Configuring three zones, using two NICs and one VLAN

Premise

This is a practical guide ¹ on how to configure more zones than the available physical Network Interfaces, by taking advantage of the ability a Managed Switch to create a IEEE 802.1Q network VLAN.

This tutorial assumes that you have correctly configured the switch to assign a VLAN identifier (e.g. 220) to the port intended to carry the Blue zone subnet. Furthermore it assumes that you have two physical Network cards, one connected to the WAN and carrying the RED zone and the other connected to the switch.

Tutorial

The configuration procedure is a four step process:

1. run in the console setup and select red, green and blue network type; set the Blue zone to None and assign Green and Red to the two physical interfaces; reboot!
2. go to the Zone Configuration and assign the Blue zone to Default and VLAN, on the same NIC as your green network in native mode (see the image below), then reboot!

   

3. Go back into setup in the console, and re-assign the Blue zone to the newly created hybrid interface (here blue0@green0).
4. Go back in the Web User Interface and select DHCP Server; you should be able to configure the DHCP both for the Green subnet and the Blue one (see figure below).
   

   

Troubleshooting

If you are unable to see the Blue zone in the DHCP configuration page, open a console and run the following command: ip address show or ip a, you should see an output similar to the image below.

Please note the presence of the device blue0@green0, if you do not see this, repeat the steps from 1 to 4, and do not forget to reboot when noted in the tutorial.

Note

By default the BLUE network has a MAC filter turned on. When using the BLUE network with VLAN be aware the MAC filter might need to be disabled or each DHCP recipient to be approved. See Blue Access wiki page.