have the Dockers VLAN (666) setup as br.1 on eth1 and it's working"

for the unriad interface to correctly use vlan 666 the interface needs to be setup and made as br0.666 and or eth0.666

In network setting in the web ui make sure you enable vlans and add valn 666. Unless your using a layer 3 switch and doing weird vlan cross talk br.1 is a network misconfiguration...

so whats your end goal here???

Thank you for your thoughtful and quick reply, remember when I said "there's a huge chance I'm just dumb" ?

It, of course, makes sense about the two NICs on the same subnet, I can see that now, thank you.

I wasn't trying to imply anywhere that unraid was networking equipment

My end goal was to see if I could segregate traffic between media servers - one going to NIC 1 and the other to NIC 2.

I had tried LACP and RR bonding (yes, my switch supports LACP) but I didn't really see much of a difference.

I also wanted to visualize how much traffic was flowing over either interface.

So, in the interim now, I set my eth1 to be 10.67.2.30 (the outside of my /27 range for the Dockers network on my router).

ETH0 - 172.16.17.252, VLANS (1021 for media servers)

ETH1 - 10.67.2.30, VLANS (666 for Dockers)

When I tested by downloading something, I can now see traffic flowing on the eth1 interface.

I'm aiming to isolate the heavy traffic of downloading away from the media serving, hence the two physical adapters on two separate switch ports.

  • Community Expert

ok this seems feasible.

Your correct. Apologies if that came off cross. Its something I have to keep reminding myself and inform other. Not mush changes with LACP and I have found that even with bonding it will defer to etho0 until eth0 is not available.

more info on unriad setup with LACP:

https://forums.unraid.net/topic/124311-counfiguring-8023ad-lacp/

most use unifi: https://gist.github.com/sems/f3b2f10ea0fb30d6f6fade841a12dfae

your experience with LACP is common. On Unraid, the benefits are often minimal unless you’re aggregating traffic across multiple clients or running iSCSI/NFS at scale. Also, Docker and LACP often conflict, with Docker preferring a single NIC (usually eth0), making bonding a bit moot in this context.


Since we are now separating 2 eth interfaces with Vlans. We will need to make sure the output on unraid interfaces show eth0.1021 and eth1.666
with the array off under settings > Network settings. There is a add vlan option.

Since both are mainly dockers based. You would need to make 2 docker networks to the tagged vlan interfaces to cross talk.

Unraid docker run doen't allow for more then 1 docker connected at a time. so full separation and isolation may not be 100% fesible.
Networking on Unraid can be confusing.

once you get unraid to see the 2 interfaces "eth0.1021 and eth1.666"

and have the docker setting to preserve user defined networks, you can create 2 docker networks. and inform the dockers on unraid to be on this net or that net, but not both at the same time.

(atleast not easily... there a side unraid command to attach networks to running dockers..)
* docker network connect media_net my_container


You're absolutely right to separate traffic this way: using eth0 for media (on VLAN 1021) and eth1 for Docker downloads (on VLAN 666) makes a lot of sense and gives you clear monitoring and path separation.

Once you’ve configured Unraid to show:

  • eth0.1021 → for media-serving containers

  • eth1.666 → for download-heavy containers

# For media servers on eth0.1021

docker network create -d macvlan \

--subnet=172.16.17.0/24 \

--gateway=172.16.17.1 \

-o parent=eth0.1021 \

media_net

# For downloaders on eth1.666

docker network create -d macvlan \

--subnet=10.67.2.0/27 \

--gateway=10.67.2.1 \

-o parent=eth1.666 \

download_net

-Adjust the subnet/gateway to match your real network layout, of course.

  1. Make sure Settings > Docker has “Preserve user-defined networks” set to Yes before starting the Docker service.

  2. Each container can only be on one custom network at creation in the Unraid UI. If you need multiple networks, you can:

Or use docker-compose via compose.manager plugin...


  • Author
15 minutes ago, bmartino1 said:

ok this seems feasible.

Your correct. Apologies if that came off cross. Its something I have to keep reminding myself and inform other. Not mush changes with LACP and I have found that even with bonding it will defer to etho0 until eth0 is not available.

more info on unriad setup with LACP:

https://forums.unraid.net/topic/124311-counfiguring-8023ad-lacp/

most use unifi: https://gist.github.com/sems/f3b2f10ea0fb30d6f6fade841a12dfae

your experience with LACP is common. On Unraid, the benefits are often minimal unless you’re aggregating traffic across multiple clients or running iSCSI/NFS at scale. Also, Docker and LACP often conflict, with Docker preferring a single NIC (usually eth0), making bonding a bit moot in this context.


Since we are now separating 2 eth interfaces with Vlans. We will need to make sure the output on unraid interfaces show eth0.1021 and eth1.666
with the array off under settings > Network settings. There is a add vlan option.

