Troubleshooting VLANs on a LACP Bond

[NeedsMoreRGB]

          | pfSense |       | Test Host |
                 |             |
|---------|     |----------------|     |---------|
| TrueNAS |<--->| Aruba 2530-48G |<--->| Proxmox |
|---------|<--->|----------------|<--->|---------|

I'm having trouble getting VLANs passed to Proxmox. My network details are as follows:

-VLAN 100 is defined on pfsense and is properly associated with the LAN interface.


-Firewall rules for that VLAN are wide open for testing purposes.


-I have a DHCP server running on VLAN 100 from pfSense, and I can see a physical client (Test Host) on port 27 from the switch with VLAN 100 get an IP from the DHCP server.


-On Proxmox, I have configured two lan ports into a bond (bond0) for lacp with the switch. Proxmox uplinks on ports 1&2 on the switch. I have tried several different configurations in /etc/network/interfaces but none have resulted in giving me the ability to assign a VLAN tag to a VM, either by tagging the VM itself in the network config for the VM, or with a tagged bridge interface.

-Attempt 1


-Attempt 2

-Attempt 3


-Attempt 4


Any tips or recommendations are appreciated!

 

[NeedsMoreRGB]

I should have mentioned this earlier - running on Proxmox VE 8.1.4

 

[mjtbrady]

Using the Proxmox GUI there is no way that I am aware of to configure the network such that VLAN tags make it to the VM.

You need to add a third interface (assuming you just have a WAN and LAN at the moment) to the pfSense VM. At the VM level configure that for VLAN100 and in pfSense just add that as a third interface (no VLAN).

If you really want/need the tagged traffic to make it to the VM you will need to edit the VM's config file. Look for the "trunks=" in the manual.

 

[NeedsMoreRGB]

Using the Proxmox GUI there is no way that I am aware of to configure the network such that VLAN tags make it to the VM.

You need to add a third interface (assuming you just have a WAN and LAN at the moment) to the pfSense VM. At the VM level configure that for VLAN100 and in pfSense just add that as a third interface (no VLAN).

If you really want/need the tagged traffic to make it to the VM you will need to edit the VM's config file. Look for the "trunks=" in the manual.

pfSense is a physical host in this scenario. I have a very similar configuration to this setup on a single host system on a different lab network.

-Working configuration, VLAN Tags can be assigned to VMs and LXCs without issue.


-This configuration, on the server with a bond, doesn't pass VLANs. The actual LACP bit works fine.

 

[mjtbrady]

Apologies. I misunderstood your original email.

Your last network config is correct. It is how my systems are set up. Apart from using VLAN1 which is generally a bad idea, but this shouldn't be causing an issue. Attach the VM to vmbr0 and specify the VLAN you want in the VM config.

Given that this isn't working I would look at the switch configuration. I do not have any experience with Aruba switches, but are you sure that you have configured the VLAN(s) on the bond interface (not the underlying interfaces assigned to the bond)?

 

[NeedsMoreRGB]

So, I now have this working. DHCP for whatever reason is not flowing to VMs, but I can work around that currently. I had previously configured dynamic VLANs with LACP on the two switch ports I was uplinking to. Those apparently will only ever carry the default VLAN on HP / Aruba switches.
I went back and reconfigured the same two switch ports:
-into a trunk (trk1)
-then applied LACP to the trunk
-then applied the VLANs (1 untagged, 100 tagged, etc.) to the trunk.

I now see VMs with a VLAN tag assigned populating the MAC address table in the appropriate VLAN on the switch. Statically assigning an IP, Gateway, etc. allows the VM to route its traffic out through pfSense, etc.

This was a switch misconfig issue on my part, not a Proxmox issue.
-Thanks for your input @mjtbradty