My vlans don't see tagged networks...

L

LooneyTunes

Active Member
Jun 1, 2019
203
22
38
Hi,
I was apparently under false impression I had configured my networking in Proxmox correctly. Turns out vlans I am tagging my machines with don't get through.

This is my /etc/network/interfaces
Code: 
auto lo
iface lo inet loopback

auto vmbr0.2
iface vmbr0.2 inet static
        address 192.168.2.2/28
        gateway 192.168.2.1

auto vmbr0
iface vmbr0 inet static
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

What I don't seem to understand is what I need to do to get my VM's to get IPs... Having read the manual I thought this was about it, but no?

Thanks
 
Did you assign vmbr0 as NIC to your VMs and did you set the corresponding VLAN tag in the VM‘s virtual NIC?

You wrote nothing about your network setup and if your PVE has it‘s physical NIC tagged on the switch side.
 
Last edited:
cwt said:
Did you assign vmbr0 as NIC to your VMs and did you set the corresponding VLAN tag in the VM‘s virtual NIC?

You wrote nothing about your network setup and if your PVE has it‘s physical NIC tagged on the switch side.
Click to expand...
Fair point. Yes I did assign vmbr0 and a vlan tag to the VM. And yes PVE gets tagged traffic from my router.

Would the config I posted above be valid for assigning different vlan-tags to VMs?

But when doing a 'tcpdump -i vmbr0 -e' I only see vlan 2, to which PVE is connected, no other ones...?
 
Last edited:
The easiest way for assigning VLANs to VMs is using a bridge like your vmbr0. Then you would add a virtual NIC to your VM with the appropiate tag.

Your vmbr0.2 doesn’t make really sense. VLAN 1 or 2 are the usual default VLANs in switches. All devices which don‘t „speak“ VLANs on their end communicate over the default VLAN and on the switch side (if it’s managable) all ports are untagged to the default VLAN.

For a better understanding:

- tagged VLAN on a switch port: the device must „speak“ the VLAN ID, otherwise traffic is discarded
- untagged VLAN on a switch port: the device (regardless of it’s nature, VM, printer, access point, IoT device, …) and it‘s traffic are automatically a member of this VLAN and the packets get the additional header added
 
  • Like
Reactions: LooneyTunes
cwt said:
The easiest way for assigning VLANs to VMs is using a bridge like your vmbr0. Then you would add a virtual NIC to your VM with the appropiate tag.

Your vmbr0.2 doesn’t make really sense. VLAN 1 or 2 are the usual default VLANs in switches. All devices which don‘t „speak“ VLANs on their end communicate over the default VLAN and on the switch side (if it’s managable) all ports are untagged to the default VLAN.

For a better understanding:

- tagged VLAN on a switch port: the device must „speak“ the VLAN ID, otherwise traffic is discarded
- untagged VLAN on a switch port: the device (regardless of it’s nature, VM, printer, access point, IoT device, …) and it‘s traffic are automatically a member of this VLAN and the packets get the additional header added
Click to expand...
Thanks. Got it. I have tried with others too with much the same result, I can see that vlan's tag, but no other... Very strange as I feed my PVE with a trunk... So I am still unsure about my config. I want to be able to spin up a VM with any vlan tag really. This is an example of one I tried. It will simply not get an IP no matter what I try, so I do miss something...
1683378283152.png
And yes, I tried to disable the firewall on it too, just to try, no difference
 
How does your network setup look? Do you use a router or your switch for inter-vlan communication?

Let‘s say you have defined three vlans on your switch: 30, 110 and 200. Your Proxmox NIC must be tagged with these ports on your switch. Setting this port only to trunk type is (usually) not sufficient.

So if you assign vlan 30 to a VM like in your screenshot all traffic is limited to the vlan 30 in the first place. Next step would be a) you have a router which manages vlan traffic or b) you use your switch to add vlan routes. Otherwise no traffic from and to the vlan from other vlans would be possible.

What you can do for a quick check is to tag another VM with vlan 30, set both VM IPs to static in the same subnet and test if they can ping each other. This should work regardless of your switch settings.
 
cwt said:
How does your network setup look? Do you use a router or your switch for inter-vlan communication?

Let‘s say you have defined three vlans on your switch: 30, 110 and 200. Your Proxmox NIC must be tagged with these ports on your switch. Setting this port only to trunk type is (usually) not sufficient.

So if you assign vlan 30 to a VM like in your screenshot all traffic is limited to the vlan 30 in the first place. Next step would be a) you have a router which manages vlan traffic or b) you use your switch to add vlan routes. Otherwise no traffic from and to the vlan from other vlans would be possible.

What you can do for a quick check is to tag another VM with vlan 30, set both VM IPs to static in the same subnet and test if they can ping each other. This should work regardless of your switch settings.
Click to expand...
I think it's pretty simple, a router in 802.1Q mode sending tagged (supposedly) traffic directly to PVE, other switch ports go to managed switches for vlan distritbution. Sounds big, but is just a few and that part works well as expected. I will spin up a couple of test VM's to try this then :)

Took a while, but ping test checks out at least. :)
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom