 Tom here from Lawrence Systems, and we're going to talk about FreeNAS and VLANs, specifically related to the jails, because this is a little bit of a tricky topic. It's not as same as assigning an interface VLAN and attaching it to jail. There's an extra step, and that's what I wanted to cover, because this question seems to pop up a lot in the forums. So if you want to learn more about me and my company, head over to LawrenceSystems.com. I feel like the hires for a project, there's a hires button up at the top. If you want to support the channel out in other ways, there are affiliate links down below for products and services that we talk about this on this channel to get you deals and discounts. FreeNAS. So right here, let's start with some of the layout. IGB0 is plugged in to the same network as CXGB0. Now the distinction between the two of them is CXGB0 has an IP address on it, and IGB0 is simply plugged in. And as you can see, no addresses, no VLANs. And here's a question, and I'll link to this in the forums. And here's the other forums directly in the FreeNAS IAC systems forums. And this is breaking down how all this works. Now my steps much the same. We're not going to do it exactly like this, but this method works as well. What they're showing you is that both of these networks, and this is the same on my system, are both plugged into the same network. So these two interfaces, IX and CX, are both plugged into the same network. And they both are what you may want to refer to as a trunk port. So they have all of the VLANs heading to them. So this is an important distinction. Like I said, mine's the same way. And I can pull up my Unify setup real quick. And you can see that my LAN is 192.1683.24. We have 1337, VLAN 69, 2100. We're just going to use two of them for an example here. But trust me, all of these are set to the all option. Or as a trunk port, depending on what type of networking gear you have. But basically, these are collecting at VLAN one native. So they're going to get a 192.1683 network on the native VLAN. And then they're going to get all of the different VLANs attached to them. That way we can peel them out. So that's important prerequisite. The other prerequisite, and this is mentioned in this as well. And this is an important thing to think about. The way this works is a little bit interesting because you have to have a bridge set up. And that bridge can't have any other IP addresses for the one that it's bridging. So an example is going to be right here. CXP0 is the main IP address with one VLAN. Now for functions of FreeNAS, I want to attach 192.1683.8, which is its main IP. And the 172.1669.8 slash 24 are both physically one network adapter, but one's a VLAN. One's the 172 VLAN. And the other one is the 192.168 VLAN. Now those are both attached to this. But because of that, because they're directly attached to this interface, you can't just bridge them. This is where things get a little bit tricky. Now that other more lengthy instruction talks about how to do this with a single network card by removing the IP addresses from the command line. But it takes keyboard interactive or IPMI direct access to the FreeNAS. You remove its main IP, create another bridge, then start attaching them. My methodology is going to show how to do this with two network interfaces. And it's not that hard to get either a dual LAN card or just put a second network face in. And it kind of makes it a little bit easier. So you can have your main interface, CXPG0 or whatever your main interface is. And I could have done this with like IGB0 and IGB1. Then added a second interface that you don't assign any IP addresses to. It just plugs into the network. Now, other advantage of dual interfaces, generally this is your file server. So you're moving a lot of data. One thing about VLANs is although they break up the network, they physically share the media so your limitations are there in terms of how much speed and power you can get out of it. So there's other advantages to having more than one network card in the system. So right here's our interface IGB0 with no IP addresses, no VLANs, but it's plugged into the same network as CXPG0. Let's show first with nothing configured what this looks like. So you go over here, go to the interface setup. And we have this one, this one, ignore this. This is my storage network, something separate. We're not talking about MVLAN69. And if we look at VLAN69, parent interface is CXPG0. And what people try to do when they wanna assign a VLAN to a jail is the first, and I did this too. The logical thing is, hey, just attach this to the jail. Turns out because there's already IP addresses assigned, it won't work. So we actually have to create a bridge. But if you create a bridge against an interface that has an IP address, it also won't allow more IP addresses to it. So we're going to add another VLAN. We're gonna attach it to right here, IGB0. We'll add VLAN. And I give the name VLAN 1337, the 1337 VLAN, whoops. Which just, to be clear, that's this VLAN here. This exists on my network. It has, it's a separate network. It has its own DHCP servers. Those are, you know, a couple important factors on there. So it's a separate, has