Segregate one VLAN from rest of network

I was about to tell you that I did, but I rebooted just to make sure I had before, and the interface did show up after that.

I’m still testing, but I do believe the worst is behind me now!

EDIT: And all is good! @bonnietwin 's post is the holy grail solution to zoned VLAN routing on IPFire!

• At initial setup, set the Blue zone to None, and Ignore the warning about it.
• In the WUI, set the Blue zone to Default, and VLAN, on the same NIC as your green network.
• Reboot
• Go back into setup in the console, and re-assign the Blue zone to the newly created hybrid interface (blue0@green0 in my case)
• Back in the WUI, you’ll now have access to the Blue DHCP server, which you can configure as you see fit.

A HUGE thank you to everyone who helped with this!

***I definitely think we need to add this information to the various wikis; I had studied the documentation and forums quite a bit before asking and I for sure didn’t see any mention of having to go through an extra round of console setup in order to get a VLAN running along side a native NIC. This will be quite a boon to the many users who ask about VLAN setup in the forums.

@darkhand First, congratulations on your success. I commend the way you acted in troubleshooting your system. This thread is very important as it will help other users of IPFire to learn to use a feature that has a sizeable request level and is very poorly documented. For that you and @bonnietwin did a very good thing. If @jon agrees, I will write a new entry on the wiki condensing all the info that have emerged in this thread.

As a curiosity, can I ask if /var/ipfire/ethernet/settings now has an entry like BLUE_DEV=blue0@green0? Any other change in that file and in /var/ipfire/ethernet/vlans?

Thanks @cfusco !

I actually don’t see a reference to blue0@green0 in either of the files, only when I run ip a. Might there be another setting file? The strange Blue MAC address from before is still present however, probably a randomized virtual MAC.

The contents of my /var/ipfire/ethernet/settings file after everything:

BLUE_STP=
BLUE_NETADDRESS=192.168.2.0
RED_DHCP_FORCE_MTU=
GREEN_ADDRESS=192.168.1.1
GREEN_NETADDRESS=192.168.1.0
GREEN_MODE=
GREEN_DRIVER=r8169
ORANGE_SLAVES=
BLUE_SLAVES=
GREEN_MACADDR=00:01:2e:xx:xx:xx
GREEN_NETMASK=255.255.255.0
GREEN_STP=
RED_DHCP_HOSTNAME=router
RED_NETADDRESS=0.0.0.0
RED_DRIVER=e1000e
GREEN_SLAVES=
BLUE_MODE=
RED_DEV=red0
RED_DESCRIPTION='"pci: Intel Corporation Ethernet Connection I219-LM (rev 21)"'
GREEN_DEV=green0
BLUE_ADDRESS=192.168.2.1
RED_MODE=
GREEN_DESCRIPTION='"pci: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c)"'
RED_NETMASK=0.0.0.0
ORANGE_MODE=
RED_MACADDR=00:01:2e:xx:xx:xx
DEFAULT_GATEWAY=0.0.0.0
RED_TYPE=DHCP
RED_ADDRESS=0.0.0.0
RED_STP=
ORANGE_MACADDR=
CONFIG_TYPE=3
BLUE_MACADDR=02:5b:8b:xx:xx:xx
BLUE_NETMASK=255.255.255.0
RED_SLAVES=
ORANGE_STP=
BLUE_DEV=blue0
BLUE_DESCRIPTION='"???: Unknown Network Interface (blue0)"'
BLUE_DRIVER='Unknown Network Interface (blue0)'

Contents of /var/ipfire/ethernet/vlans:

ORANGE_VLAN_ID=
RED_MAC_ADDRESS=
BLUE_MAC_ADDRESS=02:5b:8b:xx:xx:xx
GREEN_MAC_ADDRESS=
RED_VLAN_ID=
GREEN_PARENT_DEV=
RED_PARENT_DEV=
ORANGE_MAC_ADDRESS=
GREEN_VLAN_ID=
BLUE_VLAN_ID=2
ORANGE_PARENT_DEV=
BLUE_PARENT_DEV=00:01:2e:xx:xx:xx

[root@router ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: green0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
    link/ether 00:01:2e:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 scope global green0
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc cake state DOWN group default qlen 1000
    link/ether 0c:54:15:xx:xx:xx brd ff:ff:ff:ff:ff:ff
4: blue0@green0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
    link/ether 02:5b:8b:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 scope global blue0
       valid_lft forever preferred_lft forever
5: red0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
    link/ether 00:01:2e:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 24.1.xxx.xxx/22 brd 255.255.255.255 scope global dynamic noprefixroute red0
       valid_lft 211128sec preferred_lft 167928sec

yes. I agree.

@jon Where this tutorial should go in the wiki?

How about under the Zone Config page:

https://wiki.ipfire.org/configuration/network/zoneconf/vlan2nic

Thank you for documenting this!

EDIT: and thank you for creating the fcron wiki page. looks good!

@jon I created the page with that link. However, right now it is orphaned. I am not sure where to link it. Can I have your opinion? Thank you Jon.

I added it above the spanning tree section:

This has been a very helpful resource and so far I am liking IPFire. May I make a suggestion though about the VLAN guide? Since the suggestion is to use GREEN-RED-BLUE, there probably needs to be a section that mentions that by default, BLUE has a MAC filter turned on and that it would need to be disabled or each DHCP recipient to be approved. I spent over an hour trying to figure this out and finally came across the section about the Blue zone info. Overall great product and I am super excited to get to know IPFire, I am a long time pfSense user, but wanted to try something different.

done!

a note was added on the " Configuring three zones" wiki page.

I recognize this is a solved topic, but can I make a case to include something at the top of the Zone Config page to include the table from this page (wiki.ipfire.org - Step 5: Network Setup) that outlines what each zone is intended for?

done. a brief note was added to the zone config page.

Thank you very much