I tried to isolate the VM of PROXMOX VM 7.2 using VLANs. Every VM has its own VLAN.
But for unite many VLAN to one ip subnet with real ip address I try to use Private VLAN with switch VDX-6720 NOS 4.1.3a.
In private-vlan trunk host mode all works ok, on the server side it is seen as PRIMARY VLAN 652, but on one switch interface can be only one host VLAN 621 and one VM.
When I try to use private-vlan trunk mode:
Primary VLAN 652, SECONDARY VLANs 621, 622. VLAN 653 is a pass-through to server for management IP of proxmox.
VLAN 653 on PROXMOX side work ok. But VLANs 621, 622 assigned to VM100, VM101 work on one side of the server. Server can see DHCP request from VM, Server answered with assigned IP to VM, but VM does not receive it answer.
What special must be configured for the correct work VM in private-vlan trunk host mode ?
Server gateway interface:
tcpdump on proxmox side, parent of bridge interface
But for unite many VLAN to one ip subnet with real ip address I try to use Private VLAN with switch VDX-6720 NOS 4.1.3a.
In private-vlan trunk host mode all works ok, on the server side it is seen as PRIMARY VLAN 652, but on one switch interface can be only one host VLAN 621 and one VM.
Code:
do show running-config int te 1/0/19
interface TenGigabitEthernet 1/0/19
fabric isl enable
fabric trunk enable
switchport
switchport mode private-vlan trunk host
switchport private-vlan host-association 652 621
spanning-tree shutdown
no shutdown
!When I try to use private-vlan trunk mode:
Code:
do show running-config int te 1/0/19
interface TenGigabitEthernet 1/0/19
fabric isl enable
fabric trunk enable
switchport
switchport mode private-vlan trunk
switchport private-vlan association trunk 652 621
switchport private-vlan association trunk 652 622
switchport private-vlan trunk allowed vlan add 653
spanning-tree shutdown
no shutdown
!Primary VLAN 652, SECONDARY VLANs 621, 622. VLAN 653 is a pass-through to server for management IP of proxmox.
VLAN 653 on PROXMOX side work ok. But VLANs 621, 622 assigned to VM100, VM101 work on one side of the server. Server can see DHCP request from VM, Server answered with assigned IP to VM, but VM does not receive it answer.
What special must be configured for the correct work VM in private-vlan trunk host mode ?
Code:
show vlan private-vlan
Primary Secondary Type Ports Classification
======= ======= ====== =========== ==============================
652 primary Te 1/0/30(t)
Te 1/0/19(t)
Te 1/0/16(t)
652 601 community Te 1/0/36(u)
652 602 community
652 621 isolated Te 1/0/19(t)
Te 1/0/16(t)
652 622 isolated Te 1/0/19(t)
Te 1/0/16(t)Server gateway interface:
Code:
do show running-config int te 1/0/30
interface TenGigabitEthernet 1/0/30
fabric isl enable
fabric trunk enable
switchport
switchport mode private-vlan trunk promiscuous
switchport trunk allowed vlan add 653
switchport trunk tag native-vlan
switchport trunk native-vlan 999
switchport private-vlan mapping 652 add 601-602,621-622
spanning-tree shutdown
no shutdown
!tcpdump on proxmox side, parent of bridge interface
Code:
tcpdump -i enp8s0f2 -nn -e 'vlan 622'
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp8s0f2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
04:37:48.458686 00:e0:ed:5c:aa:46 > 32:09:9b:a0:04:08, ethertype 802.1Q (0x8100), length 346: vlan 622, p 0, ethertype IPv4 (0x0800), 192.168.66.1.67 > 192.168.66.102.68: BOOTP/DHCP, Reply, length 300
04:37:58.508682 00:e0:ed:5c:aa:46 > 32:09:9b:a0:04:08, ethertype 802.1Q (0x8100), length 346: vlan 622, p 0, ethertype IPv4 (0x0800), 192.168.66.1.67 > 192.168.66.102.68: BOOTP/DHCP, Reply, length 300
04:38:08.558440 00:e0:ed:5c:aa:46 > 32:09:9b:a0:04:08, ethertype 802.1Q (0x8100), length 346: vlan 622, p 0, ethertype IPv4 (0x0800), 192.168.66.1.67 > 192.168.66.102.68: BOOTP/DHCP, Reply, length 300
04:38:16.658565 00:e0:ed:5c:aa:46 > 32:09:9b:a0:04:08, ethertype 802.1Q (0x8100), length 346: vlan 622, p 0, ethertype IPv4 (0x0800), 192.168.66.1.67 > 192.168.66.102.68: BOOTP/DHCP, Reply, length 300
Last edited: