[SOLVED] Additional VLAN Aware Bridge Working but VLANs not going through uplink

B

Bene124

New Member
Jun 26, 2023
11
0
1
Dear *,

I recently added an additional Linux Bridge vmbr1 and a VM with VLAN 10. The Uplink to the Ubiquiti Switch is eno3. My configuration is as follows (really simple):

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

auto eno3
iface eno3 inet manual

auto eno4
iface eno4 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.10.0.5/21
        gateway 10.10.0.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge-ports eno3
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

But the Ubiquiti DHCP Server in VLAN 10 is not responding for the VM so I did tcpdump -i vmbr1 -ne:

Code: 
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vmbr1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:54:36.306067 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
11:54:44.415825 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
11:55:00.384952 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
11:55:32.730023 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
11:55:35.964081 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
11:55:43.901671 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300

Is there anything wrong or why is it not reaching the network on the switch? Just for verification I also attached a screenshot of the switch port configuration (Verwaltung is vlan 10 so should be allowed).

Regards

1687773864907.png
 
With "uplink" I think you mean "trunk port" ?
A trunk port is Tagged, so it can carry multiple vlans.
Your trunk port 19 is configured as Untagged.
 
Yeah sorry, the port 19 is indeed a trunk, native vlan is called untagged and allowed vlans is nearly everything including 10... so should actually be correct right?
 
Bene124 said:
Yeah sorry, the port 19 is indeed a trunk, native vlan is called untagged and allowed vlans is nearly everything including 10... so should actually be correct right?
Click to expand...

What other settings are there in that drop down menu (Untagged (2000))
For me this Untagged setting makes no sense if it has to be a trunk port.
But I do not own or use Ubiquiti gear.
 
Spoonman2002 said:
What other settings are there in that drop down menu (Untagged (2000))
For me this Untagged setting makes no sense if it has to be a trunk port.
But I do not own or use Ubiquiti gear.
Click to expand...
You can select another vlan or none (this is just same as native vlan in other vendors hardware). BTW also untagged vlan 2000 has a dhcp server for getting ip addresses....
 
Last edited:
I tried but there is no all (unfortunately this dropdown is impossible to screenshot) even if I untick traffic restrictions. Can we somehow debug form proxmox shell?
 
Bene124 said:
I tried but there is no all (unfortunately this dropdown is impossible to screenshot) even if I untick traffic restrictions. Can we somehow debug form proxmox shell?
Click to expand...

Can this switch do trunking at all? I did a Google search and people complained about not being able to create an trunk port.
Is this the first trunk port you are configuring, or is there already an existing trunk port in that switch?
 
Absolutely I have same setup with Synology and no Problems. Configuration is as follows: 1687779878467.png
 
Right.
I still think Untagged 2000 is wrong.
Your other screenshot says : Network default and no Traffic Restriction.
Try that please in the 'problem' switch.

Try to configure the switch with a working port, and from there on you can restrict more and block/allow more.
 
Spoonman2002 said:
Right.
I still think Untagged 2000 is wrong.
Your other screenshot says : Network default and no Traffic Restriction.
Try that please in the 'problem' switch.

Try to configure the switch with a working port, and from there on you can restrict more and block/allow more.
Click to expand...
Ok exactly same switch port config as on working synology screenshot above and tried a dhcp lease in win vm with ipconfig /renew...

Result exactly the same:

Code: 
root@pve:~# tcpdump -i vmbr1 -ne
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vmbr1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:09:11.728255 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
16:09:15.521060 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
16:09:19.474736 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
16:09:27.474932 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
16:09:43.163359 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
16:10:14.664727 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
16:10:18.648627 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
16:10:27.148839 46:ce:86:8d:15:8f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 46:ce:86:8d:15:8f, length 300
 
Spoonman2002 said:
Is it because vmbr1 has no Gateway so it cannot find it's way back?
Click to expand...
Ok I switched Ubiquiti back to Untagged (2000) and edited the interface config:
Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

auto eno3
iface eno3 inet manual

auto eno4
iface eno4 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.10.0.5/21
        gateway 10.10.0.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge-ports eno3
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr1.10
iface vmbr1.10 inet static
        address 10.10.0.6/21
        gateway 10.10.0.1

Funny things are happening now, I can reach Proxmox Web UI via 10.10.0.6:8006 on VLAN 10 but not the VM !!! I am slowly giving up....
 
The funny things continue, I just switched the hardware port to eno4 and unplugged network cable. Suddenly it worked. So I wanted to reproduce and rebootet the proxmox host. After that all VMs are no longer booting which are connected to vmbr1 because of a timeout.... what the hell....
 
Bene124 said:
The funny things continue, I just switched the hardware port to eno4 and unplugged network cable. Suddenly it worked. So I wanted to reproduce and rebootet the proxmox host. After that all VMs are no longer booting which are connected to vmbr1 because of a timeout.... what the hell....
Click to expand...

There can be only ONE Gateway......you have two.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back