New with proxmox and not able to configure vlans

[Chapter]

Good evening,

I just moved my NUC (1 NIC) from ESXi to Proxmox and I am trying to create the same configuration I had, but so far I have not had much luck.

What I had and I would like to achieve is:

1- NUC connected to a trunk port on a switch
2- PVE GUI in management VLAN (tagged VLAN 17)
3- VM's in other VLAN's (tagged VLANs 17, 20 and 30)

Following the Proxmox wiki I've been able to assign an IP in VLAN 17 to the PVE GUI and I can access it from other devices in VLAN 17 but I'm struggling with the creation/assignments of the other VLAN's to the VMS

This is my interfaces file

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr0.17
iface vmbr0.17 inet static
    address 192.168.17.36/24
    gateway 192.168.17.1

I tried to assign the the Network device to vmbr0 and tag 20 in one of the VM's but it is not able to connect to my network or to the internet



could someone give me some hints?


Regards

 

[jlebherz]

Hey,

your Config seems to be ok,
I would prefer to configure vlan17 untagged on the PVE port...
have you tried watching the traffic vie tcpdump?
you could watch vmbr0 to see if the packets are tagged correct.

 

[cyfrSpace]

Good evening,

I just moved my NUC (1 NIC) from ESXi to Proxmox and I am trying to create the same configuration I had, but so far I have not had much luck.

What I had and I would like to achieve is:

1- NUC connected to a trunk port on a switch
2- PVE GUI in management VLAN (tagged VLAN 17)
3- VM's in other VLAN's (tagged VLANs 17, 20 and 30)

Following the Proxmox wiki I've been able to assign an IP in VLAN 17 to the PVE GUI and I can access it from other devices in VLAN 17 but I'm struggling with the creation/assignments of the other VLAN's to the VMS

This is my interfaces file

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr0.17
iface vmbr0.17 inet static
    address 192.168.17.36/24
    gateway 192.168.17.1

I tried to assign the the Network device to vmbr0 and tag 20 in one of the VM's but it is not able to connect to my network or to the internet

View attachment 25111

could someone give me some hints?


Regards

Couple of items, VLAN 20 and 30 are absent from your interfaces. Also, you've set a gateway of .1 on 17 destination unknown in context. Here's an example of how I've done it on OHV. Hope it helps! I admit, I struggled with this as well starting out trying a multitude of Googled methods including trying to make use of modprobe dummy.

auto lo #Node 6 OVH OR DC socom.systems
iface lo inet loopback

auto eno1
iface eno1 inet manual
#Public Internet

auto eno2
iface eno2 inet manual
        mtu 9000
#Private VSwitch 10Gb

auto eno2.10
iface eno2.10 inet static
        address 10.10.10.6/24
        netmask 255.255.255.0
        mtu 9000
#Ceph VLAN 10

auto eno2.20
iface eno2.20 inet static
        address 10.20.20.6/24
        netmask 255.255.255.0
        mtu 9000
#Private

auto eno2.95
iface eno2.95 inet static
        address 10.95.95.6/24
        netmask 255.255.255.0
        mtu 9000
#Ceph Public

########## Get outside NATing VLANS ##########
## VMS VLAN 100 Range 192.168.1.2-254 Route ##
## Gateway 192.168.1.1

auto vmbr0.100
iface vmbr0.100 inet static
      address  192.168.1.1
      netmask  255.255.255.0
      gateway  91.88.182.254
#NAT Private to Internet.

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
#Bridging VLANS

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up  /sbin/iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE

 

[spirit]

could someone give me some hints?

the config seem to be ok.
for vm/CT, in their config network gui, just choose vmbr0 as bridge + tag = X , you don't need to define anything in /etc/network/interfaces for the vms

 

[Chapter]

Hi,

Thanks all for you comments; now it is working but to be honest I don't fully unnderstandd it

@spirit , that's what I understood on the Wiki and what I tried (I think...) with bridge=vmbr0, tag=20 but the VM is not getting an IP in the VLAN

@cyfrSpace, I made some modifications in interfaces and it seems to work but I don't get it, according to the information I found, just adding bridge-vlan-aware yes to the vmbr0 and adding a tag in the NIC of the VMs should be enough.

