Help needed with my setup: SDN - OPNsense - VLANs

rudydevolder

New Member
Nov 28, 2023
5
0
1
60
Philippines
Hello, I'm trying to get VLAN's working on my TopTon N305 with 4 LAN ports.
I would like to use 1 LAN port as a trunk port for all my VLAN's.
OPNsense runs inside the same ProxMox server.
CAN SOMEONE TELL ME WHAT IS WRONG WITH MY CONFIG? :confused:
My virtual machine with ID 101 seems to work on VLAN 55 and gets an address within my VLAN-range.
But when I try to connect an external PC via a managed VLAN switch on VLAN 55 and I don't get any connection.
Something is bothering me though;
Q1. why I can't enable VLAN aware directly on my interface enp2s0 ?
Q2. Is this needed to make it work?
Q3. I am confused between the VLAN tagging on 2 or maybe 3 different levels;
  1. VNETs
  2. At the assignment of an interface, you can also put a VLAN tag.
I don't understand, for me these 2 levels of VLAN tagging seem to conflict each other. Or maybe at the level of VNET it's acting as a membership filter and at the level of interface assignment it's acting by inserting the tag on an untagged port?
If VLAN tagging is also needed on the enp2s0 interface it makes 3 levels of VLAN tagging.
Can someone clarify how these assignments interact?


This my setup:

PortProxMoxP-OPNsenseNETVLANOPNSense MACOPNsense-Gateway
ETH-0Vmbr4Net5VOIPnet11BC:24:11:A3:5D:1210.11.11.11/24
ETH-0Vmbr4Net4MGMnet22BC:24:11:AF:A0:ED10.22.22.22/28
ETH-0Vmbr4Net7IOTnet44BC:24:11:7B:5A:B410.44.44.44/24
ETH-0Vmbr4Net3GUESTnet55BC:24:11:F1:29:6310.55.55.55/24
ETH-0Vmbr4Net6CCTVnet66BC:24:11:89:E2:4410.66.66.66/24
ETH-1Vmbr2Net1WANBC:24:11:77:95:FE
ETH-2Vmbr0Net0LANBC:24:11:2F:04:71
ETH-3Vmbr3Net2-guestGUEST_nativeBC:24:11:82:C5:2E

1714283435017.png

1714283496971.png


1714284982835.png


1714285017060.png


1714285041446.png
 

Attachments

  • 1714283615932.png
    1714283615932.png
    263.5 KB · Views: 5
Last edited:
I think this will answer you. If you are familiar with the term "trunk" in networking that is equivalent to "vlan aware" in proxmox.
So, if you mark something as a trunk AND assign it a vlan...I don't really know what the expected outcome is because those two actions are basically opposites of one another.

The picture below should give you a working version of what you are trying to do using two of your interfaces as an example.
Only the vnet should have a vlan tag.
Only the bridge should be vlan aware.


proxmox vlans.png
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!