[SOLVED] Q-in-Q VLAN

Started by seed, February 14, 2022, 09:34:48 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 14, 2022, 09:34:48 AM Last Edit: February 14, 2022, 10:08:30 AM by seed
I know that OPNsense removed Q-in-Q VLAN support. Reference:
Quotehttps://github.com/opnsense/core/issues/2078


However i still testet the configuration out of curiosity togehter with vrf-lite:
Since the GUI does not support this the configuration needs to be done in the commandline.
Code Select

    # create vlan Interface on top of physical Interface
    ifconfig vlan1000 create vlandev igb0 vlan 1000 vlanproto 802.1ad up

    # create vlan Interface on top of vlan Interface
    ifconfig vlan42 create vlandev vlan1000 vlan 42 inet 10.5.42.1/24

Removing configuration:
Code Select
    ifconfig vlan42 destroy
    ifconfig vlan1000 destroy


Together with an Interface wich is configured in a second routing table:

Code Select
    setfib 1 ifconfig vlan1000 create vlandev igb0 vlan 1000 vlanproto 802.1ad up
    setfib 1 ifconfig vlan42 create vlandev vlan1000 vlan 42 inet 10.5.42.1/24

Removing configuration:
Code Select
    setfib 1 ifconfig vlan42 destroy
    setfib 1 ifconfig vlan1000 destroy



#Disclaimer: I have not testet this other than commandline setup.

It would be amazing if OPNsense could introduce this feature in the upcoming versions. I know that this is an edge case that will be used by a small amount of users yet it would enable certain setups like Fiber connections that need a vlan that is delivered by the provider. Inside of this vlan one can configure multiple vlans with multiple PPPoE interfaces. Those Interfaces need to be in different Q-in-Q VLANs and Routing tables.
For comparison a setup like that is possible with Mikrotik or Cisco.
i want all services to run with wirespeed and therefore run this dedicated hardware configuration:

AMD Ryzen 7 9700x
ASUS Pro B650M-CT-CSM
64GB DDR5 ECC (2x KSM56E46BD8KM-32HA)
Intel XL710-BM1
Intel i350-T4
2x SSD with ZFS mirror
PiKVM for remote maintenance

private user, no business use
February 14, 2022, 10:00:32 AM #1
Well, the old Q-in-Q was netgraph based and therefore removed. The new one you see is new since OPNsense 22.1 / FreeBSD 13 and a ticket already exists:

https://github.com/opnsense/core/issues/5560

And it's also published on the roadmap. ;)

https://opnsense.org/about/road-map/


Cheers,
Franco
February 14, 2022, 10:10:36 AM #2
Quote from: franco on February 14, 2022, 10:00:32 AM
Well, the old Q-in-Q was netgraph based and therefore removed. The new one you see is new since OPNsense 22.1 / FreeBSD 13 and a ticket already exists:

https://github.com/opnsense/core/issues/5560

And it's also published on the roadmap. ;)

https://opnsense.org/about/road-map/


Cheers,
Franco



Thank you for the clarification. I am happy to see how OPNsense has evolved over the past few years.
i want all services to run with wirespeed and therefore run this dedicated hardware configuration:

AMD Ryzen 7 9700x
ASUS Pro B650M-CT-CSM
64GB DDR5 ECC (2x KSM56E46BD8KM-32HA)
Intel XL710-BM1
Intel i350-T4
2x SSD with ZFS mirror
PiKVM for remote maintenance

private user, no business use
Print
Go Up Pages1
User actions