Proxmox + pfsense + Netgear gs748T + VLAN

P

pseudosoup

New Member
Feb 13, 2018
5
0
1
35
Hi,

I am having great difficulty getting VLANs to work within my setup. VLANs work internally to proxmox and pfsense but I am having no luck getting them to work with the physical network and the Netgear GS748T.

Heres my set up:-

Proxmox server with 3(of 8) NICS configured.
Pfsense as router/firewall.
20 VLAN

Eth0 bridge as WAN for pfsense and main IP for proxmox
Eth3 bridge as LAN for pfsense
Eth7 as VLAN LAN pfsense, each VLAN provides DHCP

Eth0 is working fine and as expected
Eth3 is working fine and as expected including DHCP to physical devices
Eth7 works internally providing VLANs for VM and issuing DHCP from pfsense.
I provide eth7 VMs with the tag in the interface like:- bridge=vmbr1,tag=11

I have followed pretty much every guide I can find available and just cannot get VLANs workiing with the physical Eth7 network. I have tagged 2 ports on the netgear gs748T for VLAN 11 as a test. Eth7 goes to port 1 (VLAN11) on the netgear switch and port 2 (also VLAN11 tagged) goes to a laptop set to get DHCP. this is for testing I will eventually want a trunk to the switch from eth7 that will serve all VLANS to the switch.

Heres my current network config:-

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

iface eth1 inet manual

iface eth2 inet manual

auto eth3
iface eth3 inet manual

iface eth4 inet manual

iface eth5 inet manual

iface eth6 inet manual

auto eth8
iface eth8 inet manual

auto eth9
iface eth9 inet manual

iface eth7 inet manual

auto vmbr0
iface vmbr0 inet dhcp
bridge_ports eth0
bridge_stp off
bridge_fd 0
#WAN

auto vmbr2
iface vmbr2 inet static
address 192.13.37.1
netmask 255.255.255.0
bridge_ports eth3
bridge_stp off
bridge_fd 0
#LAN

auto vmbr1
iface vmbr1 inet manual
bridge_ports eth7
bridge_stp off
bridge_fd 0
bridge_vlan_aware yes
#Event LAN



Everything in this config works except for the physical VLAN. Your help is greatly appreciated.

Thanks
 
Last edited:
pseudosoup said:
and port 2 (also VLAN11 tagged) goes to a laptop set to get DHCP
Click to expand...
i guess that the laptop is not configured to use a tagged vlan11 so you would have to make a port on the switch which is set to provide vlan11 as untagged
 
dcsapak said:
i guess that the laptop is not configured to use a tagged vlan11 so you would have to make a port on the switch which is set to provide vlan11 as untagged
Click to expand...
Thanks for your reply, you may be on to something there. I shall try this later. Does the rest of the config look Ok for achieving what I am attempting to achieve?
 
yeah but you have to give your pfsense (i guess as a vm) also an interface with vlan11
 
ahh ok.... i thought i would be able to give pfsense vlan_aware eth7(vmbr1) and it would act as trunk? This seems to be the case for VMs that are on proxmox? It is only trying to VLAN physically that is causing a problem. I havent tried changing the switch port from TAGGED to UNTAGGED as yet though so everything may come to life once I do that this evening.

Overall I am trying to achieve eth7 as a VLAN trunk between proxmox and the netgear switch....the switch will then serve 20 or so VLANS.
 
Ive played around with un/tagging & PVID on the switch to no avail. Interestingly the switch has no entry for either the laptop or proxmox server in the Address table. Any other ideas?

Just for clarity I am trying achieve:

1. a laptop that will plug into port 1 of the switch and i expect the switch to tag vlan 11
2. ethernet will go from port 3 of the switch to eth7 of the proxmox server
3. vmbr1 bridge eth7
4. vlan11 tagged VMs using vmbr1
5. pfsense has vlan11 setup using vmbr1(vtnet2)
6. I want to be able to access VMs from the laptop
7. overall this will extend to eth7 acting as a trunk from proxmox to the switch allowing a laptop to access a bunch of VMs on their respective VLAN

Any help is greatly appreciated.

Thanks
 
for clarification:
a bridge is a virtual switch

if you connect a vm to a vlan-aware bridge, it is like plugging into an port with VLAN 1 untagged with PVID 1
if you want to have multiple vlans in one vm nic, you have to do this with the command line (the 'trunk' parameter)
qm set <ID> -net0 options...
(see man qm)

alternatively, you can add multiple nics to a vm to the same bridge, each with a different vlan, but the vm will not see the different vlans only a connected nic

so in you case i would do the following:

switch:

port X (for laptop): untagged vlan 11, pvid 11
port Y (for pve): untagged vlan 1(? whatever you want to use as default), tagged vlan11,... PVID 1 (? again whatever you want to use as default)

pve:

vmbr0: vlan aware

vm config:

one nic, configured as trunk, with all vlans enabled which you want
(note that in vlan aware bridges, the default vlan/pvid is 1, so do not try to tag the vlan 1)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back