How to bridge multiple ports, some with vlan tags applied, and include VMs / containers?

D

deviantintegral

New Member
Dec 22, 2023
6
4
3
Hello!

I'm in the process of converting my on-the-metal OPNSense install to run under Proxmox, so I can add a few VMs and containers to the host. Here's a diagram of what I'd like to have working (mermaid.live link):
mermaid-diagram-2025-05-09-100726.png
So far, I only have network connectivity working at all with the following configuration, which does not apply `vlan 10` to the `eno2` port or to VMs:

Code: 
auto lo
iface lo inet loopback

iface eno0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.0.3/24
    gateway 192.168.0.1
    bridge-ports eno1 eno2
    bridge-stp off
    bridge-fd 0
    # Disable IPv6 multicasting
    # https://forum.opnsense.org/index.php?topic=44159.0
    bridge-mcsnoop 0

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

The first big problem is if I start a container and set it's VLAN Tag in the UI to `10`, I lose all network connectivity.

My expectation is that I could eventually do something like this to get the 2.5GBe port tagged with vlan10:

Code: 
auto vmbr0
iface vmbr0 inet static
    address 192.168.0.3/24
    gateway 192.168.0.1
    bridge-ports eno1 eno2.10
    bridge-stp off
    bridge-fd 0
    # Disable IPv6 multicasting
    # https://forum.opnsense.org/index.php?topic=44159.0
    bridge-mcsnoop 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

iface eno1 inet manual

iface eno2 inet manual

auto eno2.10
iface eno2.10 inet static

iface eno3 inet manual

But, I think my first step is to get containers started on vlan 10. Any suggestions? I have a suspicion I'm approaching this all wrong. I've seen a few notes about using bond interfaces, but I'm not clear how they apply to my setup.
 
I figured it out thanks to https://forum.proxmox.com/threads/vlan-aware-bridge-with-physical-access-ports.149618/#post-678589. The key bit I was missing was "bridge-access" and "bridge-vids" on the individual interfaces.

Code: 
auto vmbr0
iface vmbr0 inet static
    address 192.168.0.3/24
    gateway 192.168.0.1
    bridge-ports eno1 eno2
    bridge-stp off
    bridge-fd 0
    # Disable IPv6 multicasting
    # https://forum.opnsense.org/index.php?topic=44159.0
    bridge-mcsnoop 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

# Allow access from proxmox to vlan 10.
auto vmbr0.10
iface vmbr0.10 inet static
    address 192.168.20.3/24
    gateway 192.168.20.1

auto eno1
iface eno1
    # Allow VLANs 1, 10, 666
    bridge-vids 1 10 666

# Tag traffic on the port to the bridge as VLAN 10.
auto eno2
iface eno2 inet manual
  bridge-access 10
 
You must log in or register to reply here.
Top Bottom