Also, you've set a gateway of .1 on 17 destination unknown in context

I also do not understand the above comment; 192.168.17.1 is the IP address of my gateway. Do you mean the gateway is not needed?


This is my new interfaces file that works in combination with bridge = vmbr0, tag = 20 in the VM NIC configuration

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr0.17
iface vmbr0.17 inet static
        address 192.168.17.36/24
        gateway 192.168.17.1

auto vmbr0.20
iface vmbr0.20 inet manual

auto vmbr0.30
iface vmbr0.30 inet manual

 

[spirit]

Hi,

Thanks all for you comments; now it is working but to be honest I don't fully unnderstandd it

@spirit , that's what I understood on the Wiki and what I tried (I think...) with bridge=vmbr0, tag=20 but the VM is not getting an IP in the VLAN

@cyfrSpace, I made some modifications in interfaces and it seems to work but I don't get it, according to the information I found, just adding bridge-vlan-aware yes to the vmbr0 and adding a tag in the NIC of the VMs should be enough.



I also do not understand the above comment; 192.168.17.1 is the IP address of my gateway. Do you mean the gateway is not needed?


This is my new interfaces file that works in combination with bridge = vmbr0, tag = 20 in the VM NIC configuration

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr0.17
iface vmbr0.17 inet static
        address 192.168.17.36/24
        gateway 192.168.17.1

auto vmbr0.20
iface vmbr0.20 inet manual

auto vmbr0.30
iface vmbr0.30 inet manual

vmbr0.20 && vmbr0.30 are not needed. (it's only usefull if you want to define an ip address on your proxmox hostfor a specific vlan).
setting tag in vm nic should be enough.

 

[Chapter]

vmbr0.20 && vmbr0.30 are not needed. (it's only usefull if you want to define an ip address on your proxmox hostfor a specific vlan).
setting tag in vm nic should be enough.

Tried this yesterday but it didn't work; Tried it again now and it is working fine... I think yesterday I forgot something

 

[cyfrSpace]

vmbr0.20 && vmbr0.30 are not needed. (it's only usefull if you want to define an ip address on your proxmox hostfor a specific vlan).
setting tag in vm nic should be enough.

This looks like it should work if you applied iptables routing rules, assuming you assigned all your VMS .17.0/24 addresses. I'm also assuming eno1 is your public interface with public IP assignment. As apposed to bridging VLANS you can also just create a second bridge e.g.

auto vmbr0
iface vmbr0 inet dhcp
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr0.100
iface vmbr0.100 inet static
    address 192.168.2.254/24
    gateway 72.82.47.254
    dns-nameservers 8.8.8.8
#nat

    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up   iptables -t nat -A POSTROUTING -s '192.168.2.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/24' -o vmbr0 -j MASQUERADE

auto vmbr1
iface vmbr1 inet static
    address 10.99.2.254/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.99.2.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.99.2.0/24' -o vmbr0 -j MASQUERADE

 

[cyfrSpace]

If you've got multiple NICs I'd encourage making use of Bonding gaining network fault tolerance. You can apply bridging and VLANS here as well.

#Node 5
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual
    mtu 9000

auto eno2
iface eno2 inet manual
    mtu 9000

iface eno3 inet manual

auto eno4
iface eno4 inet manual
    mtu 9000

auto bond0
iface bond0 inet static
    bond-slaves eno1 eno2 eno4
    bond-miimon 100
    bond-mode 802.3ad
    mtu 9000
    bond-downdelay 200
    bond-lacp-rate 1
    bond-xmit_hash_policy layer3+4
#    bond-vlan-aware yes
#    bond-vids 2-4094

auto bond0.10
iface bond0.10 inet static
    address 10.10.10.5/24
    netmask 255.255.255.0
    mtu 9000

auto bond0.20
iface bond0.20 inet static
        address 10.20.20.5/24
    netmask 255.255.255.0
        mtu 9000

auto bond0.95
iface bond0.95 inet static
        address 10.95.95.5/24
    netmask 255.255.255.0
        mtu 9000

auto vmbr0
iface vmbr0 inet dhcp
    bridge-ports eno3
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

 

[cyfrSpace]

Glad you got it @Chapter, congrats! Happy to help.