[SOLVED] Changed IP - no longer reachable - VLAN tagging

D

danielgoepp

Member
Mar 7, 2022
10
1
8
I have a slightly odd one here. I thought I did everything necessary and pretty carefully, but alas it would appear something is not right. I'm pretty comfortable with system administration and networking, so I thought I would be good. Clearly, I need some help though, so I'm hoping someone here can give me ideas of things to try.

My setup is two pve servers (clustered) plugged into a Unifi switch (w/LAG via LACP) and a pfsense firewall. I have multiple VLANs. In fact, that is what broke things here. My two pve systems were in the default untagged VLAN and I want to move them to a specific VLAN. I have VMs on both of them, that are already in a VLAN, and the interfaces are VLAN aware. That part has been working great.

I updated hosts, interfaces, corosync.conf. I even did issue and known_hosts just for fun. Rebooted both servers. They come up, but not on the network. Interestingly, all the VMs come online and work great still, it is just management interface that is broken.

What I know / have done so far:
I can ping between pve servers
I can't ping the gateway or any other VMs in the same or different VLANs
The cluster is established and showing healthy.
I have rebooted the pfsense just to make sure nothing strange on the firewall.
I have disabled the firewall locally too, but I don't use it (pve-firewall stop)
I have rebooted multiple times to make sure, and physically unplugged and replugged in the servers.

Thoughts? TIA.
 
So did you make the desired management VLAN untagged on vmbr0 (or whatever device has the management IP)?
 
OMG, duh. That would be too obvious! I'll check when I get back to it, but now that you said that, almost certain you are right. I read my post again, and I almost answer my own question with describing my tagging and the change. Thanks.
 
Just as an FYI for the someone else that might stumble on this and wants an example. To move from untagged to a specific vlan, here was my change:

Code: 
auto eno1
iface eno1 inet manual

auto enp3s0
iface enp3s0 inet manual

auto bond0
iface bond0 inet manual
    bond-slaves eno1 enp3s0
    bond-miimon 100
    bond-mode 802.3ad
    bond-xmit-hash-policy layer2+3

auto vmbr0
iface vmbr0 inet static
    address 10.1.1.7/24
    gateway 10.1.1.1
    bridge-ports bond0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

To:

Code: 
auto eno1
iface eno1 inet manual

auto enp3s0
iface enp3s0 inet manual

auto bond0
iface bond0 inet manual
    bond-slaves eno1 enp3s0
    bond-miimon 100
    bond-mode 802.3ad
    bond-xmit-hash-policy layer2+3

auto vmbr0
iface vmbr0 inet manual
    bridge-ports bond0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr0.11
iface vmbr0.11 inet static
    address 10.1.11.3/24
    gateway 10.1.11.1
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom