All ready a couple of years I try to separate my TrueNAS connections into
one vlan for management (the GUI)
one for data (SMB / iSCSI / NFS)
And despite trying a lot, I do not manage. The problem is that the TrueNas core functionality is only using one gateway, being the default gateway and that does not work
So If I define two vlan’s only the one having the default gateway works. So the only option seems to be to combine the two mentioned data streams in one vlan/interface. I sincerely hope that I am wrong !!!
I tried all kind of things. Using bridges and not using bridges. Using DHCP at the remote site and without dhcp (what I in this case prefer).
The only ridiculous way which works, but I do NOT want to go that way, is to use a local direct connected PC to a local port same lan so not gateway needed, for the management. Using the default gateway for the data stream.
So I really really hope that it is possible that there is an option to split data & management.
Does any one know how !!??
.
Note
This question relates to the NAS-core functionality. VM’s do communicate which the assigned vlan, no problem there!
It sounds like you are accessing both the management and the services from non-local networks.
You can separate management and production traffic for locally connected networks by having the clients connect to the correct IP address (regardless of VLAN or physical network).
I’m not sure you are going to be able to separate management from production traffic to remote sites unless you were using static routes to get between the different sites. This is a networking limitation, not really a limitation of TrueNAS.
In CORE you cannot separate UI and SMB, all on the same IP stack. Not entirely sure about SCALE but I suspect the situation has not changed. You can have e.g. SMB accessible only from certain addresses but it will all use the same routing table etc.
I think it is !! I complained about it all ready years ago!!
By the way my old TrueNas system is Core the new one is Scale.
The only working option, which I do not like, but perhaps are going to implement is the following:
put a little 4x 2.5 + 2x SPP+ switch in front of the NAS
connect the incoming fiber to one of the SFP+
connect the trunk to the other SFP+
route the mngt-lan as included in the fiber to one of the 2.5g-ports
connect that switch port untagged to a NAS-UTP-port
create in the NAS brx being the management bridge
make the mngt-lan as arriving from the fiber to that bridge
(it does not work, but hopefully in the future)
also connect the UTP port to that bridge
provide that bridge with an ip out of the managment lan subnet
on the firewall in front of the NAS outbound NAT traffic towards the NAS mngt lan in such a way that in coming traffic seems to arrive from inside the mngt lan (to be precise the mngt lan gateway)
In this way the mngt lan connected via the added switch and utp does behave as a localy connected PC
I completely agree this is ridiculous … but so is the situation that the NAS still does not route traffic as it IMHO should !!
