I've tried mocking this up on my network with mixed results. I have an external interface enp2s0f0 so VLAN 10 would be enp2s0f0.10. If I set:
enp2s0f0 - external, DHCP
enp2s0f0.10 - external, DHCP
Then it fails.

If I set:
enp2s0f0 - external, Static
enp2s0f0.10 - external, DHCP
Then it works.

Similarly setting enp2s0f0 to LAN, DHCP fails, so it seems that the secret is to set the underlying interface to static. I would also suggest trying to set it to LAN otherwise it may be an idea to install the MultiWAN app as well as ClearOS may treat you as having 2 external interfaces.

Thanks Nick. I’ve been trying different configurations too, no success. What static IP did you use set enp2s0f0 to, and how was it related to any other IP ranges? I guess what I’m trying to figure is did you use the one assigned by the ISP, and what would happen if that changed?

This was only a mock up with a ClearOS server on my LAN connecting to a ClearOS gateway. The ClearOS LAN server gets 172.17.2.5 on enp2s0f0 by DHCP. I set up a VLAN on my gateway on the 10.20.30.1/24 subnet. enp2s0f0.10 managed to pull an IP from 10.20.30.1 when I set enp2s0f0 to static 172.17.2.5, when it was both LAN and External.

Do you need DHCP on the underlying interface as well?

On a standard router connected to the ONT, the WAN connection is DHCP, but only connects if you can define a VLAN. I’ve had trouble using older routers as their interfaces don’t allow you to create a VLAN on the WAN interface. In your example then, enp2s0f0 is defined as EXTERNAL, DHCP. It gets whichever current IP the ISP dishes out. What I need to do is add a VLAN to enp2s0f0 to get enp2s0f0.10 as my ISP wants a VLAN tag of 10. The issue though is that the ISP could change the IP over time, so if I set enp2s0f0 to whichever static the ISP dished out and it changes, everything would stop working. So both enp2s0f0 and enp2s0f0.10 need to be DHCP.

Note from the ISP modem setup guidelines:
“If you are connecting to Fibre, your modem must support WAN VLAN tagging with IPoE”

Then I am afraid I don't know how to do it or how to troubleshoot. I suspect the culprit is a program called syswatch (which is a ClearOS program) which is written in perl. I have no idea how to debug it and have no experience of perl. I do note there is a flag in /etc/syswatch which enables a debug mode but I have never tried it.

Nick Howitt wrote:

Then I am afraid I don't know how to do it or how to troubleshoot. I suspect the culprit is a program called syswatch (which is a ClearOS program) which is written in perl. I have no idea how to debug it and have no experience of perl. I do note there is a flag in /etc/syswatch which enables a debug mode but I have never tried it.

Would that then mean ClearOS can’t work in this scenario? So it can’t operate as a gateway when the WAN needs to have a VLAN tag?

It looks like it for the moment, I am afraid.