[SOLVED] Proxmox behind a switch can't reach other devices

U

Urbaman

Member
Jan 1, 2022
137
12
23
49
Anzola dell'Emilia, Bologna, Italy
www.dreamlord.it
Hi,

I am trying to configure Proxmox to properly connect through a managed switch.

The switch only has access ports (vlan10, vlan100)

From my PC linked to a vlan100 port I can ping other devices (the switch, the server idracs, the pbs machine, ...)

If I try to set up proxmox network with vlans, it can only talk to himself and to its VMs

This is my actual config:

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 10
    
auto vmbr1
iface vmbr1 inet static
    bridge-ports eno2
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 100
    
auto vlan10
iface vlan10 inet static
    address 10.0.10.11/24
    vlan-raw-device vmbr0
    
auto vlan100
iface vlan100 inet static
    address 10.0.100.11/24
    gateway 10.0.100.1
    vlan-raw-device vmbr1

What's wrong with it?
 
The switch only has access ports (vlan10, vlan100)
Click to expand...

So on your switch, only access ports, that means untagged ports are configured and connected to eno1 and eno2.

On your proxmox host you setup VLAN, so your vmbr0 and vmbr1 only accept tagged VLAN.
Your Switch is only sending untagged (no VLAN information)

your bridges are now dropping all untagged packets, because they only accept tagged packets.

like in your setup, if your managed switch is already untagging two ports, you do not need VLAN on your Proxmox host.

drawing is the language of the engineer.
consider drawing your network with https://asciiflow.com/
it usually causes self-awareness about what you want to do.
 
Ok,

So wanting to segment the different vlans (also have pfSense routing/firewalling, say also attached to the switch thtough access ports.

Having those vlans on pfSense, I'd like to keep segmentation (you know, to keep sync/storage networks private).
Should I enable tagging on the switch (trunking just one vlan+native untugged) or should I just keep everything untugged and the segmentation would work?

Thanks.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back