Passing VLAN traffic on a Virtual Machine with 2 NIC Interfaces (not working, tried a bunch)

S

ScottZ.

Well-Known Member
Nov 5, 2018
41
2
48
I have read a few different threads and the admin book really doesn't get a clear answer on this.

I have 1 PVE Hypervisor. It has 3 physical nics (2 virtual interfaces).
  • NIC0: 1 Copper port, for management traffic
  • NIC1: LACP (802.3ad) SFP+ ports on a dedicated vlan, lets just call it VLAN 10, on VMBR1 (on BOND0)

From the hypervisor, I can ping from NIC1interface to vlan10 IP address, works great.

Now I create a VM with 2 network cards(lets call em NIC2, NIC3 just to make it easy).

  • VLAN1 (NIC2) - Management (the copper network, logically NIC0 from Hypervisor, as it will pass management network traffic)
  • VLAN10 (NIC3) - for VLAN10 traffic (storage network, logically NIC1 from Hypervisor, as it will pass storage network traffic, via vlan tagging)

What is the official way for the VM (not the hypervisor, which is working) to pass traffic over NIC3 via vlan10(access port essentially)?
  • Do I add the vlan tag on the VM? (tried it, didnt work)
  • Do i keep it at no vlan tag? (tried it, didnt work)
  • Do I tag on the VM interface (tried it, didnt work)
  • Do I tag on the VM interface AND on the VM container? (tried it didn't work)
  • Do I add the trunks tag via qm set <vm> <option>? (restarted, tried it, didn't work).
Here is the config file of the VM
Code: 
auto lo
iface lo inet loopback

auto ens18
iface ens18 inet static
        address 192.168.1.149/24
        gateway 192.168.1.1

auto ens19
iface ens19 inet manual

auto ens19.10
iface ens19.10 inet static
     address 172.16.66.149/24

TLDR; To recap, very simple setup.
1 PVE Host, 2 logical NICs. 1 on vlan 1, the other on VLAN10 (and marked VLAN aware) and PVE host segregates traffic accordingly (good)
1 VM inside the host, 2 logical NICs that will be 1 on VLAN1(mgmt traffic) and the other NIC on VLAN10 for storage traffic (not working).

There is no default gateway (by design) on the VLAN10 as broadcast traffic should hit it.

*NOTE*: Firewall is disabled on both NICs

Please advise as I am out of ideas here.

Thank you!
 
Instead of trying to get the VLAN tag to pass through the host, I just set the ports to access ports. For some reason Proxmox would NOT pass the vlan tag across the trunk port, even though it was allowed via the switch. However, this should be a pretty standard setup, 1 VM with 2 vNICs on different vlans (or multiple vlans). I can't think of any method I didn't try still wouldn't pass the tag upstream, which means the switch just dropped the traffic.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back