[SOLVED] Help with VLAN tag with Proxmox and Unifi

[fr0zt]

Hello. I wanted to ask here first, because I don't have a monitor connected to my proxmox machine and I don't think I'll be able to remotely revert if I screw this up.

There's a helpful reddit post here, but my case is slightly different - https://www.reddit.com/r/Proxmox/comments/15ijbbi/vlan_tagging_proxmox_unifi/

In Unifi I have

• Default VLAN. ID 1. Subnet 10.0.0/24. Nearly all devices connected to this. My route (UDM) is 10.0.0.1. Proxmox is 10.0.0.3
• VPNTest VLAN. ID 5. Subnet 192.168.5.0/24. One device connected. I want to add VMs to this VLAN

My interfaces look like this:

cat /etc/network/interfaces

auto lo
iface lo inet loopback

iface enp2s0 inet manual

iface enp3s0 inet manual

iface enp4s0 inet manual

iface enp5s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.0.0.3/24
        gateway 10.0.0.1
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0

I think I need to change the bottom part to

auto vmbr0
iface vmbr0 inet static
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 1-4092

auto vmbr0.1
iface vmbr0.1 inet static
        address 10.0.0.3/24
        gateway 10.0.0.1

But I'm not sure. It's different from the reddit post in that:

• the first 3 digits of the VLANs are different (10.x.x.x vs 192.x.x.x)
• I think I need to include vid 1 in "bridge-vids 1-4092" (rather than 2-4092)
• His gateway address is different from his UDM router subnet (10.2.1.1 vs 10.1.1.10/24). I think I need to make these the same? (10.0.0.1 and 10.0.0.0/24)

Can anyone confirm what me /etc/network/interfaces should look like?

 

[Dunuin]

I think I need to include vid 1 in "bridge-vids 1-4092" (rather than 2-4092)

No. VLANID1 is the default for non-VLAN-tagged packets and when working with tagged VLANs you only work with 2 to 4092.

I think I need to change the bottom part to

No, in case your LAN is 10.0.0.0/24 with VLANID1 (=not using VLAN) and you want another isolated subnet on VLANID5 with 192.168.5.0/24 you would simpy use...

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.3/24
    gateway 10.0.0.1
    bridge-ports enp2s0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4092

...and for VMs that should use VLANID5 you add them to vmbr0 too but then set the "VLAN Tag" to "5" for the VMs virtio NICs.
You would then tell the tagged-vlan-capable router/switch to use PVID1 as well as VLANID5 tagged.

In case you also want the PVE node to sit in that VLANID5 (you don'T have to, this is only in case you want to access webUI/API/SSH from that VLANID5) you could give it an IP like 192.168.5.3/24 like this:

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.3/24
    gateway 10.0.0.1
    bridge-ports enp2s0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4092

auto vmbr0.5
iface vmbr0.5 inet static
    address 192.168.5.3/24

 

[fr0zt]

Thanks @Dunuin for the clear explanation! This works perfectly.

Ie - I just added the 2 lines to vmbr0 and now I have vlan tagging working!

bridge-vlan-aware yes
bridge-vids 2-4092