Univention network configuration with VLAN tagged

ucs-4-2

#1

Hello there,

We tried to use Univention as a virtual machine on a network tagged. Here is what we want to do:

  • UCS installed on Vmware 6.5.0a
  • vSwitch dedicated with port group tagged with VLAN 10
  • The gateway go to a pfSense virtual machine without firewall rules for the moment, we use it for network segregation.
  • Network hardware are based on a layer 2. Ports are in trunk all.

Results: With UCS, is not possible to go to the web page for configuration. If we move out of the VLAN it works.

  • UCS installed on Vmware 6.5.0a
  • UCS is configured with VLAN tag 10
  • The gateway go to a pfSense virtual machine without firewall rules for the moment, we use it for network segregation.
  • Network hardware are based on a layer 2. Ports are in trunk all.

Results: Same issue, cannot work with VLAN.

We test the solution with a CentOS to reproduce the problem. All work as we want, with VMware port group tagging and OS tagging.

Any idea?
Thank you.


#2

Hey,

you’re not entirely clear what you’ve tried as a network configuration on your UCS server. Of course you need access to the server in order to configure its networking, but that access can also be on the console, or you can add a temporary second network interface with its own IP address and connect via that interface.

In general UCS’s network configuration supports both port trunking as well as tagged VLANs. Section 8.2.4 describes network configuration. Subsections “8.2.4.1.4.3. Bonding” and “8.2.4.1.4.4. VLANs” talk about bonding and VLANs respectively.

So what I’d probably do is something like this:

  1. Move the sever out of the VLAN temporarily,
  2. add a second network interface,
  3. configure said second network interface in a way that allows you access to it without VLAN tagging even if you move the server back to that VLAN with its first network interface,
  4. move the server’s first interface back to said VLAN,
  5. use the second network interface for access to the UMC,
  6. use the UMC to configure bonding & VLAN for the primary network interface,
  7. verify the primary interface is working and
  8. remove the secondary interface again.

When you have a specific network configuration that doesn’t work (yet), then post the output of ucr search --brief interfaces/ here, please.

Kind regards,
mosu


#3

Hello Mosu,

Thanks for your reply.
I did what is described into the manual and check again with your proposal:
Please to find below what I got:

root@ucs-2050:~# ucr search --brief interfaces/
interfaces/./address:
interfaces/.
/broadcast:
interfaces/./ipv6/./address:
interfaces/./ipv6/./prefix:
interfaces/./ipv6/acceptRA:
interfaces/.
/mac:
interfaces/./mtu:
interfaces/.
/netmask:
interfaces/./network:
interfaces/.
/options/.:
interfaces/.
/order:
interfaces/./route/.:
interfaces/./start:
interfaces/.
/type:
interfaces/eth0/address: 172.29.0.10
interfaces/eth0/broadcast: 172.29.0.255
interfaces/eth0/ipv6/acceptRA: false
interfaces/eth0/netmask: 255.255.255.0
interfaces/eth0/network: 172.29.0.0
interfaces/eth0/order: 2
interfaces/eth0/start: true
interfaces/eth0/type: static
interfaces/eth1.101/address: 172.29.1.1
interfaces/eth1.101/broadcast: 172.29.1.255
interfaces/eth1.101/ipv6/acceptRA: false
interfaces/eth1.101/netmask: 255.255.255.0
interfaces/eth1.101/network: 172.29.1.0
interfaces/eth1.101/options/0: vlan-raw-device eth1
interfaces/eth1.101/order: 3
interfaces/eth1.101/start: true
interfaces/eth1.101/type: static
interfaces/eth1/ipv6/acceptRA: false
interfaces/eth1/order: 1
interfaces/eth1/start: true
interfaces/eth1/type: manual
interfaces/handler: ifplugd
interfaces/primary: eth1.101
interfaces/restart/auto:

I checked with another VM, on same network, with same vlan and configuration and it works.
Any idea?
Thanks for your time.


#4

You have two network cards configured; the first eth0 which is not tagged, the second is eth1 with a VLAN tag of 101. Make sure that

  1. the virtual machine configuration is assigning the second network card to the vSwitch using VLAN tagging and
  2. that the tagged VLAN 101 is really supposed to use addresses from the 172.29.1.0/24 range.

#5

Hi there,

Sorry for the delay, I was in holidays.

  1. Yes the virtual machine is assigning the second network card to the vSwitch using VLAN tagging.
  2. Yes, VLAN 101 will use only the addresses from 172.29.1.0/24 but Univention may reply from all network 172.29.0.0/16.
  3. VLAN Trunk are configured on all network assets, we tested the solution with a CentOS and it works.
  4. The test with Univention failed…

#6

Please post the output of ip address show.

Univention does definitely support using tagged VLAN interfaces. The only thing I can currently think of is there being a small error in the configuration of either the UCS server or the virtual machine (e.g. regarding its switch assignments).

You could also try booting the UCS VM from a rescue CD such as grml, configuring both interfaces manually the way you’ve set them up in the UCS machine and testing connectivity from there. That could give you a hint where the configuration error is (the VM or the UCS machine).


#7

Hello Moritz,

Thanks for your help.
In fact the issue was not related to VLAN Tagging… It was a misconfiguration of DNS and gateway associated, that route all packets from VLAN 101 through bad gateway.
We found this issue from shell using route cmd.

Now it works perfectly. Once a time, thanks for your support.
Cheers.