Hi everyone,
I feel like this is likely a duplicate somewhere and I am just missing to connect the dots but I need help figuring out where to start digging.
Current setup is actually rather simple:
I have a Zima board with two physical ports. One is WAN facing and one's my LAN.
After base configuration, my next goal is to have 2-3 VLANs up and be able to connect to them.
Following this post, I assigned the default lan interface to br-lan.1 and set VLAN filtering to assign all untagged traffic to VLAN 1 (I think).
This seems to work, as far as I can see because all devices still communicate normally over that interface. Then, I created two more VLAN devices br-lan.2 and br-lan.3 and with corresponding interfaces which are mostly identical to the lan interface with new IP ranges (192.168.2.1 & 192.168.3.1) and DHCP server.
In the VLAN filtering tab I set up both of them as tagged.
My main questions are:
a) is this even the way to go? I saw other posts where there was no talking about VLAN filtering. People were just creating new interfaces and the respective firewall zones and seemed to be ready to go.
b) how would I connect to one of the other VLANs. If I had multiple ports in a managed switch, I could just assign each port to a VLAN and connect my devices to it. But this is just one port that I will have to send tagged traffic to, am I right?
I have a Proxmox and an Unraid server both with VMs/Dockers and a single ethernet port each.
On the Unraid server for example, in the network config, I can setup a new VLAN connection, give that a tag and tell it to get it's IP via DHCP. However, this does not seem to be able to connect to the openwrt router on my Zimaboard.
Anyone being able to pinpoint me in the correct direction would be great help, thanks.
My /etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdef:a79f:a7db::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config rule
option in 'lan'
option src '192.168.1.0/24'
option out 'wan'
config interface 'tailscale'
option proto 'none'
option device 'tailscale0'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth0'
config device
option type '8021q'
option ifname 'br-lan'
option vid '1'
option name 'br-lan.1'
config device
option type '8021q'
option ifname 'br-lan'
option vid '2'
option name 'br-lan.2'
config interface 'GUEST_VLAN'
option proto 'static'
option device 'br-lan.2'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option type '8021q'
option ifname 'br-lan'
option vid '3'
option name 'br-lan.3'
config interface 'VM_REST_VLAN'
option proto 'static'
option device 'br-lan.3'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'eth0:t'
Some LuCi screenshots and my unraid config:
I feel like this might have been botched already. I have a checkpoint that I can return to with less fiddling around on the devices and interfaces.
Thanks in advance