Since both are mainly dockers based. You would need to make 2 docker networks to the tagged vlan interfaces to cross talk.

Unraid docker run doen't allow for more then 1 docker connected at a time. so full separation and isolation may not be 100% fesible.
Networking on Unraid can be confusing.

once you get unraid to see the 2 interfaces "eth0.1021 and eth1.666"

and have the docker setting to preserve user defined networks, you can create 2 docker networks. and inform the dockers on unraid to be on this net or that net, but not both at the same time.

(atleast not easily... there a side unraid command to attach networks to running dockers..)
* docker network connect media_net my_container


You're absolutely right to separate traffic this way: using eth0 for media (on VLAN 1021) and eth1 for Docker downloads (on VLAN 666) makes a lot of sense and gives you clear monitoring and path separation.

Once you’ve configured Unraid to show:

  • eth0.1021 → for media-serving containers

  • eth1.666 → for download-heavy containers

# For media servers on eth0.1021

docker network create -d macvlan \

--subnet=172.16.17.0/24 \

--gateway=172.16.17.1 \

-o parent=eth0.1021 \

media_net

# For downloaders on eth1.666

docker network create -d macvlan \

--subnet=10.67.2.0/27 \

--gateway=10.67.2.1 \

-o parent=eth1.666 \

download_net

-Adjust the subnet/gateway to match your real network layout, of course.

  1. Make sure Settings > Docker has “Preserve user-defined networks” set to Yes before starting the Docker service.

  2. Each container can only be on one custom network at creation in the Unraid UI. If you need multiple networks, you can:

Or use docker-compose via compose.manager plugin...


Thanks for clarifying, and I totally get being frustrated -- I am actually in IT and I know dealing with constant newb questions can get tired fast.

I'm not very strong in networking (trying to get better) and it's things like vlans etc where my brain starts to hurt.

To clarify I'm not using unraid for the streaming, only the NFS storage that the media servers pull from.

I have both NICs bound to the MEDIA SERVERS vlan (in case I want to move one server onto that physical NIC.

I attached screenshots so they make better explain what I'm not great at :)

Screenshot 2025-06-22 at 1.54.27 PM.png

Screenshot 2025-06-22 at 1.53.58 PM.png

Screenshot 2025-06-22 at 1.53.44 PM.png

Screenshot 2025-06-22 at 1.55.55 PM.png

  • Community Expert

ok, Is something not working in that configuration?

https://www.youtube.com/watch?v=0xk7LsWwp2I
https://www.youtube.com/watch?v=9Ta9e09KyYw


You may need to go to listening interfaces to edit what br0 is connected too...

the unraid webui affects eth0 / br0 depending on other settings.

image.png

thus the use of terminal and other command line commands to make another bridge interface for eth1 and tagged vlan.


an example is making a linux bridge our seves... no web UI as the Web UI is limited to what its interacting. This requires Decker setting preserver user defined enabled.

Then I can only suggest running:

#!/bin/bash
set -e
VLAN=666
BR=br1
IF=eth1
SUBIF=${IF}.${VLAN}
BR_SUB=${BR}.${VLAN}
DOCKER_NET=my_br1_vlan60

echo "=== CLEANUP any existing VLAN/interface/bridge ==="
ip link delete ${BR_SUB} 2>/dev/null || true
ip link delete ${SUBIF} 2>/dev/null || true
ip link delete ${BR} 2>/dev/null || true

echo "=== CREATE BRIDGE and attach ${IF} ==="
ip link add name ${BR} type bridge
ip link set dev ${BR} up

ip link set dev ${IF} up
ip link set dev ${IF} master ${BR}
echo "-- ${IF} added to ${BR}"

echo "=== CREATE VLAN sub-interfaces VLAN ${VLAN} ==="
ip link add link ${IF} name ${SUBIF} type vlan id ${VLAN}
ip link set dev ${SUBIF} up

ip link add link ${BR} name ${BR_SUB} type vlan id ${VLAN}
ip link set dev ${BR_SUB} up

echo "-- VLAN sub-interfaces ${SUBIF} and ${BR_SUB} up"

echo "=== SET IP on ${BR_SUB} (optional) ==="
# Uncomment and edit as needed
# ip addr add 10.10.60.11/26 dev ${BR_SUB}

echo "=== CREATE Docker bridge network on ${BR} ==="
docker network inspect ${DOCKER_NET} >/dev/null 2>&1 || \
docker network create \
-d bridge \
--opt "com.docker.network.bridge.name=${BR}" \
${DOCKER_NET}

echo " Setup complete. Docker network: ${DOCKER_NET} attached to bridge ${BR}."
echo "You can launch containers using: docker run --network ${DOCKER_NET} …"


