Hi,
I am currently using a simple setup with bridges
From own research, easiest solution is to enable
and assign VLAN tags to VMs. To my understanding this makes
1.) Most important: Does
2.) What does statement
3.) "Traditional" method is to create a separate bridge
4.) Regarding point 3: I would need to assign all VLAN bridges to OPNsense, as VLAN tagging is terminated at
5.)
Please don't shy away from answering single questions.
Thanks a lot.
I am currently using a simple setup with bridges
vmbr0 (WAN) / vmbr1 (LAN) and are in process of adding some VLAN config on top.From own research, easiest solution is to enable
and assign VLAN tags to VMs. To my understanding this makes
vmbr1 act as VLAN trunk, which allows re-use of these tags, like for- physical managed VLAN switches outside Proxmox VE
- VLAN firewall rules within separate VM, e.g. OPNsense (my case)
1.) Most important: Does
vmbr1 still route untagged packets from VMs, that don't have a VLAN tag assigned? In other words, is enabling "VLAN aware" mode a safe operation? Current system should work as usual, as VLAN config is incrementally added (assuming firewall doesn't have any blocking VLAN rules yet).2.) What does statement
mean? I thought, checking
VLAN aware automatically would make vmbr1 a trunk.3.) "Traditional" method is to create a separate bridge
vmbrX.Y per VLAN, declaring bridge port in dot notation like eno1.20 and then using either eno1.20 or vmbrX.20 as VM NIC as described here, right? Is it considered legacy and above option should be preferred in newer configurations?4.) Regarding point 3: I would need to assign all VLAN bridges to OPNsense, as VLAN tagging is terminated at
vmbr1?5.)
Node > Network > Create > Linux VLAN seems another alternative in the web interface. Is this option used, when pve host needs own IP in a VLAN subnet - or what other use cases exist?Please don't shy away from answering single questions.
Thanks a lot.
Last edited: