[SOLVED] Can't see VLAN IPs in the VMs from other devices connected to the same switch.

baby

New Member
I have a proxmox node configured with several VLANs on the same physical interface connected to an HP managed switch (HP-A5120).

I was using VLANs 100 and 101, each with it's own LAN addresses, on several VMs with no problem.

I added a new VLAN (4093) and two VMs within proxmox see each other on this new VLAN, however, they don't see other devices on the same VLAN connected to the same switch.

This is the /etc/network/interfaces file in PVE (edited for brevity):

Code:
auto lo
iface lo inet loopback

iface eno4 inet manual

auto vmbr2
iface vmbr2 inet static
    address 172.29.29.154/24
    bridge-ports eno3
    bridge-stp off
    bridge-fd 0
#Red VPN

auto vmbr100
iface vmbr100 inet manual
    bridge-ports eno4
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094
#Trunk

auto vmbr100.100
iface vmbr100.100 inet static
    address 172.27.100.154/24
    gateway 172.27.100.1
#Mgmt pxmx en red 100

auto vmbr100.101
iface vmbr100.101 inet static
    address 172.27.101.154/24
#Mgmt pxmx en red 101

auto vmbr100.4093
iface vmbr100.4093 inet static
    address 172.27.193.105/24
#VLAN nativa

This is the related configuration on the HP switch:
Code:
vlan 1                                                                          
 description DEFAULT                                                            
#
vlan 100                                                                        
 description LEGACY DMZ                                                         
#                                                                               
vlan 101                                                                        
 description LEGACY SERVIDORES                                                  
#
vlan 4093                                                                       
 description NATIVE                                                             
#                                                                               
vlan 4094                                                                       
 description BLACKHOLE                                                          
#
(...)
#
interface GigabitEthernet1/0/1                                                  
 description "Trunk a nodo005 proxmox"                                          
 port link-type trunk                                                           
 undo port trunk permit vlan 1                                                  
 port trunk permit vlan 2 to 4093                                               
 port trunk pvid vlan 4093                                                      
#
(...)
#
interface GigabitEthernet1/0/23                                                 
 description PRUEBA VLAN 4093                                                   
 port access vlan 4093                                                          
#
(...)
#

I have 2 VMs (216 and 222) on PVE using 2 network interfaces each, one on VLAN 101 and the other one on VLAN 4093.

216.conf
Code:
agent: 1
boot: order=scsi0;ide2;net0
cores: 2
cpu: host
ide2: none,media=cdrom
memory: 4096
meta: creation-qemu=6.1.0,ctime=1636641510
name: EP-IT-016-DHCP
net0: virtio=6E:E5:5C:0D:BF:16,bridge=vmbr100,firewall=1,tag=101
net1: virtio=52:10:28:77:9A:08,bridge=vmbr100,firewall=1,tag=4093
numa: 0
onboot: 1
ostype: l26
scsi0: local-lvm:vm-216-disk-0,format=raw,size=16G
scsi1: local-lvm:vm-216-disk-1,format=raw,size=10G
scsihw: virtio-scsi-pci
smbios1: uuid=937f82c3-96c8-4100-98ef-c6479aeb33b6
sockets: 2
tags: it
vmgenid: 1d1dad59-1123-43ac-a2cd-01230d2a3600

/etc/network/interfaces within VM 216:
Code:
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens18
iface ens18 inet static
    address 172.27.101.41/24
    gateway 172.27.101.1
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 172.27.101.101
    dns-search siu.edu.ar

auto ens19
iface ens19 inet static
    address 172.27.193.41/24

222.conf
Code:
agent: 1
boot: order=scsi0;ide2;net0
cores: 2
cpu: host
hotplug: disk,network,usb
ide2: none,media=cdrom
memory: 4096
meta: creation-qemu=6.1.0,ctime=1636641510
name: EP-IT-018-Ubiquiti
net0: virtio=5A:11:3E:C8:B7:D5,bridge=vmbr100,firewall=1,tag=101
net1: virtio=EA:38:FB:C6:01:E9,bridge=vmbr100,firewall=1,tag=4093
numa: 1
onboot: 1
ostype: l26
scsi0: local-lvm:vm-222-disk-0,aio=native,format=raw,size=16G
scsihw: virtio-scsi-pci
smbios1: uuid=7cf327a8-8eb8-4618-abeb-a90bb9d7c44c
sockets: 2
tags: it;r
vmgenid: 0252feff-b445-4718-b329-93e84586afcd

/etc/network/interfaces within VM 222:
Code:
# The primary network interface
allow-hotplug ens18
iface ens18 inet static
    address 172.27.101.26/24
    gateway 172.27.101.1
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 172.27.101.101
    dns-search siu.edu.ar

# NATIVE (aca van los APs)
auto ens19
iface ens19 inet static
    address 172.27.193.26/24

Both VMs see other devices connected to the switch on ports configured as ACCESS VLAN 101, but they don't see other devices connected to the switch on ports configured as ACCESS VLAN 4093.

Also, both VMs see each other on the VLAN 4093 (but that works all inside PVE).

I am clearly making something wrong, since VLAN 4093 doesn't seem to "leave" PVE and get into the switch, whereas VLAN 100 and 101 do.

Any help will be greatly appreciated.
 
Hi @floh8,

thanx for the pointer for setting bridge-pvid. I had not seen that in the docs or googling around.

I also discovered that I don't have to create a VLAN entry in the host for every VLAN tag I want to use in the VMs.

So, for the record (and to help someone with a similar problem), my /etc/network/interfaces in the host now looks like this:

Code:
auto lo
iface lo inet loopback

iface eno4 inet manual

auto vmbr2
iface vmbr2 inet static
    address 172.29.29.154/24
    bridge-ports eno3
    bridge-stp off
    bridge-fd 0
#Red VPN

auto vmbr100
iface vmbr100 inet manual
    bridge-ports eno4
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4093
    bridge-pvid 4093
#Trunk

auto vmbr100.100
iface vmbr100.100 inet static
    address 172.27.100.154/24
    gateway 172.27.100.1
#Mgmt pxmx en red 100
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!