Nexapp - Network interfaces

The Interfaces and Devices page defines how NexappOS connects to your local network (LAN) and to external networks such as the Internet. From this page you can configure physical ports, create logical interfaces, and assign firewall zones.

NexappOS supports an unlimited number of network interfaces. Any network managed by NexappOS should follow these rules:

  • Networks must be logically separated
    Each network must use a different IP subnet.

  • Private networks must follow RFC1918 addressing
    LAN and internal segments should use reserved private address ranges.

  • Networks should be separated physically or logically
    Use separate switches or VLANs to isolate traffic.

Zones and Interface Roles

Every interface belongs to a zone, which defines its security behavior.
A basic router setup usually includes at least two interfaces:

  • lan
    Local/trusted network. Hosts can access any other configured network.

  • wan
    Public/untrusted network. Hosts can access only the NexappOS unit itself unless policies allow otherwise.

Interfaces and Devices Page Layout

At the top of the page, NexappOS lists configured interfaces with:

  • interface name
  • assigned zone
  • current IP mode

This gives an immediate overview of active networks and their security mappings.

At the bottom of the page, NexappOS lists available but unconfigured devices.
To set one up, click Configure next to the desired device.

New VLAN devices also appear in this lower section after creation.

IPv4 Addresses for Private Networks (RFC1918)

Private networks not directly routed on the public Internet must use reserved address ranges from IANA (RFC1918):

Private Network Subnet Mask IP Address Interval
10.0.0.0 255.0.0.0 10.0.0.1 – 10.255.255.254
172.16.0.0 255.240.0.0 172.16.0.1 – 172.31.255.254
192.168.0.0 255.255.0.0 192.168.0.1 – 192.168.255.254

Logical Interfaces

Logical interfaces are software-based virtual interfaces that add flexibility without requiring extra physical ports.

Click Add logical interface to create one of the following:

Bridge

A bridge connects two or more network segments into one logical LAN.
Devices on bridged segments communicate as if they were on the same physical network.

Typical uses: - combining multiple LAN ports
- creating a virtual LAN for VMs or containers
- extending a local segment across ports

Bond (NIC Bonding)

A bond groups multiple physical NICs into one logical interface for:

  • higher throughput
  • redundancy / failover

Supported bonding modes:

Load balancing + fault tolerance - Balance Round Robin (recommended) - Balance XOR - 802.3ad (LACP) (requires switch + driver support) - Balance TLB (driver support required) - Balance ALB

Fault tolerance only - Active backup (recommended) - Broadcast

When a bond is created, NexappOS assigns a temporary management IP:

  • 127.x.x.1/32

This IP is only used for bond management and does not forward traffic.

Important
Bond settings are not editable after creation.
To change bond properties, remove the configuration and recreate the bond.

VLAN

A VLAN (Virtual LAN) allows logical segmentation of traffic over the same physical switch. VLANs create multiple broadcast domains while sharing the same hardware.

Click Create VLAN device and choose the VLAN type:

  • 802.1Q (standard VLAN)
    Used in most enterprise and branch networks.

  • 802.1AD (QinQ / stacked VLAN)
    Typically used by service providers transporting multiple customer VLANs.

When creating a VLAN: - select the correct VLAN ID
- ensure the same VLAN ID exists on the switch

IP Aliasing

IP aliasing lets you assign multiple IP addresses to the same interface.
Most common use case: WAN interfaces with multiple public IPs.

Example: - ISP gives a pool of public IPs in one subnet
- add them as aliases on the WAN port
- manage each IP independently for NAT/port forwarding

To add an alias: 1. Click the three-dots menu (⋮) on the interface
2. Select Create alias interface
3. Enter the additional IP and confirm

PPPoE

PPPoE (Point-to-Point Protocol over Ethernet) is used to connect WAN through DSL modems.

To configure PPPoE:

  1. Select an unassigned Ethernet interface
  2. Assign it to wan zone
  3. Choose protocol PPPoE
  4. Enter ISP credentials (Username / Password)
  5. Save

PPPoE with DHCPv6 Prefix Delegation (DHCPv6-PD)

DHCPv6-PD automatically assigns IPv6 prefixes from the ISP, removing the need for manual IPv6 routing.

Requirements: - ISP must support DHCPv6 Prefix Delegation

Steps:

  1. Configure WAN
    • set WAN protocol to PPPoE
    • enable IPv6
  2. Configure LAN
    • enable IPv6
    • leave IPv6 address field empty

NexappOS will request an IPv6 prefix (usually /64) and distribute IPv6 addresses to LAN clients automatically.

USB-to-Ethernet Adapters

USB-to-Ethernet adapters are not recommended for production firewall or SD-WAN use, so drivers are not included by default.

They may be installed only for lab or experimental environments.

Warning
Extra packages and kernel modules are not kept during system upgrades.
If you upgrade the system, you may need to reinstall these drivers.

How to Install USB-to-Ethernet Drivers (Lab Use Only)

  1. Verify the adapter is detected:
lsusb

Example output:

Bus 002 Device 002: ID 0bda:8153 Realtek USB 10/100/1000 LAN
  1. Search available kernel modules:
opkg update
opkg find kmod-usb-net-\*
  1. Install the correct driver. Example:
opkg install kmod-usb-net-rtl8150
  1. Verify a new interface appears:
ifconfig -a
  1. Configure the new ethX interface from the NexappOS UI.

Previous page: Controller Next page: Zones and Firewall Rules

::contentReference[oaicite:0]{index=0}
Discard
Save
Draft
This page has been updated since your last edit. Your draft may contain outdated content. Load Latest Version

Previous Page

Left

Next Page

Right

On this page

Review Changes ← Back to Content
Message Status Space Raised By Last update on