Help with multiple VLANs using /29 subnets

K

Kratus

New Member
Jan 24, 2025
18
2
3
Hello friends,


I'm trying to set up multiple VMs on separate VLANs. For that, I'm using a /24 subnet that I divided into multiple /29 blocks — one per VLAN/VM.


Currently, only VLAN 15 is working, which is configured as vmbr0.15 and mapped to vmbr0, the default bridge using the physical interface eno49.


However, I can't get the other VLANs (e.g., VLAN 10) to work in the same way. My goal is to have each VM isolated on its own VLAN, using its dedicated /29 subnet.


Does anyone know the proper way to configure virtual bridges and VLANs in this scenario?
Should I be using different subnets altogether instead of breaking the /24, or am I missing something in the bridge-vids or bridge-vlan-aware configuration on vmbr0?


Any help or guidance is very welcome — thanks
 

Attachments

  • Screenshot_4.png
    Screenshot_4.png
    61.6 KB · Views: 2
  • Screenshot_5.png
    Screenshot_5.png
    17.5 KB · Views: 2
  • Screenshot_6.png
    Screenshot_6.png
    103.3 KB · Views: 2
You could also control access between VMs with the PVE firewall, I think. Block from 192.168.124.2-7 and 192.168.124.16-254.

Your VLAN 10 doesn't have a gateway here and can't get to the .1 IP since it's not in the same subnet.

I set up a couple of VLANs for the hosts, not on a bridge, but I had a bit of trouble IIRC before changing to the "vlan##" syntax, like:
1744303167159.png
That seemed like it worked better. I don't recall the specifics though.
 
SteveITS said:
You could also control access between VMs with the PVE firewall, I think. Block from 192.168.124.2-7 and 192.168.124.16-254.

Your VLAN 10 doesn't have a gateway here and can't get to the .1 IP since it's not in the same subnet.

I set up a couple of VLANs for the hosts, not on a bridge, but I had a bit of trouble IIRC before changing to the "vlan##" syntax, like:
View attachment 84781
That seemed like it worked better. I don't recall the specifics though.
Click to expand...
Hello SteveITS, I tried to follow the same approach suggested earlier.


I created a VLAN interface (vlan10) via GUI and assigned it to a VM.
The VM has the IP 192.168.124.10/29, using gateway 192.168.124.8.
This VM is tagged on VLAN 10 and connected to vmbr0.


From the Proxmox host, I can successfully ping 192.168.124.10 (the VM).
Also, the IP 192.168.124.8 (which belongs to the VLAN 10 interface) can be pinged from external networks, meaning that basic routing and tagging on my Mikrotik router and core switch seems to be working.


However, the VM at 192.168.124.10 can only be reached from the Proxmox host itself.
Any ping or connection attempt to this VM from external sources fails.
The Proxmox host is using 192.168.124.3 on VLAN 15 as its main IP.


Since I can ping 192.168.124.10 from Proxmox, but not from other devices on the network, I assume the VLAN tagging is okay and that Proxmox is bridging correctly.
I also double-checked VLAN tagging on the Mikrotik, and ICMP to the interface works fine.


Is there anything else I should check to confirm whether the problem lies within the VM configuration, Proxmox virtual networking, or somewhere in my switch/router setup?


Any tips or tests I can run to narrow this down would be much appreciated.
Thanks !
 

Attachments

  • 5.png
    5.png
    113.7 KB · Views: 1
  • 4.png
    4.png
    20.3 KB · Views: 1
  • 3.png
    3.png
    26.7 KB · Views: 1
  • 2.png
    2.png
    20.9 KB · Views: 1
  • 1.png
    1.png
    79.1 KB · Views: 1
  • 6.png
    6.png
    78.6 KB · Views: 1
You must log in or register to reply here.
Top Bottom