a DHCP server. We're gonna put 1337, because that's the VLAN tag. We are not going to assign an IP address to it. We're not clicking DHCP. You just leave it like this. And its parent interface is IGB0, which means this VLAN that has just the tag 1337 is gonna be tied to this. So we're gonna go ahead and hit apply. Apply changes, confirm. Yep, keep network permanently. There we go. That's a safety in case you actually disabled an address. It wouldn't be able to pop up like that. So you do have those confirmations. So now we see this right here. VLAN 1337, it's attached to IV0, but no, no, no, no IP address, no, nothing else. Now we create a bridge. Bridge, name, bridge 1337, the bridge for the jails. So simple, bridge for the jail, no big deal there. Bridge members, scroll down. VLAN 1337 is now getting bridged into here. Now, if you just wanted to create a bridge and tie it to this other network, you could have done that too. That's another option, but we wanted to tie it because we want to pull this VLAN. So we make that the member, apply, keep, there we go. So, there we go. Now we got all the changes saved. So now we have a bridge attached to this. So it's attached to this VLAN 1337 and the VLAN is then bridged to IGB0, which like I said, none of this has anything else assigned to it, and that's the important part of why it won't work. If you're trying to assign it to this interface, you can't have the interface with an IP address on it or fail. So back over here to jails. All right, we can see both of these jails are up and they're on the 192 network. What we're gonna do now is stop them. Now by default, when you just next thing you have to create the jails, they all get bridge zero. That's their default network they get and bridge zero is attached to CXGB0. So it's just gonna get the native VLAN. So we need to attach it to that new bridge we just created. So we just edit the jail, network properties. It's at bridge zero. And we'll just show you something real quick here. I have config, there's bridge zero, there's bridge 1337. And the bridge 1337 is one we just created on that 1337 VLAN. So we just change it here. One, 337. Scroll down, save. Now we just start the jail back up with the new bridge intact. And this one's still at bridge zero, the one above it. And let's just refresh the page. And now this system is at 1.1337106. Pretty straightforward. Let's create one more just to walk through the process again real quick. Go over here to network, interfaces. We add a VLAN. This one's gonna be IoT 50 because my IoT network here is 50. So IoT insecure, VLAN only. Go back over here, I'll give it that same name. IoT insecure, IoT 50, type VLAN, VLAN tag of 50. Now of note, I called it IoT 50 but actually I need to call it VLAN 50, I'm sorry. VLAN 50, I could call it VLAN 5000. It's just so it has a name but it does have strict naming conventions. VLAN start with VLAN bridge, start with bridge. But you can put different numbers after it but for sanity sake, putting VLAN 50 after it with VLAN tag 50, that makes it easy to figure out, okay, this is all related to VLAN 50. We choose the parent interface for this which this is our IGB zero like we did before. Apply, confirm, apply, keep, all right. So there's our VLAN 50 and then we add a bridge. Bridge, name, IoT insecure for bridge 50. So we have a name, bridge numbers is gonna be this VLAN, apply, apply, keep, all right. So now we have this one. So we have both of them are tied to IGB zero which has no IP address or anything assigned not like the CXGB ones. And we're gonna go over here to the jails again. And this jail's at 192.168.3190. This one's still at the 1313.37.16. So go ahead and stop this jail, stop, edit, network properties. And with bridge 50, save, start it back up, refresh it so it shows the IP address and a DHCP server gave it 192.16850.105 on the bridge. So it's gonna give you an idea how you can bridge things over, how you can set them inside of different VLANs attached to here and by using a separate network card that has no actual directly assigned IP on there, it'll save you some of the trouble that is in this longer write up of how to bridge the main interface as well if you did it with one network interface like was done with here. So I find this way to be a little bit easier but both ways are there. This is pretty long write up and it has some more details. So I'll leave this so you can do some for the reading to get some deeper understanding but I wanted to run through the basics of it to get people an idea because this gets requests a lot. Now, plugins go inside of jails. So yes, this applies to plugins as well. I just didn't install any plugins to set this up. I just built the jails myself to get them going for the purpose of this demo. All right, thanks. And thank you for making it to the end of the video. If you liked this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon if you'd like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com, fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you wanna carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general, even suggestions for new videos that are accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.