Solved Don't get VLAN (DHCP) ip address on my Virtual Machine Guest

For my office I am trying to set up a VLAN for a (Nextcloud) VM which is running on top of a FreeBSD server, which is running behind a pfSense firewall and a Mikrotik Switch.

The VLAN 30 is created on the pfSense firewall and is connected to a DHCP server on pfSense. (See the ifconfig of pfSense on the left column on enclosed picture. The VLAN (ix1.30) config is encircled in red.)

Freebsd-VLAN-instellingen.jpg

click picture to enlarge

On the Mikrotik Switch the 30 ID TAG is enabled (and recognized) on both the incoming (SFP1) and outgoing (S01-IGB0) port. (See the top middle column on enclosed picture encircled in red.)

As the DHCP server is on the pfSense machine, on Freebsd I only generated a (virtual) nic with the following command:

ifconfig igb0.30 create vlan 30 vlandev igb0

Which activated the (virtual) nic (on enclosed picture encircled in red on the bottom middle column.)

In the network settings of the (Nextcloud) VM, I actived igb0.30 as the nic to be used.

But when I boot the VM, it is waiting several minutes for the network to be configured, which never happens. (See enclosed picture encircled in red on the bottom right column)

Therefor it is my impression that the VM does not get an IP-Address from the (pfSense) DHCP server. But as there is very little documentation about setting up VLAN's on Freebsd, especially about this situation where Freebs is NOT the DHCP server, but just functions as a pass trough station, I don't know if I did this the rightway.

So I wonder:
  1. If I do something wrong in the setup of the freeBSD part in this particular situation? If so, how should it be done then? Suggestions are very welcome.
  2. If things are set up right by me as far as it concerns the FreeBSD part, I would appreciate it very much if somebody could enlighten what I might be doing wrong in the pfSense or MikroTik part.
 
FOUND IT: I I had set the vlan name wrong. I declared the vlan as igb0.30 and it should have been vlan30

The command should have been:
ifconfig vlan30 192.168.30.1 netmask 255.255.255.0 vlan 30 vlandev igb0

Also the ip address of the pfSense DHCP server must be included now in order to work. And than the pfSense DHCP server assigns a valid (and working) IP-Address
 
I declared the vlan as igb0.30 and it should have been vlan30
The name of the interface is actually irrelevant. When you create the VLAN with rc.conf like this:
Code:
vlans_em1="1 10 11 20"
ifconfig_em1_1="inet 10.0.0.1 netmask 255.255.255.0"
ifconfig_em1_10="inet 192.168.10.1 netmask 255.255.255.0"
ifconfig_em1_11="inet 192.168.11.1 netmask 255.255.255.0"
ifconfig_em1_20="inet 10.0.1.1 netmask 255.255.255.0"
You'll get em1.1, em1.10, em1.11 and em1.20.
 
The name of the interface is actually irrelevant. When you create the VLAN with rc.conf like this:
Code:
vlans_em1="1 10 11 20"
ifconfig_em1_1="inet 10.0.0.1 netmask 255.255.255.0"
ifconfig_em1_10="inet 192.168.10.1 netmask 255.255.255.0"
ifconfig_em1_11="inet 192.168.11.1 netmask 255.255.255.0"
ifconfig_em1_20="inet 10.0.1.1 netmask 255.255.255.0"
You'll get em1.1, em1.10, em1.11 and em1.20.

That is weird. That really is the only thing I changed to get it working. Changing ifconfig igb0.30 create .... into vlan30 create .... on the command line. I did not configure it yet in the rc.conf because I could not get it working. Could the . (dot) between igb0 and 30 be the reason why it did not work?

As you can see the interface mac address is still the same:

2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:79:03:39 brd ff:ff:ff:ff:ff:ff
inet 192.168.30.52/24 brd 192.168.30.255 scope global dynamic enp0s3
valid_lft 6743sec preferred_lft 6743sec
inet6 fe80::a00:27ff:fe79:339/64 scope link
valid_lft forever preferred_lft forever
 
You probably forgot to add up. So the interface was still administratively down. When you configure an interface with an IP address it's automatically enabled. You don't need to add an IP address to the VLAN interface if you're going to bind a jail or VM to it. But you must set the interface to up.
 
You probably forgot to add up. So the interface was still administratively down. When you configure an interface with an IP address it's automatically enabled. You don't need to add an IP address to the VLAN interface if you're going to bind a jail or VM to it. But you must set the interface to up.

I really don't know what I am doing wrong. I have set the vlan in rc.conf exactly the way you showed

Code:
#config vlan's
vlans_igb0="30"
ifconfig_igb0_30="inet 192.168.30.1 netmask 255.255.255.0"

and after
Code:
service netif restart
or
Code:
reboot
i get
Code:
igb0.30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=600703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,RXCSUM_IPV6,TXCSUM_IPV6>
ether a0:36:9f:34:de:0c
inet 192.168.30.1 netmask 0xffffff00 broadcast 192.168.30.255
groups: vlan
vlan: 30 vlanpcp: 0 parent interface: igb0
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
the same result if I do
Code:
vlans_igb0="30"
ifconfig_igb0.30=up

But then again the vlan is NOT WORKING

The only way I get the VLAN working in my Ubuntu 20.04 VM is with these commands on the CLI

ifconfig vlan30 create
ifconfig vlan30 192.168.30.1 netmask 255.255.255.0 vlan 30 vlandev igb0


And I could make it persistent with
Code:
ifconfig_vlan30=up
to rc.conf (without declaring vlans=)

I am glad I got it working somehow, though I don't understand why it only works this way and not the way you showed.
 
I think one of the problems you're facing is not understanding the difference between tagged and untagged and you're mixing those up. That was, for me, the trickiest bit when I started working with VLANs. When are packets tagged and when are they not. And knowing how to go from tagged to untagged and vice versa.
 
You probably forgot to add up. So the interface was still administratively down. When you configure an interface with an IP address it's automatically enabled. You don't need to add an IP address to the VLAN interface if you're going to bind a jail or VM to it. But you must set the interface to up.

It is very well possible that you are right and I will study this subject better. But then I still don't understand how I got it working anyway by just changing the word "igb0" with "vlan". Maybe I get an answer to that after I better studied the ins and outs of tagged vs untagged.

Thanks anyway
 
I also can't understand the difference between these concepts, could you explain the difference clearly. Also I have a small IT business and I needed to develop a VLAN on a VM in advance. And I had similar problems. I had to do this on a virtual machine because I have a registered office address in London to participate in tenders and competitions, where the location of the company plays a big role. I was able to solve this problem thanks to this topic, but I couldn't understand why this is happening.
 
Last edited:
Back
Top