bonded/vlan/dhcp-guest networking example


New Member
Jun 28, 2018
I had a lot of trouble doing this, but it all seems to be working now, so I'd like to share for the next someone doing a search.

Scenario: corporate environment with a single standalone Proxmox VE (5.3) instance. The host has dual interfaces, which need to be bonded, and there's a dedicated vlan just for Proxmox. The Proxmox host is also going to be providing DHCP for the guests.

VLAN 1066;
(/23 network means to are available IP addresses, and is broadcast)

Proxmox host:
DHCP range: to

I arbitrarily decided the upper half should be for DHCP and the lower half for static addresses. For convenience I also put the host in the same vlan that the guests will be using, although the "core services" VLAN could have also fit. For superstitious reasons, I avoid .0 and .255 addresses in the middle of a network. I also earmark .1 to .31 for network equipment.

To get the host online, I have to bond eno1 and eno2, connect the guest's vmbr0 to the bond, create a vlan bond and vlan bridge, and put the host's IP address on that vlan bridge. (Mode "802.3ad" is the same as mode "4" on the Centos systems I'm used to working with. In the mode both interfaces are used at once, and it's fault tolerant of one going away.) Here's /etc/network/interfaces for that:

iface eno1 inet manual

iface eno2 inet manual

auto bond0
iface bond0 inet manual
        slaves eno1 eno2
        bond_miimon 100
        bond_mode 802.3ad

iface bond0.1066 inet manual

auto vmbr0v1066
iface vmbr0v1066 inet static
        bridge_ports bond0.1066
        bridge_stp off
        bridge_fd 0

auto vmbr0
iface vmbr0 inet manual
        bridge_ports bond0
        bridge_stp off
        bridge_fd 0

For guests to use the network, they are placed on vmbr0 with (vlan) tag 1066. Statically assigning IP addresses on the guests is straightforward, they do not need to be vlan aware. Getting DHCP assignments working was another adventure.

I struggled and struggled with isc-dhcp-server and eventually removed it to install dnsmasq. With a bit of experimentation, I got that to work.

apt install dnsmasq
echo 'conf-dir=/etc/dnsmasq.d/,*.conf' >> /etc/dnsmasq.conf

(The entirety of the stock /etc/dnsmasq.conf is comments, including an example conf-dir statement just like that one.)

Then I created a /etc/dnsmasq.d/proxmox.conf and eventually got it to work with this:

# Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.


#          start     ,end         ,netmask


# terse log

Followed by a "service dnsmasq start". When that gave errors (for earlier revisions), I found "grep dnsmasq /var/log/daemon.log | tail" more useful than the suggested "journalctl -xel". Proxmox itself is kinda verbose in /var/log/daemon.log hence grep and tail instead of just tail.

The /usr/local/bin/dhcp-logger is a simple script I wrote that records all of it's arguments with a timestamp to a file in /var/log/. The dnsmasq program will call it for adds, deletes, and releases with MAC address, assigned IP address, and the client provided hostname.


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!