[SOLVED] No traffic between VE and Switch on VLAN

Jimboolio

New Member
Feb 6, 2022
2
1
3
I am trying to set up the following environment:
network.png

So in the virtual machine the connection to my workstation should work without configuring anything more than the ip address - so the so called "VLAN aware Linux bridge" on the documentation.

My /etc/network/interfaces is almost exactly same as on the documentation example, except different values. (eno1 is used for proxmox ui and the cable between my switch and proxmox host is spf+, that's why the interface name is as is)

Code:
auto lo
iface lo inet loopback

iface enp131s0 inet manual

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge-ports enp131s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr1
iface vmbr1 inet static
        address 10.2.0.2/24
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

auto vmbr0.500
iface vmbr0.500 inet static
        address 10.5.0.2/24
        gateway 10.5.0.1

I set vlan tag 500 on the proxmox ui for the virtual machine and inside the vm I set the ip address

And my (QNAP) switch has the following VLAN configuration, port 9 is connected to Proxmox and port 8 to my workstation:

switch.png

I found this Debian VLAN tutorial so I so I set:
Code:
net.ipv4.ip_forward=1
net.ipv4.conf.all.arp_filter=0
in /etc/sysctl.conf

## The issue
From my workstation, I cannot ping vmbr0.500 or the virtual machine in the proxmox host. And from a virtual machine which has VLAN 500 on its nic I cannot ping my workstation
I can ping from the host shell the virtual machine which has the vlan tag 500 on it's virtual nic (set up on proxmox, not inside the vm) and the other way around
When I connected second pc to a second vlan 500 "tagged" port I managed to ping my workstation, that's why I think the issue is in my proxmox configuration

My configuration is very close to the examples (at least to my eyes) in multiple tutorials so I'm having hard time understanding why the vlan isn't working. Thank you for taking your time for reading this.
 
A VLAN is different from a subnet, putting a client in the same subnet does not mean your client can talk to other clients in the vlan that happen to use the same subnet. In order for clients in different VLAN's to talk to one another, you need a layer 3 routing device in your network.
 
Sorry, I see you've made port 8 untagged on VLAN 500 and port 9 tagged on VLAN 500 so yes, those two clients should be on the same VLAN. However, your VLAN interface on proxmox is not connected to a physical NIC so it can't directly communicate with real world devices.

So if you add
iface enp131s0.500 inet manual
and then add
bridge-ports enp131s0.500
to your vmbr0.500 definition then you should be good to go
 
Last edited:
  • Like
Reactions: Jimboolio
Thank you so much! Adding the vlan interface was on the documentation, but somehow I didn't notice it. Anyways, it works, thank you!
 
  • Like
Reactions: bobmc

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!