Homelab

371 readers

3 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 1 year ago

MODERATORS

communick@selfhosted.forum

rglullis

Server unreasonable from other VLANs. Help! (alien.top)

submitted 11 months ago by Hangman4358@alien.top to c/homelab@selfhosted.forum

12 comments fedilink hide all child comments

Server unreachable from other VLANs. Help!

Hey guys, not aure of this is the right place or better somewhere like r/homenetworking or r/homeserver.

I am in the process of setting up an Omada network and am running into VLAN issues.

Right now have 2 VLANs. Vlan 1 is the management vlan and Vlan 10 is the home vlan. Vlan 1 contains my home server and I am trying to get devices on Vlan 10 to connect to the server. It runs things like jellyfin and my home automation stuff.

I have not set up any ACLs and so as I understand it with Omada all vlans should be able to talk to all other vlans.

From the server I can ping other devices on the 10 vlan, but only devices on the 1 vlan can ping the server or connect to its services.

The server is running Ubuntu 22.04 and all the services are running in docker behind traefik for TLS with let's encrypt.

I don't really understand why the server can ping things on the 10 vlan and get a response but the things on 10 can't. And at this point I don't even know where to go next.

Any ideas??? Pointers?

you are viewing a single comment's thread
view the rest of the comments

[–] hereisjames@alien.top 1 points 11 months ago (1 children)

It's probably ultimately to do with whether you've set the correct port profiles on the switch and whether you've set the right IP addresses.

I started writing an explanation of VLANs, tags, trunk and client ports, and IP addresses but it quickly got long and I'm sure other people have done a much better job explaining elsewhere, so I suggest you do a bit of background reading or watching.

But, very briefly - you configure switch ports through profiles. The profiles say which VLANs are sent through that port.

If there is more than one VLAN being sent through a port the switch will send traffic tagged with the VLAN it belongs to, you need to configure the device connected to the port to understand those different VLAN tags, have more than one IP address, etc. These are usually called trunk or tagged ports on the switch. The switch expects to receive Ethernet traffic from the device already tagged with which VLAN it belongs to. If it receives a frame from the device without a VLAN tag, it will usually put it in the default VLAN, which is 1 on most switches.

If the device is just on one VLAN, the switch port facing it needs to be told it is a client or untagged port on that VLAN. Then it will remove the VLAN tag before it sends traffic so your device only sees standard Ethernet frames and it doesn't need to understand VLANs at all. When your device sends traffic, the switch will put the right VLAN tag on it before sending it onwards. If you don't tell the switch which VLAN the port belongs to, it will usually assume 1. You need to make sure your device has an IP in the right range for the VLAN it's in.

[–] Hangman4358@alien.top 1 points 11 months ago

Thank you so much. I just spent too much time looking at it yesterday. Fresh eyes and the gist of this got me there.

Turned out to be multiple issues. The switch port the server is connected to was not a client port like you said. I just totally overlooked this. I has all my ports set to client ports for their specific device just not the server...

And then it turns out I has the server configured to have a static IP with a subnet mask of /16 instead of /24. Fixed those two things and bam! works as expected.