Proxmox Host VLAN Numbering

S

spetrillo

Member
Feb 15, 2024
288
15
18
Hello all,

I have a number of virtual bridges setup on my Proxmox host. For host management I have defined VMBR3 as follows:

iface eno1 inet manual

auto vmbr3
iface vmbr3 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr3.2
iface vmbr3.2 inet static
address 192.168.1.66/26
gateway 192.168.1.65

It is my understanding that the number after VMBR is arbitrary but when you use the vmbr3.2 the last digit refers to the vlan that is assigned to this. Is this correct? I cannot seem to ping the gateway from the host. I have ensured that my switch port is set to vlan 2. Not sure what I am doing wrong.

Thanks,
Steve
 
Your configuration as described will require than incoming packets on eno1 (the vmbr3 bridge) are tagged with 802.1Q (ID 2). Make sure your switch is configured to pass TAGGED packets out the applicable port. Un-tagged packets will not flow up the stack from vmbr3 to vmbr3.2. Depending on your switch, you may have to set a VLAN other than 2 as the PVID for that port if you don't have explicit options for selecting which VLANs on a port will be tagged and untagged. Some switches will automatically send out un-tagged packets when the VLAN matches the port's PVID.
 
  • Like
Reactions: spetrillo
So configured on that port I had vlan 1 and vlan 2 as untagged, but the PVID was vlan 2. I thought that would do the trick. I guess I could put the PVID back to 1, since I now tag vlan 2 on the switch.
 
If the port had both VLAN1 and VLAN2 as untagged, then you would not have VLAN tags on packets leaving that port for either VLAN1 or VLAN2. This is a problem. You need VLAN tags going out that port for VLAN 2.

The PVID 2 on that port just says "any un-tagged packets received by this port should be assigned to VLAN 2".
 
So another stupid question....

My PC has a connection to a switch. I cannot change the vlan on the adapter, and so I have configured the switch to be vlan 2 untagged. I have a server, who's 10 gig port has two vlans configured for it, vlan 2 and vlan 3. This port is connected to the same switch and the switch port is configured for vlan 2 tagged.

Should my PC be able to communicate to the server on vlan 2?
 
If this is what you mean:

[Server](NIC/bridge VLAN 2&3 Tagged) <---> (Tagged VLAN2&3 Port)[Switch](UNtagged VLAN 2 Port) <---> (UNtagged NIC/Bridge)[PC]

Then yes, they should, barring anything else getting in the way, be able to communicate with each other. Of course your subnets/mask, IPs on the right interfaces, routes, firewalls, etc., etc. I can't speak to.
 
So another stupid question...

My PC is connected to a switch. I want the PC to be on vlan 2. The NIC has no functionality to set vlan when configuring the phyical NIC properties. I set the switch port to be on vlan 2 untagged. The switch port my server I want my PC to talk to is set to vlan 2 tagged. On the PC side the port is set to both vlan 1(default) and vlan 2 untagged. Will my PC talk to the server on vlan 2 or do I need to remove vlan 1 from the port?
 
If the PC-facing port on the switch has multiple VLANs set as untagged (though many consumer switches won't allow this), this likely isn't going to work how you want except for very specific purposes. If VLAN1 is set as the PVID (what you call "default"), then incoming packets on that port would be assigned to VLAN1, not the VLAN2 that you want. You would have to set VLAN2 as the PVID on that port to be able to accept untagged incoming packets on that port and have them implicitly assigned to VLAN2.

There's lots of great Intro-to-VLANs material available online. Here's just a few quick pointers:
https://www.google.com/search?q=beginners+guide+to+VLANs+on+consumer+and+SMB+switches
https://www.youtube.com/watch?v=JszGeQPTo4w
 
You must log in or register to reply here.
Top Bottom
Back