[SOLVED] Question: How to create VLAN aware bridge with Linux bridge?

dksoft

Active Member
Apr 17, 2017
23
7
43
59
Can someone please post a working example of a working VLAN aware bridge configuration?
I would like to have one bridge and then define the VLAN in the VM configuration.

I made it working with Open vSwitch and traditional VLAN devices (enclosed code).
But not with the VLAN aware example in the documenation. Mostly the devices are not recognized in the GUI.

Traditional VLAN devices:
Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

iface enp1 inet manual

iface enp1.100 inet manual

iface enp1.200 inet manual

iface enp1.300 inet manual

iface enp1.400 inet manual

iface enp1.500 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.8/20
    gateway 10.0.0.1
        dns-nameservers 10.0.0.1
        dns-domain intra
    bridge-ports enp1
    bridge-stp off
    bridge-fd 5

iface vmbr0 inet6 auto
    address fd00::8/64
#    gateway fd00::1
        dns-nameservers fd00::1
        dns-domain intra
    up sysctl -w net.ipv6.conf.$IFACE.autoconf=1
    up sysctl -w net.ipv6.conf.$IFACE.accept_ra=2
        up ip token set ::8 dev $IFACE

auto vmbr1
iface vmbr1 inet manual
    bridge-ports enp1.100
    bridge-stp off
    bridge-fd 5
    up sysctl -w net.ipv6.conf.$IFACE.disable_ipv6=1

auto vmbr2
iface vmbr2 inet manual
    bridge-ports enp1.200
    bridge-stp off
    bridge-fd 5
    up sysctl -w net.ipv6.conf.$IFACE.disable_ipv6=1

auto vmbr3
iface vmbr3 inet manual
    bridge-ports enp1.300
    bridge-stp off
    bridge-fd 5
    up sysctl -w net.ipv6.conf.$IFACE.disable_ipv6=1

auto vmbr4
iface vmbr4 inet manual
    bridge-ports enp1.400
    bridge-stp off
    bridge-fd 5
    up sysctl -w net.ipv6.conf.$IFACE.disable_ipv6=1

auto vmbr5
iface vmbr5 inet manual
    bridge-ports enp1.500
    bridge-stp off
    bridge-fd 5
    up sysctl -w net.ipv6.conf.$IFACE.disable_ipv6=1

Open vSwitch:
Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

allow-vmbr0 enp1s0
iface enp1s0 inet manual
    ovs_type OVSPort
    ovs_bridge vmbr0
    up sysctl -w net.ipv6.conf.$IFACE.disable_ipv6=1

auto lan
allow-vmbr0 lan
iface lan inet static
    ovs_type OVSIntPort
    ovs_bridge vmbr0
    address 10.0.0.8/20
    gateway 10.0.0.1
    dns-nameservers 10.0.0.1
    dns-domain intra

iface lan inet6 auto
        address fd00::8/64
        gateway fd00::1
        dns-nameservers fd00::1
        dns-domain intra
        up ip token set ::8 dev $IFACE

auto vmbr0
iface vmbr0 inet manual
    ovs_type OVSBridge
    ovs_ports enp1s0 lan
    up sysctl -w net.ipv6.conf.$IFACE.disable_ipv6=1
 
Hi, simply add "bridge-vlan-aware yes" to vmbr0, and remove other vmbrX

https://pve.proxmox.com/wiki/Network_Configuration

Code:
auto vmbr0
iface vmbr0 inet static
    address 10.0.0.8/20
    gateway 10.0.0.1
        dns-nameservers 10.0.0.1
        dns-domain intra
    bridge-ports enp1
    bridge-stp off
    bridge-fd 5
     bridge-vlan-aware yes

iface vmbr0 inet6 auto
    address fd00::8/64
#    gateway fd00::1
     dns-nameservers fd00::1
     dns-domain intra
     up sysctl -w net.ipv6.conf.$IFACE.autoconf=1
     up sysctl -w net.ipv6.conf.$IFACE.accept_ra=2
     up ip token set ::8 dev $IFACE
 
  • Like
Reactions: cosmos
Dear spirit,
thanks for your quick reply. What you write is actually what I would expect to work.
It works on Open vSwitch, but not on Linux Bridge. The clients do not have network connection into VLAN.

Do I overlook something here?

Here is my /etc/network/interfaces:
Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

iface enp1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.8/20
    gateway 10.0.0.1
        dns-nameservers 10.0.0.1
        dns-domain intra
    bridge-ports enp1
    bridge-stp off
    bridge-fd 5
    bridge-vlan-aware yes

iface vmbr0 inet6 auto
    address fd00::8/64
#    gateway fd00::1
        dns-nameservers fd00::1
        dns-domain intra
    up sysctl -w net.ipv6.conf.$IFACE.autoconf=1
    up sysctl -w net.ipv6.conf.$IFACE.accept_ra=2
        up ip token set ::8 dev $IFACE

A LXC container:
Code:
net0: name=eth0,bridge=vmbr0,gw=136xxxx.65,gw6=2a0xxxx0::1,hwaddr=46:14:9F:26:DD:1C,ip=13xxx67/28,ip6=2a0xxxx0::4/64,tag=400,type=veth

Or a VM:
Code:
net0: virtio=04:00:00:00:03:00,bridge=vmbr0,tag=200
net1: virtio=04:00:00:00:03:01,bridge=vmbr0,tag=100
 
Dear spirit,
thanks for your quick reply. What you write is actually what I would expect to work.
It works on Open vSwitch, but not on Linux Bridge. The clients do not have network connection into VLAN.

