Private vlans trunk mode for isolation Proxmox VE VM

lexxai

Member
Aug 28, 2020
4
0
6
47
I tried to isolate the VM of PROXMOX VM 7.2 using VLANs. Every VM has its own VLAN.
But for unite many VLAN to one ip subnet with real ip address I try to use Private VLAN with switch VDX-6720 NOS 4.1.3a.
In private-vlan trunk host mode all works ok, on the server side it is seen as PRIMARY VLAN 652, but on one switch interface can be only one host VLAN 621 and one VM.

Code:
do show running-config int te 1/0/19
interface TenGigabitEthernet 1/0/19
 fabric isl enable
 fabric trunk enable
 switchport
 switchport mode private-vlan trunk host
 switchport private-vlan host-association 652 621
 spanning-tree shutdown
 no shutdown
!


When I try to use private-vlan trunk mode:
Code:
do show running-config int te 1/0/19
interface TenGigabitEthernet 1/0/19
fabric isl enable
fabric trunk enable
switchport
switchport mode private-vlan trunk
switchport private-vlan association trunk 652 621
switchport private-vlan association trunk 652 622
switchport private-vlan trunk allowed vlan add 653
spanning-tree shutdown
no shutdown
!


Primary VLAN 652, SECONDARY VLANs 621, 622. VLAN 653 is a pass-through to server for management IP of proxmox.

VLAN 653 on PROXMOX side work ok. But VLANs 621, 622 assigned to VM100, VM101 work on one side of the server. Server can see DHCP request from VM, Server answered with assigned IP to VM, but VM does not receive it answer.

What special must be configured for the correct work VM in private-vlan trunk host mode ?

Code:
 show vlan private-vlan
Primary   Secondary Type      Ports          Classification
=======   =======   ======    ===========    ==============================
652                 primary   Te 1/0/30(t)
                              Te 1/0/19(t)
                              Te 1/0/16(t)

652       601       community Te 1/0/36(u)

652       602       community
652       621       isolated  Te 1/0/19(t)
                              Te 1/0/16(t)

652       622       isolated  Te 1/0/19(t)
                              Te 1/0/16(t)

Server gateway interface:
Code:
do show running-config int te 1/0/30
interface TenGigabitEthernet 1/0/30
 fabric isl enable
 fabric trunk enable
 switchport
 switchport mode private-vlan trunk promiscuous
 switchport trunk allowed vlan add 653
 switchport trunk tag native-vlan
 switchport trunk native-vlan 999
 switchport private-vlan mapping 652 add 601-602,621-622
 spanning-tree shutdown
 no shutdown
!

tcpdump on proxmox side, parent of bridge interface
Code:
tcpdump -i enp8s0f2 -nn -e 'vlan 622'
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp8s0f2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
04:37:48.458686 00:e0:ed:5c:aa:46 > 32:09:9b:a0:04:08, ethertype 802.1Q (0x8100), length 346: vlan 622, p 0, ethertype IPv4 (0x0800), 192.168.66.1.67 > 192.168.66.102.68: BOOTP/DHCP, Reply, length 300
04:37:58.508682 00:e0:ed:5c:aa:46 > 32:09:9b:a0:04:08, ethertype 802.1Q (0x8100), length 346: vlan 622, p 0, ethertype IPv4 (0x0800), 192.168.66.1.67 > 192.168.66.102.68: BOOTP/DHCP, Reply, length 300
04:38:08.558440 00:e0:ed:5c:aa:46 > 32:09:9b:a0:04:08, ethertype 802.1Q (0x8100), length 346: vlan 622, p 0, ethertype IPv4 (0x0800), 192.168.66.1.67 > 192.168.66.102.68: BOOTP/DHCP, Reply, length 300
04:38:16.658565 00:e0:ed:5c:aa:46 > 32:09:9b:a0:04:08, ethertype 802.1Q (0x8100), length 346: vlan 622, p 0, ethertype IPv4 (0x0800), 192.168.66.1.67 > 192.168.66.102.68: BOOTP/DHCP, Reply, length 300

Screenshot 2022-06-08 041743.png
Screenshot 2022-06-08 041643.png

Screenshot 2022-06-08 041533.png
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!