Is it possible to create a VLAN in Proxmox that points to the main VLAN without using vmbr0?

[dcontreras]

I have a Proxmox infrastructure where VLAN11 is the main VLAN used for communication between nodes. Currently, this VLAN passes through vmbr0.

My question is: Can I create a VLAN in the Proxmox Datacenter that points to VLAN11 and have a vnet in VLAN 11 and zones in VLAN 11, like with other VLANs? Or is it mandatory for VLAN11 to remain as vmbr0?

I would appreciate any advice on the best way to structure this without affecting the node connectivity.

 

[dj423]

Not sure I understand the concept of "main VLAN"?

I think you are asking to setup VLAN tagging direct to an interface on the pve host - if I understand correct?

If so, yes you can, here is an example tagged for vlan 45 to an interface named enp3s0:

auto vlan45
iface vlan45 inet static
        address 192.168.45.112/24
        vlan-raw-device enp3s0

 

[dcontreras]

Not sure I understand the concept of "main VLAN"?

I think you are asking to setup VLAN tagging direct to an interface on the pve host - if I understand correct?

If so, yes you can, here is an example tagged for vlan 45 to an interface named enp3s0:

auto vlan45
iface vlan45 inet static
        address 192.168.45.112/24
        vlan-raw-device enp3s0

The VLAN11 on the switch, which provides internet access, originates from VLAN11 configured on vmbr0 in my current setup. Given this configuration, I would like to know:

Is it possible to configure vmbr0 without assigning an IP address to VLAN11, while still maintaining proper communication and network functionality?

In other words, can vmbr0 be left without an explicit VLAN11 IP configuration, relying solely on the switch's VLAN tagging and the bond interface to handle traffic properly? Or is it necessary to explicitly assign VLAN11 addressing within vmbr0 for it to function correctly?

I'm looking for the best approach to ensure a clean and scalable VLAN setup in Proxmox without unnecessary dependencies.

 

[dj423]

Is it possible to configure vmbr0 without assigning an IP address to VLAN11, while still maintaining proper communication and network functionality?

If you are using that IP (on vlan11) for the management/Web UI then you should leave it with an address. If you have an interface like: vmbr0.11 and it's NOT the management, you can probably safely remove it.

Keep in mind I can only guess, as I don't know your network layout, gateway or other vlans/interfaces in play. Like for example, I would assume your internet link originates at the router that is connected on vlan 11, and not the bridge, but as long as you aren't removing the management IP.

For a scalable inter-vlan routed setup, I prefer to use (bonded) interfaces setup as trunk ports, (all tagged vlan frames) then just set the vlan tag at the VM, or on the vlan sub interfaces, then just set the switch to allow all vlan's needed for VM's and other guest instances on your pve nodes. That will allow you to logically separate your VM traffic at least. May be better ways depending on your use case. HTH