Do I overlook something here?

Here is my /etc/network/interfaces:
Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

iface enp1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.8/20
    gateway 10.0.0.1
        dns-nameservers 10.0.0.1
        dns-domain intra
    bridge-ports enp1
    bridge-stp off
    bridge-fd 5
    bridge-vlan-aware yes

iface vmbr0 inet6 auto
    address fd00::8/64
#    gateway fd00::1
        dns-nameservers fd00::1
        dns-domain intra
    up sysctl -w net.ipv6.conf.$IFACE.autoconf=1
    up sysctl -w net.ipv6.conf.$IFACE.accept_ra=2
        up ip token set ::8 dev $IFACE

A LXC container:
Code:
net0: name=eth0,bridge=vmbr0,gw=136xxxx.65,gw6=2a0xxxx0::1,hwaddr=46:14:9F:26:DD:1C,ip=13xxx67/28,ip6=2a0xxxx0::4/64,tag=400,type=veth

Or a VM:
Code:
net0: virtio=04:00:00:00:03:00,bridge=vmbr0,tag=200
net1: virtio=04:00:00:00:03:01,bridge=vmbr0,tag=100


=====

You need to add
Code:
bridge_vids 1-4096
on vmbr0 interface config, where vids are vlan id's that is allowed on bridge interface
If you put 1-4096, all vlan's are allowed
 
Thanks for pointing me to the right direction. It's working now.

By default Proxmox adds the following when enabling VLAN aware in the WebUI:
Code:
bridge-vlan-aware yes
bridge-vids 1-4096

This actually worked for my VLAN 1,100 and 200 but not higher like 300, 400 and 500.
There seems to be a limit.

I now change it to:
Code:
bridge-vlan-aware yes
bridge-vids 1 7 100 200 300 400 500

And everything works as expected.

For documentation, here is my configuration:
Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

iface enp1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.8/20
    gateway 10.0.0.1
    dns-nameservers 10.0.0.1
    dns-domain intra
    bridge-ports enp1
    bridge-stp off
    bridge-fd 5
    bridge-vlan-aware yes
    bridge-vids 1 7 100 200 300 400 500

iface vmbr0 inet6 auto
    address fd00::8/64
#    gateway fd00::1
    dns-nameservers fd00::1
    dns-domain intra
    up sysctl -w net.ipv6.conf.$IFACE.autoconf=1
    up sysctl -w net.ipv6.conf.$IFACE.accept_ra=2
    up ip token set ::8 dev $IFACE
 
Last edited:
  • Like
Reactions: cosmos
Thanks for pointing me to the right direction. It's working now.

By default Proxmox adds the following when enabling VLAN aware in the WebUI:
Code:
bridge-vlan-aware yes
bridge-vids 1-4096

This actually worked for my VLAN 1,100 and 200 but not higher like 300, 400 and 500.
There seems to be a limit.

I now change it to:
Code:
bridge-vlan-aware yes
bridge-vids 1 100 200 300 400 500

And everything works as expected.

Thanks for pointing me to the right direction. It's working now.

By default Proxmox adds the following when enabling VLAN aware in the WebUI:
Code:
bridge-vlan-aware yes
bridge-vids 1-4096

This actually worked for my VLAN 1,100 and 200 but not higher like 300, 400 and 500.
There seems to be a limit.

I now change it to:
Code:
bridge-vlan-aware yes
bridge-vids 1 7 100 200 300 400 500

And everything works as expected.

Don't fix if work :)
 
Thanks for pointing me to the right direction. It's working now.

By default Proxmox adds the following when enabling VLAN aware in the WebUI:
Code:
bridge-vlan-aware yes
bridge-vids 1-4096

This actually worked for my VLAN 1,100 and 200 but not higher like 300, 400 and 500.
There seems to be a limit.

I now change it to:
Code:
bridge-vlan-aware yes
bridge-vids 1 7 100 200 300 400 500

And everything works as expected.

For documentation, here is my configuration:
Code:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

iface enp1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.0.0.8/20
    gateway 10.0.0.1
    dns-nameservers 10.0.0.1
    dns-domain intra
    bridge-ports enp1
    bridge-stp off
    bridge-fd 5
    bridge-vlan-aware yes
    bridge-vids 1 7 100 200 300 400 500

iface vmbr0 inet6 auto
    address fd00::8/64
#    gateway fd00::1
    dns-nameservers fd00::1
    dns-domain intra
    up sysctl -w net.ipv6.conf.$IFACE.autoconf=1
    up sysctl -w net.ipv6.conf.$IFACE.accept_ra=2
    up ip token set ::8 dev $IFACE
Thanks for this; I had a similar issue where VMs using the default VLAN aware bridge were not getting any IPs. I was able to resolve it by changing bridge-vids from 2-4094 to a space delimited list of VLAN tags. I am not sure if this was in the documentation
 
Thanks for this; I had a similar issue where VMs using the default VLAN aware bridge were not getting any IPs. I was able to resolve it by changing bridge-vids from 2-4094 to a space delimited list of VLAN tags. I am not sure if this was in the documentation
some network card don't support more than X total vlans. (mellanox connect-x3 card for example). What is your nic model ?
 
Just throwing my own 2c in here on this.
I ran into the same issue
Code:
bridge-vids 2-4094
- was not liked
Code:
bridge-vids 2 4 10
- for vlan 2 4 and 10 was liked

I had to reboot the VM environment for this to take effect.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!