What this script does:

  • Bridge setup: Creates br1 and enslaves eth1

  • VLAN tagging:

    • eth1.60: handles VLAN 60 traffic

    • br1.60: the bridge’s VLAN interface

  • Docker network: Uses Docker’s --opt com.docker.network.bridge.name=br1 to bind the new br1 bridge into Docker

  1. Adjust VLAN=60 to your desired VLAN ID.

  2. Assign IP to br1.60 if this host needs IP reachability on that VLAN.

  3. Remove optional IPv4 block if you’d prefer DHCP.

  4. Ensure your physical switch port is set to trunk VLAN 60 (or untagged per your info)

    then you can target a macvlan/ipvlan for static ip for docker with the above mentioned docker network create command.

Edited by bmartino1
data - typo

  • Author
18 hours ago, bmartino1 said:

ok, Is something not working in that configuration?

https://www.youtube.com/watch?v=0xk7LsWwp2I
https://www.youtube.com/watch?v=9Ta9e09KyYw


You may need to go to listening interfaces to edit what br0 is connected too...

the unraid webui affects eth0 / br0 depending on other settings.

image.png

thus the use of terminal and other command line commands to make another bridge interface for eth1 and tagged vlan.


an example is making a linux bridge our seves... no web UI as the Web UI is limited to what its interacting. This requires Decker setting preserver user defined enabled.

Then I can only suggest running:

#!/bin/bash
set -e
VLAN=666
BR=br1
IF=eth1
SUBIF=${IF}.${VLAN}
BR_SUB=${BR}.${VLAN}
DOCKER_NET=my_br1_vlan60

echo "=== CLEANUP any existing VLAN/interface/bridge ==="
ip link delete ${BR_SUB} 2>/dev/null || true
ip link delete ${SUBIF} 2>/dev/null || true
ip link delete ${BR} 2>/dev/null || true

echo "=== CREATE BRIDGE and attach ${IF} ==="
ip link add name ${BR} type bridge
ip link set dev ${BR} up

ip link set dev ${IF} up
ip link set dev ${IF} master ${BR}
echo "-- ${IF} added to ${BR}"

echo "=== CREATE VLAN sub-interfaces VLAN ${VLAN} ==="
ip link add link ${IF} name ${SUBIF} type vlan id ${VLAN}
ip link set dev ${SUBIF} up

ip link add link ${BR} name ${BR_SUB} type vlan id ${VLAN}
ip link set dev ${BR_SUB} up

echo "-- VLAN sub-interfaces ${SUBIF} and ${BR_SUB} up"

echo "=== SET IP on ${BR_SUB} (optional) ==="
# Uncomment and edit as needed
# ip addr add 10.10.60.11/26 dev ${BR_SUB}

echo "=== CREATE Docker bridge network on ${BR} ==="
docker network inspect ${DOCKER_NET} >/dev/null 2>&1 || \
docker network create \
-d bridge \
--opt "com.docker.network.bridge.name=${BR}" \
${DOCKER_NET}

echo " Setup complete. Docker network: ${DOCKER_NET} attached to bridge ${BR}."
echo "You can launch containers using: docker run --network ${DOCKER_NET} …"


What this script does:

  • Bridge setup: Creates br1 and enslaves eth1

  • VLAN tagging:

    • eth1.60: handles VLAN 60 traffic

    • br1.60: the bridge’s VLAN interface

  • Docker network: Uses Docker’s --opt com.docker.network.bridge.name=br1 to bind the new br1 bridge into Docker

  1. Adjust VLAN=60 to your desired VLAN ID.

  2. Assign IP to br1.60 if this host needs IP reachability on that VLAN.

  3. Remove optional IPv4 block if you’d prefer DHCP.

  4. Ensure your physical switch port is set to trunk VLAN 60 (or untagged per your info)

    then you can target a macvlan/ipvlan for static ip for docker with the above mentioned docker network create command.

No things seem to be working fine. I can see media traffic on eth0 and docker traffic on eth1 now.

I am just concerned about saturating the eth0 now, lol. Perhaps I'll add another NIC at some point - or try to get some of the media servers onto eth1 too (just to offload a bit).

It's definitely made a difference during heavy download periods -- however, there was a point where eth0 was registering 1.2Gbps lol.

  • Author
4 minutes ago, bmartino1 said:

cool. I don't remember the linux command to check.

But I do know some 10 GB nics don't advertise they are 10 GB connections.

Example with some realtek as seen here:
https://forums.unraid.net/topic/141349-plugin-realtek-r8125-r8126-r8168-and-r815267-drivers/#findComment-1279775

No, they're not 10Gb -- VMware think they are as VMXNET adapters.

They're regular, old, 1Gb Realteks in the unRAID.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.