Multiple Vlan on VM

D

Donovan Hoare

Active Member
Nov 16, 2017
16
3
43
42
Hi All.
I have Vlans working with Proxmox, and i actually use OVS Switch.
However, I want to try something new. On a VM I would like to create a network port that is VLAN-aware.
So in the ubuntu VM, i can have en18.500 and default non-tagged traffic tagged as vlan6

I use this for MaaS.

My dedicated servers are native VLAN 6, which is MaaS DHCP. And the ports are in trunk mode
(Cisco Switches), So on PXE boot (untagged traffic they are VLAN 6), but I deploy on Vlan500.

So I would like to accomplish this on the VM, I know i could add more ethernets with Different VLAN tags. net0 vlan6 net1 VLAN 500.
However, I would like to do this over one adapter.

So it would be like passing the trunk through to the VM.
I hope this makes sense.
 
Last edited:
Hi, on Proxmox side there is nothing special to do. Just give your VM a vNIC on a VLAN aware bridge (either OVS or Linux Bridge) w/o specifying a VLAN ID, then your VM enjoys the full trunk (not tagged) on that vNIC.
You can also add more vNICs to your VM on same VLAN aware bridge and specify your native/management VLAN ID 6 (tagged).
 

Attachments

  • Bildschirmfoto 2022-10-29 um 23.45.33.png
    Bildschirmfoto 2022-10-29 um 23.45.33.png
    179.7 KB · Views: 293
alternative would be only one vNIC on VLAN aware bridge untagged on proxmox side and tagging all VLANs in the VM as you tried, but you need to keep the one interface en18 untagged, so trunk is still available (en18 + en18.500 + en18.6 + en18.xx)
also your default gateway in the VM needs to be bound to the VLAN 6 (as of your post), that can reach your default gateway. here is a theoretical suggestion:
- en18 = physical from VMs point of view, untagged, no ip setting at all
- en18.6 = VLAN 6, with ipaddress, mask AND default gateway in the corresponding subnet, which is the subnet that goes to your router/firewall/physical NAT gateway.
- en18.500 = VLAN 500, with ipaddress and mask, but NO gateway in the corresponding subnet.
- en18.xx = VLAN xx, with ipaddress and mask, but NO gateway in the corresponding subnet. repeat this for all your MaaS vlans/subnets
- your vlans must not have conflicting subnets! especially with the subnet where your default gateway is.
- your default gatway (router/firewall) should have rules to allow your MaaS VM to access subnets or better specific VMs/devices you want to be monitored.
- if you have DHCP servers on all/multiple vlans/subnets, you must set ipaddress/mask and default gateway static on en18.6 interface then. else it could be occasionally overriden by dhcp on a unwanted vlan/subnet.
- btw. IIRC you can only add 32 vNICs to a VM, so "I know i could add more ethernets with Different VLAN tags. net0 vlan6 net1 VLAN 500" wouldn't work, if you have more VLANs.
 
Last edited:
flames said:
alternative would be only one vNIC on VLAN aware bridge untagged on proxmox side and tagging all VLANs in the VM as you tried, but you need to keep the one interface en18 untagged, so trunk is still available (en18 + en18.500 + en18.6 + en18.xx)
also your default gateway in the VM needs to be bound to the VLAN 6 (as of your post), that can reach your default gateway. here is a theoretical suggestion:
- en18 = physical from VMs point of view, untagged, no ip setting at all
- en18.6 = VLAN 6, with ipaddress, mask AND default gateway in the corresponding subnet, which is the subnet that goes to your router/firewall/physical NAT gateway.
- en18.500 = VLAN 500, with ipaddress and mask, but NO gateway in the corresponding subnet.
- en18.xx = VLAN xx, with ipaddress and mask, but NO gateway in the corresponding subnet. repeat this for all your MaaS vlans/subnets
- your vlans must not have conflicting subnets! especially with the subnet where your default gateway is.
- your default gatway (router/firewall) should have rules to allow your MaaS VM to access subnets or better specific VMs/devices you want to be monitored.
- if you have DHCP servers on all/multiple vlans/subnets, you must set ipaddress/mask and default gateway static on en18.6 interface then. else it could be occasionally overriden by dhcp on a unwanted vlan/subnet.
- btw. IIRC you can only add 32 vNICs to a VM, so "I know i could add more ethernets with Different VLAN tags. net0 vlan6 net1 VLAN 500" wouldn't work, if you have more VLANs.
Click to expand...
Do you have experience with both Proxmox and Docker.
I have tried allowing the trunked VLAN NIC to my portainer VM but it does no see the router. I have read on the internet about a VM on ESXi and the mentionned "promiscuous" mode... Any idea ?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back