Hello,
I have finally received my Comet Pros and was wondering if there is a way to configure a VLAN on the device itself. I do not see an option to be able to in the GUI and can not make heads or tails within the CLI.
I can certainly make the switch side of the connection force use of the VLAN but since these will be moving around a fair bit, it would be a lot better to be able to set the VLAN on the KVM side.
Is anyone able to provide any insight on how to accomplish this?
Thanks
Meaning that all the ethernet ports the device will be physically connected to are trunk ports? Trunk ports are usually carefully controlled/restricted. From a security pov, having a bunch of open trunk ports available to plug a kvm into doesn’t seem the best approach.
If it was at an office or place of work, I agree. It’s my homelab / WFH setup so its not as big of a concern.
Honestly, I don’t really see much of a difference. If it’s a sufficient setup to need VLANs, then it should be worthy of VLAN security.
However, the fact that it’s a small network with a single admin raises another question: Why would you connect the KVM itself to different VLANs to begin with? Why wouldn’t you keep the KVM at a fixed address in whatever VLAN you prefer?
That is precisely what I am trying to achieve. I can set a static IP on the device itself but can not assign the interface on the KVM to a VLAN through the GUI. It looks like it has been figured out on the Slate 3 but I have not really looked in to how they achieved the goal or if it would even be possible to do on the Comet.
Again, I know I can do it on the switch interface side which is currently what I am doing but I do plan to move these around enough to make it an annoying task to configure the switch every time I want to move one.
You should use an access port on your switch rather than a trunk port.
I am aware. Thank you for your concern. I would like to remain on topic about my ask and not on my personal setup.
The requirement of being able to set the VLAN on the device doesn’t appear to make sense from a networking or security point of view. You indicated agreement with this, saying “if it was at an office or place of work, I agree. It’s my homelab / WFH setup so its not as big of a concern.”
Your personal setup is the use case, so discussing the ask in the context of your personal setup makes perfect sense. I’m still not able to ascertain the rationale for the requirement.
You can follow the tutorial below to complete the VLAN compatibility configuration:
#1. Remove the existing IP address from the interface(This step is listed because, in this specific case, the physical interface eth0 had somehow obtained an IP address.)
ip addr del <ipaddr>/<netmask> dev <ifname> scope global
#2. Create the VLAN interface
ip link add link <ifname> name <vlan-ifname> type vlan id <vlanid>
#3. Bring the VLAN interface up
ip link set dev <vlan-ifname> up
#4. Assign an IP address to the VLAN interface
ip addr add <ipaddr>/<netmask> dev <vlan-ifname>
#5. Add the default route
ip route add default via <gateway> dev <vlan-ifname>
#6. Configure the DNS servers, add them to /tmp/resolv.conf. Note: Testing shows this step must be performed first for proper operation; placing it later does not work.that placing it at the beginning doesn't work; it needs to be placed at the end.)