I'm an amateur setting up a more advanced home server and learning Proxmox; I have spent many many hours reading articles and the forums but I haven't come across a way to resolve my problem. I think the issue lies at the intersection of how Proxmox and Unifi work but I'm not a networking expert so I'm not sure if the solution lies in Proxmox, Unifi, or both.
Setup:
One physical NIC in the Proxmox box, connected to a Unifi switch.
VLAN 1 - default/untagged/users
VLAN 2 - IoT/user services
VLAN 3 - NoT
VLAN 5 - Management
Proxmox host is running on VLAN 5. It has an Ubuntu VM (also on VLAN 5) using sub-interfaces with Docker and macvlan Docker networks to provide VLAN access to containers.
Problem:
I want to have my Proxmox VW host/web UI on VLAN 5, while running VMs (and containers within those VMs, aka Docker) on other VLANs. This is all working fine in most cases -- I have successfully gotten two different Docker containers (running on the same VM in Proxmox) attached to two different VLANs (VLAN 2 and VLAN 5) and responding to inbound requests -- I was elated about getting this far because, again, not a network guy.
The problem comes in if I want a Docker container to run on VLAN 1 (and I think the same thing might happen with a whole-hog VM on Proxmox too). I anticipate having one use case where this will be necessary so I'm trying to sort it out. If I attempt to attach a Docker container to my vlan1 sub-interface in Ubuntu, it's never seen by my network switch (Unifi).
Part of the solution to what I do have working (serving up traffic on any VLAN except 1) was to create a port profile on my switch that has its default network as VLAN 5. Until I did this, I couldn't get the Proxmox host to respond at all when I moved it (from VLAN 1 where I first set it up) to the VLAN 5 IP block. Only once I changed the port configuration for that physical port on the switch so that any untagged traffic got assigned to VLAN 5 did Proxmox work on the new IP.
So..that suggests a couple things. One, it suggests that the Proxmox host is not tagging its traffic or something...so when I gave PVE a VLAN 5 IP address, I couldn't connect to it (nor could I ping out from PVE console) until I changed the switch port to use VLAN 5 as the untagged default. Is that by design? In my scenario, should I be looking for away to tag the PVE host to a specific VLAN while bridging the Docker VM to the switch without a specific VLAN tag (so Docker can do the tagging)?
The second thing this makes me think is that somehow, the traffic for the Docker container on VLAN 1 coming across the physical NIC is not getting tagged properly. If it was, then I would think it would wind up on VLAN like it should. But if I can set the port back to VLAN 1 as the untagged default, this won't matter...but I can only do that if I can figure out how to have Proxmox host tagged to VLAN 5. I think. I really don't know what I'm doing.
/etc/network/interfaces:
Setup:
One physical NIC in the Proxmox box, connected to a Unifi switch.
VLAN 1 - default/untagged/users
VLAN 2 - IoT/user services
VLAN 3 - NoT
VLAN 5 - Management
Proxmox host is running on VLAN 5. It has an Ubuntu VM (also on VLAN 5) using sub-interfaces with Docker and macvlan Docker networks to provide VLAN access to containers.
Problem:
I want to have my Proxmox VW host/web UI on VLAN 5, while running VMs (and containers within those VMs, aka Docker) on other VLANs. This is all working fine in most cases -- I have successfully gotten two different Docker containers (running on the same VM in Proxmox) attached to two different VLANs (VLAN 2 and VLAN 5) and responding to inbound requests -- I was elated about getting this far because, again, not a network guy.
The problem comes in if I want a Docker container to run on VLAN 1 (and I think the same thing might happen with a whole-hog VM on Proxmox too). I anticipate having one use case where this will be necessary so I'm trying to sort it out. If I attempt to attach a Docker container to my vlan1 sub-interface in Ubuntu, it's never seen by my network switch (Unifi).
Part of the solution to what I do have working (serving up traffic on any VLAN except 1) was to create a port profile on my switch that has its default network as VLAN 5. Until I did this, I couldn't get the Proxmox host to respond at all when I moved it (from VLAN 1 where I first set it up) to the VLAN 5 IP block. Only once I changed the port configuration for that physical port on the switch so that any untagged traffic got assigned to VLAN 5 did Proxmox work on the new IP.
So..that suggests a couple things. One, it suggests that the Proxmox host is not tagging its traffic or something...so when I gave PVE a VLAN 5 IP address, I couldn't connect to it (nor could I ping out from PVE console) until I changed the switch port to use VLAN 5 as the untagged default. Is that by design? In my scenario, should I be looking for away to tag the PVE host to a specific VLAN while bridging the Docker VM to the switch without a specific VLAN tag (so Docker can do the tagging)?
The second thing this makes me think is that somehow, the traffic for the Docker container on VLAN 1 coming across the physical NIC is not getting tagged properly. If it was, then I would think it would wind up on VLAN like it should. But if I can set the port back to VLAN 1 as the untagged default, this won't matter...but I can only do that if I can figure out how to have Proxmox host tagged to VLAN 5. I think. I really don't know what I'm doing.
/etc/network/interfaces:
Code:
auto lo
iface lo inet loopback
auto eno1
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.5.10/24
gateway 192.168.5.1
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 1 2 3 4 5
Last edited:
