[SOLVED] Make Proxmox accessible on multiple vlans

[FesterJester]

I am sure this may have been answered somewhere already, I just have not found it yet.
So, I am going to start this post in the hopes that someone can help me while I continue to search.

I will try to explain my setup.

• VLAN1
  • 192.168.1.0/24
    • Router = 192.168.1.1
    • Proxmox = 192.168.1.10 (Proxmox version 8.3.5)
• VLAN10
  • 10.1.10.0/24
    • Router = 10.1.10.1
• VLAN20
  • 10.1.20.0/24
    • Router = 10.1.20.1

On the network switch:

• Router port
  • VLAN1 = untagged
  • VLAN10 = tagged
  • VLAN20 = tagged
• Proxmox port
  • VLAN1 = untagged
  • VLAN10 = tagged
  • VLAN20 = tagged

Right now, I have access to Proxmox from only VLAN1 and Proxmox is unable to reach devices on the other vlans.
My end goal:

1. Be able to access the web interface from at least VLAN10.
2. Proxmox can talk to devices on all VLANs.
3. Define which VLAN(s) a virtual machine or container is connected to.

 

[SInisterPisces]

Hello, there! The good news is this isn't hard once you know how to do it.

It's just not easy to figure out how to do it on your own.

I recommend this entire playlist for learning how to do things in Proxmox. A lot of the videos are for PVE 7, but they still apply to PVE 8. He assumes you don't know anything about the subject matter of each video, so they're great teaching tools.

https://www.youtube.com/watch?v=sHWYUt0V-c8&list=PLOUG593yAwIGuwYRdnACJaZEzOHMythiM

For your specific issue, watch the single NIC VLAN setup video all the way through. He covers adding IP addresses to different interfaces and virtual machines. For additional detail, he did a second video that also covers how to set up a LAG/bonded ethernet link. Even if you don't want to do that, I suggest watching both of them so you get a view of how the entire PVE network stack (minus SDN) works. I did, and it made everything much easier.

Single NIC VLAN setup: https://www.youtube.com/watch?v=ljq6wlzn4qo&list=PLOUG593yAwIGuwYRdnACJaZEzOHMythiM&index=3
Dual NIC in Bond VLAN setup: https://www.youtube.com/watch?v=nIip66Rzt4I&list=PLOUG593yAwIGuwYRdnACJaZEzOHMythiM&index=4

I'd suggest starting with getting the web GUI on whichever VLANs you want and making sure that works, before putting various LXCs and VMs into whichever VLANs you want.

Upstream, check the firewall rules on your firewall. Unless you've enabled the firewall in Proxmox at the cluster or node level, which is off by default, if you can't get to Proxmox across VLANs it sounds like there's an upstream firewall rule preventing inter-VLAN routing.

 

[FesterJester]

For some reason, I am unable to get Proxmox to talk on the other vlans.
I can ping the router on VLAN1 but not not on VLAN10 or VLAN20.
I followed the single NIC VLAN video.

 

[vesalius]

Post your /etc/network/interfaces config, so we can help troubleshoot there.

 

[FesterJester]

...I feel dumb now...
Part of my problem is working on this later in the evening after work.
Apparently multiple things have been in my way and I didn't realize it.

1. The firewall on Proxmox was blocking pings and web access.
2. My router did not have a rule to allow traffic out to the world.
3. My router is blocking access and ping from the VLAN networks.

The solutions so far:
1. Temporarily disabled the firewall on Proxmox. (will need to figure out how to setup proper rules)
2. Added a firewall rule on my router to allow all traffic. (will refine these rules once I have everything working)
3. No solution yet.

What I have been able to do so far:
- Access the web admin from a computer connected on VLAN1, VLAN10, and VLAN 20.
- Put a container on VLAN10 and ping between the container, proxmox, and a computer.

 

[SInisterPisces]

...I feel dumb now...
Part of my problem is working on this later in the evening after work.
Apparently multiple things have been in my way and I didn't realize it.

1. The firewall on Proxmox was blocking pings and web access.
2. My router did not have a rule to allow traffic out to the world.
3. My router is blocking access and ping from the VLAN networks.

The solutions so far:
1. Temporarily disabled the firewall on Proxmox. (will need to figure out how to setup proper rules)
2. Added a firewall rule on my router to allow all traffic. (will refine these rules once I have everything working)
3. No solution yet.

What I have been able to do so far:
- Access the web admin from a computer connected on VLAN1, VLAN10, and VLAN 20.
- Put a container on VLAN10 and ping between the container, proxmox, and a computer.

Glad you've got things going in the right direction.

The Proxomox firewall is disabled at the datacenter-level by default. I'd get everything else working on your network just as you want it before trying to enable it. It's not difficult, but it's also got its own quirks.

Take a look at this video: https://www.youtube.com/watch?v=yA9e7A9v7Xc