Doubt About VLANs

izaak

New Member
Sep 13, 2018
3
0
1
30
Hey, I was reading the docs and made some tests trying to understand how VLAN works with bridges, something that I'm not used to.

As far as I understand, it looks like:
VLAN aware is for multiple VLANs on one interface/bridge and it's guest, without creating a eth.x to each x VLAN that I have, and for it works, I need to create a bridge, associate it with my desired interface, mark vlan-aware option and then, inside the VMs network interface's mark my tagged VLAN, and then mark it inside my host(in my case, pfsense WAN interface), right?

And for bridge without vlan aware, I need to create one interface eth.x for each vlan and associate it with a new bridge, it will be a bridge per vlan, and then I just put the interface on my guest network interface's tab and it will be seen by my host, right?

I tried the two approaches, but it didn't work. I think I misunderstood something in VLAN configuration, so It's just for learning purposes, if someone can clarify it a bit, I'll be very grateful :)
 
You simply create a bridge. Then you assign the VLAN tag on the GUI - it's a VM network configuration.
 
So, if I put a bridge vmbr1 with my eth.x assigned to it and then, in VM network options, assign a tag x to my interface based on the bridge vmbr1, I will see the tagged frames inside my VM, right?

So, I have a enp11s0, and I made a bridge vmbr30 with enp11s0.30 assgined to it, on GUI, and then in my VM I created a net1 with vmbr30 and tag=30. In my brctl show, it looks like:

bridge name bridge id STP enabled interfaces
vmbr0 8000.5cf3fcfd67f2 no enp6s0
tap102i0

vmbr30 8000.5cf3fcfd67f3 no enp11s0.30

vmbr30v30 8000.5cf3fcfd67f3 no enp11s0.30.30
tap102i1

So, if I tag my virtual interface(tap102i1), it creates a new enp11s0.30.30 and bridge vmbr30v30, as I understood, if I create a bridge I cannot tag it on my interface, because it will tag the vlan 2 times, is that correct?

I tried creating the bridge without tagging and it looks like:
bridge name bridge id STP enabled interfaces
vmbr0 8000.5cf3fcfd67f2 no enp6s0
tap102i0

vmbr30 8000.5cf3fcfd67f3 no enp11s0.30
tap102i1

I tried both ways, tried to search for VLAN tag in all interfaces with tcpdump(tcpdump -vv -i iface -e vlan) and it seems my tagged traffic(port is set to vlan 30 as access mode on switch) only shows on my physical enp11s0, not vmbr30 or enp11s0.30, if I can't see it on my virtual interfaces I cannot see it on my host, right? Is something that I made wrong?
 
So, if I put a bridge vmbr1 with my eth.x assigned to it and then, in VM network options, assign a tag x to my interface based on the bridge vmbr1, I will see the tagged frames inside my VM, right?

no - simply use eth (no vlan tag here) for the bridge.
 
Hi,

I tried this and didn't setup a vlan on interface of my pfsense and it worked, like in Xenserver.

If you can clarify one more doubt, if I have multiple VLANs(proxmox connected to a trunk port) on same physical interface, the best approach is using my vmbr with VLAN aware and setup the vlan tags inside my VM's network configuration?

Thanks!
 
If you can clarify one more doubt, if I have multiple VLANs(proxmox connected to a trunk port) on same physical interface, the best approach is using my vmbr with VLAN aware and setup the vlan tags inside my VM's network configuration?

Yes, this should work.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!