How to get multiply VLAN to work with Proxmox?

[prxmoxusr]

Have a small lab environment running with an NUC which have 3 different NIC's which:

iface enp88s0 inet manual
#Eth00: Intel I225-LM (2.5GbE)

iface enx6c1ff7046396 inet manual
#Eth01: Realtek RTL8156BG (2.5GbE)

iface enx6c1ff704695a inet manual
#Eth02: Realtek RTL8156BG (2.5GbE)

And were I've assigned VLAN 200 to Eth01 and VLAN 210, 205 and 215 to Eth02:

auto vmbr0
iface vmbr0 inet static
        address 192.168.202.10/24
        gateway 192.168.202.254
        bridge-ports enp88s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr1
iface vmbr1 inet static
        address 10.46.200.10/24
        bridge-ports enx6c1ff7046396
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#VL200: Extranet Backend

auto vmbr2
iface vmbr2 inet static
        address 10.46.210.10/24
        bridge-ports enx6c1ff704695a
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#VL210: Extranet Public

auto vmbr2.215
iface vmbr2.215 inet static
        address 10.46.215.10/24
#VL215: Extranet Proxy

auto vmbr2.205
iface vmbr2.205 inet static
        address 10.46.205.10/24
#VL205: Extranet Secure

The issue that I have is that whenever I choose Eth02/vmbr2 and try to assign specific VLAN Tag 205/215 it doesn't work, meaning no network connectivity. If I set the config to eth2 and vmbr2 without vlan Tag it's assigned correctly and network connectivity works. But, I just can't get it to accept running with VLAN 205/215.

What is it that I've overlooked here to get it to work as intended with regads separating the VLAN's between two NIC's (near future 3 as I've going to add a admin VLAN to Eth00)?

Here is how it looks from the Proxmox GUI:

 

[vesalius]

If you give a LXC/VM a network device (no vlan tagged there) vmbr2.205 or vmbr2.215 do they have network connectivity on those vlans as expected?

Is my assumption that Eth01 and Eth02 are connected to a physical switch correct? If so, have you double-checked the respective switch ports vlan settings and can you ping either 10.46.205.10 or 10.46.215.10 from a separate device in the correct vlan?

 

[prxmoxusr]

Well, this is were it starts to be intersting, since when either creating or post configurating the network for a CT, I'm actually not able to choose vmbr2.205 or vmbr2.215. So, not sure how to get this to work, picking vmbr2.205 or vmbr2.215 and adding the specific vlan tag doesn't work and only way to get it to work is to pick vmbr0 (Eth00) and then add the vland tag. But, it's then using the wrong ethernet interface. Either it's the basic configuration which isn't correct or there is a gap when using the Proxmox GUI.



And yes, Eth00, Eth01 and Eth02 are connected to a physical switch (Unifi) which currently allow all vlan existing on the network, so it works. It's just how to slice and dice the vlans in Proxmox.

 

[prxmoxusr]

Been tweaking back and forth and just can't get the system to accept the four different vlans that I want to get up and working; when applying the following config:

auto vmbr0
iface vmbr0 inet static
        address 192.168.202.10/24
        gateway 192.168.202.254
        bridge-ports enp88s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr1
iface vmbr1 inet manual
        bridge-ports enx6c1ff7046396
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#VLAN Trunk No-IP

auto vmbr2
iface vmbr2 inet manual
        bridge-ports enx6c1ff704695a
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#VLAN Trunk No-IP

auto vmbr2.210
iface vmbr2.210 inet static
        address 10.46.210.10/24

auto vmbr2.215
iface vmbr2.215 inet static
        address 10.46.215.10/24

auto vmbr1.200
iface vmbr1.200 inet static
        address 10.46.200.10/24

auto vmbr1.205
iface vmbr1.205 inet static
        address 10.46.205.10/24

Only vlan 205 and 215 works and I can ping the IP for the interface but vlan 200 and 210 doesn't work. But, if I remove vlan 205 and 215 then vlan 200 and 210 works. What is the trick here to assign multiply vlans to the bridges?

 

[prxmoxusr]

Right, no it's didn't work out the above as expected; so going back to the original again which then only lets me use vlan 200 and 210 with the following config:

auto vmbr0
iface vmbr0 inet static
        address 192.168.202.10/24
        gateway 192.168.202.254
        bridge-ports enp88s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr1
iface vmbr1 inet static
        address 10.46.200.10/24
        bridge-ports enx6c1ff7046396
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#VLAN Trunk With-IP

auto vmbr2
iface vmbr2 inet static
        address 10.46.210.10/24
        bridge-ports enx6c1ff704695a
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#VLAN Trunk With-IP

So, really open for pointers and suggestions!

 

[prxmoxusr]

After having issues with my additional two UGREEN USB-C 2.5G adapters I've removing them from the configuration to ensure that the system is staying stable and this is what I'm using for now:

auto vmbr0
iface vmbr0 inet static
        address 10.46.200.10/24
        gateway 10.46.200.254
        bridge-ports enp88s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr0.210
iface vmbr0.210 inet static
        address 10.46.210.10/24
#Extranet Backend

auto vmbr0.215
iface vmbr0.215 inet static
        address 10.46.215.10/24
#Extranet Secure

auto vmbr0.220
iface vmbr0.220 inet static
        address 10.46.220.10/24
#Extranet Public

auto vmbr0.225
iface vmbr0.225 inet static
        address 10.46.225.10/24
#Extranet Proxy

 

[ulrick65]

After having issues with my additional two UGREEN USB-C 2.5G adapters I've removing them from the configuration to ensure that the system is staying stable and this is what I'm using for now:

auto vmbr0
iface vmbr0 inet static
        address 10.46.200.10/24
        gateway 10.46.200.254
        bridge-ports enp88s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr0.210
iface vmbr0.210 inet static
        address 10.46.210.10/24
#Extranet Backend

auto vmbr0.215
iface vmbr0.215 inet static
        address 10.46.215.10/24
#Extranet Secure

auto vmbr0.220
iface vmbr0.220 inet static
        address 10.46.220.10/24
#Extranet Public

auto vmbr0.225
iface vmbr0.225 inet static
        address 10.46.225.10/24
#Extranet Proxy

 

[ulrick65]

I am brand new to Proxmox, but I spent a lot of time with the network side of it over the past couple weeks.

I am wondering why you have so many Linux Vlan interfaces created? Do you need for the pve to have access on those vlans?

What I have found is that keeping it simple makes it a lot easier. The bridge is vlan aware, so unless the pve needs to access why not just set the vlan in the VMs themselves and let the bridge do the job?

Again...I am no expert on Proxmox and just learning...so maybe there is a need for all those IP's to be available to the pve. Sorry if I misunderstand, just figured I would chime in.

Thanks.