[SOLVED] Newbie needs help on setting VLANs on a single physical NIC

C

cosmos

Renowned Member
Apr 1, 2013
125
4
83
Got a host running PVE 8.2, that has a single NIC, eno0. A vmbr0 is also connected.

The interface is physically connected to a switch port that is configured to carry LAN untagged traffic, as well as DMZ (vlan id = 100) and WAN (vlan id = 200) VLAN'ed traffic.

Now, some VMs on my host should be connected to the LAN, some to the DMZ and some others to the WAN traffic. I've read the sysadmin documentation, but I don't really understand how I should go about it (on ESXi I've made that using the builtin GUI), apart from that I could configure the (v)NICs inside the VMs themselves to transmit/receive whatever type of VLAN traffic needed, but I'd like to avoid this approach.

I'd be grateful if you could provide some info on what I should do/what type of interfaces I should create on the host from the GUI, in order to have three VLAN'ed zones.
 
Hey mate, thanks for the post. Read it and viewed https://www.youtube.com/watch?v=ljq6wlzn4qo as well.

My setup is slightly different: connection of eno1 is to a managed switch port that carries both untagged (VLAN=1, of sorts) and tagged (100, 200) traffic. In your example, it feels like untagged traffic will not reach the box. How can I go about allowing untagged traffic as well?
 
Answering my own post here, after reading @spirit 's responses in https://forum.proxmox.com/threads/question-how-to-create-vlan-aware-bridge-with-linux-bridge.85170/ and viewing the specific points about VLAN interfaces on https://youtu.be/zx5LFqyMPMU?si=yVu5IW_2OyTCzeiv&t=1163 I found out that there is no need to create a VLAN, if the management interface is going to stay on the native LAN (VLANID=1) of vmbr0! It is only required if one has to "move" the management ip address to another VLAN.

With that in mind, the "solution" to the OP is to simply enable VLAN awareness on vmbr0 (that's the only one I'll need), by double-clicking on vmbr0 on web admin and checking VLAN Aware. Effectively, this modifies vmbr0 configuration to contain another two lines (check the last two lines below):

Code: 
auto vmbr0
iface vmbr0 inet static
        address 10.128.64.27/22
        gateway 10.128.64.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

You'll be shown the new configuration and asked to apply it. No reboot is needed! I can immediately create VMs/CTs, specifying bridge vmbr0 and VLAN Tag whatever vlan id I want the VM/CT to actually connect to, say 100. Net communication as far as the VM/CT is concerned will be made with untagged traffic. PVE will handle adding/removing 802.1q tags for traffic outgoing to/incoming from the physical switch the host is connected to. Obviously the physical switch should have the relevant port appropriately configured for tagged traffic on VLAN 100.

Remember that the information above is sufficient, provided that the management interface is on the native LAN.

Now, if one would want to possibly move the management interface to another VLAN, say 100, then Create -> Linux VLAN should be selected. WARNING: doing so will mean that PVE will stop being accessible on the native VLAN, and will become accessible only on VLAN 100!

As a name, the bridge name from above should be typed followed by .100. This will signify to PVE that on vmbr0 a special pseudo-bridge vmbr0.100 will be created, that will handle VLAN 100 traffic, modifying /etc/network/interfaces to include the following 2 lines:
Code: 
auto vmbr0.100
iface vmbr0.100 inet manual

Even though Proxmox will ask you to apply the configuration do not do it right now! Two things need to be done now:
1) remove the ip address of pve from vmbr0
2) add the same ip to vmbr.100

For step (1), double-click on vmbr0 and note the entries tha correspond to the IP and gateway. Delete them and press OK, but again do not apply changes! For step (2) double click on vmbr0.100 and insert the values corresponding to IP/CIDR/gateway that were deleted in step (1). Press ok and now you're good to apply changes. Again remember that doing so will mean that PVE will stop being accessible on the native VLAN, and will become accessible only on VLAN 100!
 
Last edited:
  • Like
Reactions: louie1961
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom