Proxmox Host VLAN Numbering

S

spetrillo

Member
Feb 15, 2024
278
15
18
Hello all,

I have a number of virtual bridges setup on my Proxmox host. For host management I have defined VMBR3 as follows:

iface eno1 inet manual

auto vmbr3
iface vmbr3 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr3.2
iface vmbr3.2 inet static
address 192.168.1.66/26
gateway 192.168.1.65

It is my understanding that the number after VMBR is arbitrary but when you use the vmbr3.2 the last digit refers to the vlan that is assigned to this. Is this correct? I cannot seem to ping the gateway from the host. I have ensured that my switch port is set to vlan 2. Not sure what I am doing wrong.

Thanks,
Steve
 
Your configuration as described will require than incoming packets on eno1 (the vmbr3 bridge) are tagged with 802.1Q (ID 2). Make sure your switch is configured to pass TAGGED packets out the applicable port. Un-tagged packets will not flow up the stack from vmbr3 to vmbr3.2. Depending on your switch, you may have to set a VLAN other than 2 as the PVID for that port if you don't have explicit options for selecting which VLANs on a port will be tagged and untagged. Some switches will automatically send out un-tagged packets when the VLAN matches the port's PVID.
 
  • Like
Reactions: spetrillo
So configured on that port I had vlan 1 and vlan 2 as untagged, but the PVID was vlan 2. I thought that would do the trick. I guess I could put the PVID back to 1, since I now tag vlan 2 on the switch.
 
If the port had both VLAN1 and VLAN2 as untagged, then you would not have VLAN tags on packets leaving that port for either VLAN1 or VLAN2. This is a problem. You need VLAN tags going out that port for VLAN 2.

The PVID 2 on that port just says "any un-tagged packets received by this port should be assigned to VLAN 2".
 
So another stupid question....

My PC has a connection to a switch. I cannot change the vlan on the adapter, and so I have configured the switch to be vlan 2 untagged. I have a server, who's 10 gig port has two vlans configured for it, vlan 2 and vlan 3. This port is connected to the same switch and the switch port is configured for vlan 2 tagged.

Should my PC be able to communicate to the server on vlan 2?
 
If this is what you mean:

[Server](NIC/bridge VLAN 2&3 Tagged) <---> (Tagged VLAN2&3 Port)[Switch](UNtagged VLAN 2 Port) <---> (UNtagged NIC/Bridge)[PC]

Then yes, they should, barring anything else getting in the way, be able to communicate with each other. Of course your subnets/mask, IPs on the right interfaces, routes, firewalls, etc., etc. I can't speak to.
 
You must log in or register to reply here.
Top Bottom