Node not reachable on vlan, after vlan is used by vm

[sigmarb]

Hi,

i have a strange behavior on my linux system and can not explain it. Help would be greatly appreciated.

host proxmox1 with a trunk/bond interface to Cisco-Switch.
proxmox1 has mgmt in vlan100 on same bond:

bond1.100@bond1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 3c:fd:fc:9a:7d:cc brd ff:ff:ff:ff:ff:ff
inet 10.64.253.203/24 brd 10.64.253.255 scope global bond1.100



All is fine and proxmox1 is reachable from other machines through vlan 100.

The routing between the vlans, is done by a pfsense firewall on _another_ proxmox-node.

Now instantly when i move the firewall to proxmox1-host, the proxmox1 host is not reachable through mgmt-vlan 100 anymore.

Ideas?

Thank you

 

[spirit]

Hi,
if you don't use vlanaware (with vmbr0 + bond1 for example), and have an ip on bond1.100.

when proxmox start the vm, it'll create a vmbr0v100 and attach bond1.100 to this bridge.

The problem is that if bond1.100 is in a bridge, you can't have ip on the bond1.100 anymore. (it must be on the bridge).

2 possibilty:

1)

use a vlan-aware bridge,
and create a vmbr0.100 iface with your ip address

auto vmbr0
iface vmbr0 inet manual
         bridge-port bond1
         bridge-vlan-aware yes
        .....

auto vmbr0.100
iface vmbr0.100 inet static
        address ...

2)

keep the non vlan-aware-bridge,
and create a

auto vmbr0v100
iface vmbr0v100 inet static
        bridge-ports bond1.100
        address ...

 

[spirit]

also see:
https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#_vlan_802_1q

 

[sigmarb]

Awesome. thats it. Thank you.