Making bridge VLAN Aware renders host inaccessible

harry0

New Member
Aug 9, 2021
6
0
1
43
I have a very simple networking setup, as below:

Code:
auto lo
iface lo inet loopback

iface eno1 inet manual
#port 28

auto eno2
iface eno2 inet manual
#port 27

auto vmbr0
iface vmbr0 inet static
        address 192.168.5.206/24
        gateway 192.168.5.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr0.10
iface vmbr0.10 inet static
        address 192.168.5.208/24

auto vmbr1
iface vmbr1 inet static
        address 192.168.5.207/24
        bridge-ports eno2
        bridge-stp off
        bridge-fd 0

auto vmbr1.10
iface vmbr1.10 inet static
        address 192.168.5.209/24

This setup works to allow me to access the host from my laptop on VLAN 10, on any of the 4 IP addresses (.206 to .209) when I have the ports in UNTAGGED mode on my switch, but I can not access the host after switching the ports to TAGGED for VLAN 10.

I suspected this may be due to vmbr1 not being VLAN aware, so I attempted to enable that (identical to the vlan aware flag on vmbr0); unfortunately this made the host inaccessible whether the ports were tagged or untagged, and I had to remove the VLAN aware flag in order to access the host again. This is very unexpected behaviour.

I have tried a full reinstall of Proxmox, but to no avail. I have a separate physical server with both its interfaces VLAN aware and operating in TAGGED mode, which works as expected so I am confident this is not a switch config issue but something I'm missing in my Proxmox configuration.

Can anyone shed any light on why making the bridge VLAN aware renders the entire host inaccessible on any address?
 
Perhaps also worth noting that if I set port 28 (eno1) to TAGGED, I can access the host on .206, .207 and .208, but not on .209 - this seems to make sense since .209 is the Linux VLAN operating through vmbr1, which is not VLAN aware.
 
Do you have inter VLAN routing setup? It would make sense that without routing, you can't access VLAN 10 from VLAN 1.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!