Skip to main content

Multiple VLANs on a Synology NAS

Synology, like other SOHO/SMB NAS vendors, touts VLAN functionality with their current DSM 4.1 software. However, the web interface just lets you specify one VLAN tag to use over each eth interface (or bond interface).

Manual approach

In the busybox environment that you can ssh into as root (after enabling ssh through the webinterface), there's all the tools you need to use multiple VLANs over one link (eth or bond), however:
First you insert the 802.1q module into the Linux kernel:
 /sbin/lsmod | /bin/grep -q 8021q || /sbin/insmod /lib/modules/8021q.ko
Then you add each VLAN you need to every interface (bond0 in this example)
 /sbin/vconfig add bond0 4
And finally you can configure IP addresses on every interface.vlan combination (bond0.4 in this example)
 /sbin/ifconfig bond0.4 192.168.4.1 broadcast 192.168.4.255 netmask 255.255.255.0
The same type of script would work on a QNAP NAS too, by the way. They offer 8021q.ko and vconfig in their commandline environment as well.
Packets from the bond0 interface leave the device untagged, packets from the bond0.4 interface leave with a tag specifying VLAN 4.
Be aware that these settings only last until the next reboot.

Synology approach (future?)

Synology has its own set of utilities that are used by the webinterface to manage devices. The network interface settings are managed by /usr/syno/sbin/synonet. This utility sets up bonded interfaces, IP addresses, and VLAN entries. However, the utility has the same limitations as the web interface (for unknown reasons): creating a VLAN unconfigures the untagged interface you're working on, and you can't add a second VLAN on the same interface.
It would be nice if synonet could get multi-VLAN support, as all the necessary options seem to be there already. Feature request, Synology?
Labels:

Comments

Bert de Bruijn said…
An additional note: if you want to present iSCSI targets on manually created VLAN interfaces, you have to add a line to the corresponding /etc/sysconfig/network-scripts/ifcfg-IF.VLAN file (e.g. ifcfg-bond0.15) specifying the IP address IPADDR=192.168.15.2 . If you don't do this, nothing will be listening on port 3260 on this interface
6/1/13 16:12
Anonymous said…
I have tried this but get "/lib/modules/8021q.ko: Permission denied" although I am log in as admin. the other question I have will this code be resident after reboot or upgrade?
28/7/13 00:02
Unknown said…
Admin doesn't have privileges from the command line. Log in as root with the same password as admin.
28/8/13 16:57
Aaron Von Gauss said…
This comment has been removed by the author.
17/9/13 06:51
Aaron Von Gauss said…
I definitely can't take credit for it as I found it on another blog, but another way is to configure the bonding interface with two or more ports, assign a default VLAN ID such as 1 for 802.1q tagging. Once this is done, SSH in to the box and make clones of the /etc/sysconfig/network-scripts/ifcfg-bond0.1 file for each additional VLAN you want to support (changing the filename, DEVICE and VLAN_ID as appropriate). By assigning a 802.1Q tag to the default channel, DSM will automatically manage kernel modules.

Using this method, DSM should bring up the VLAN interfaces automatically and even (at least in 4.3) exposes them via the GUI albeit with limitations. You can manage the IP addresses / MTU from the GUI for the additional VLAN interfaces as well and it will survive a reboot. I haven't tested with all other services, but I can say basic file sharing, NFS and iSCSI will also automatically start up on the cloned VLAN interfaces.
17/9/13 06:54
Bert de Bruijn said…
This article has another approach (and links back here): http://www.ucguerrilla.com/2013/10/provisioning-synology-nas-to-support.html
10/3/14 22:33
Post a Comment

Popular posts from this blog

Volkswagen UHV bluetooth touch adapter & its problems

My Volkswagen car has the "universal cellphone preparation" UHV built-in. This is the main part of a car kit, but requires an additional adapter for connecting to a cellphone. At first, I was using an adapter for my good old Nokia 6310, even after I changed to the Nokia E71. Connecting was easy: pair the phone with the "VW UHV" bluetooth entity, and done. This has the phone connected to the car kit at all times, so even non-call-related functions use the car audio system (e.g. voice recognition). But progress will have its way, no matter what happens. So in comes the "bluetooth touch adapter". Instead of a phone-specific adapter, this is a small touchscreen device that slots into the UHV dashboard mount. Connecting a phone is very different now: the Bluetooth Touch Adapter connects to the "VW UHV" device via bluetooth the phone connects to "Touch Adapter" device, also via bluetooth The device doesn't allow step 2 if step 1 didn'...
12 comments
Read more

Reset lost root password on vSphere ESXi 6.7

VMware's solution to a lost or forgotten root password for ESXi is simple: go to  https://kb.vmware.com/s/article/1317898?lang=en_US  and you'll find that "Reinstalling the ESXi host is the only supported way to reset a password on ESXi". If your host is still connected to vCenter, you may be able to use Host Profiles to reset the root password, or alternatively you can join ESXi in Active Directory via vCenter, and log in with a user in the "ESX Admins" AD group. If your host is no longer connected to vCenter, those options are closed. Can you avoid reinstallation? Fortunately, you can. You will need to reset and reboot your ESXi though. If you're ready for an unsupported deep dive into the bowels of ESXi, follow these steps: Create a bootable Linux USB-drive (or something else you can boot your server with). I used a CentOS 7 installation USB-drive that I could use to boot into rescue mode. Reset your ESXi and boot from the Linux medium. Ident...
Post a Comment
Read more

GEM WS2 MIDI System Exclusive structure and checksums

MIDI is the standard for communication between electronic music instruments like keyboards and synthesizers. And computers! While tinkering with an old floppy-less GEM WS2 keyboard, I wanted to figure out the structure of their System Exclusive memory dumps. SysEx is the vendor-specific (and non-standard) part of MIDI. Vendors can use it for real-time instructions (changing a sound parameter in real-time) and for non-real-time instructions (sending or loading a configuration, sample set, etc.). In the GEM WS2, there's two ways of saving the memory (voices, globals, styles and songs): in .ALL files on floppy, and via MIDI SysEx. The .ALL files are binary files, 60415 bytes long. The only recognizable parts are the ASCII encoded voice and global names. The SysEx dumps are 73691 bytes long. As always in MIDI, only command start (and end) bytes have MSB 1, and all data bytes have MSB 0. The data is spread out over 576 SysEx packets, preceded by one SysEx packet with header informat...
23 comments
Read more