"Guest configured VLAN"/VLAN Trunk doesn't forward VLAN packets to guest VM

W

witcher

New Member
Jul 24, 2025
2
0
1
My Proxmox installation is connected to a TP-Link TL-SG108E managed switch, with the connected port configured as a "Tagged Port". I understand this to retain the 802.1Q header in the Ethernet frame when sending them to the NIC connected to Proxmox.

The Tagged Port on the managed switch is connected to the only Ethernet port on the Proxmox machine, named enp3s0. A Linux Bridge exists for this port named vmbr0. This is the full /etc/network/interfaces (including other interfaces):

Code: 
auto lo
iface lo inet loopback

iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.178.5/24
    gateway 192.168.178.1
    bridge-ports enp3s0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094
#External

auto vmbr1
iface vmbr1 inet manual
    bridge-ports none
    bridge-stp off
    bridge-fd 0
#DMZ

auto vmbr2
iface vmbr2 inet manual
    bridge-ports none
    bridge-stp off
    bridge-fd 0
#Proxmox

auto vmbr100
iface vmbr100 inet manual
    bridge-ports none
    bridge-stp off
    bridge-fd 0
#Testing

auto vmbr101
iface vmbr101 inet manual
    bridge-ports none
    bridge-stp off
    bridge-fd 0
#Testing 2

    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
source /etc/network/interfaces.d/*

Here is a screenshot of the configuration in the GUI, for good measure:

1753359662066.png

The VLAN aware interface vmbr0 is attached to an OPNsense VM with VirtIO. No VLAN Tag is given on the interface assignment for the VM.

1753359596699.png

OPNsense lists the same interface as vtnet0:
1753359754269.png

On the Proxmox host itself tcpdump -i vmbr0 -nn -e vlan shows VLAN traffic:

Code: 
# tcpdump -i vmbr0 -nn -e vlan
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vmbr0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
14:13:59.303843 28:94:01:9b:84:7b > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 28:94:01:9b:84:7b, length 300
14:14:02.336628 28:94:01:9b:84:7b > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 28:94:01:9b:84:7b, length 300
14:14:05.369384 28:94:01:9b:84:7b > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 10, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 28:94:01:9b:84:7b, length 300
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel

The issue is that no matter how long I let tcpdump -i vtnet0 -nn -e vlan run on the OPNsense host, no VLAN traffic is recognized at all while, at the same time, traffic is showing on the Proxmox host.

Can someone help with this? Thanks!
 
As it turns out the problem here lies with checking the "VLAN aware" checkbox for the interface in Proxmox. Not checking the checkbox passes the VLAN traffic to the VM, while checking it doesn't. This means that to enable "Guest configured VLAN" nothing actually needs to be done and it works out of the box :)
 
You must log in or register to reply here.
Top Bottom