Set VLAN ID for Proxmox Management IP Interface

Jan 23, 2021
51
17
13
Hi all,

I need some help getting my network configuration setup correctly, please. Below is my current setup which is working.

I have started making use of VLANs and I have set all my virtual machines to VLAN 10 in their network configuration. This is working, in that they are getting assigned addresses on the correct VLAN, but I am having some issues access web interfaces on those virtual machines now. I do also want my PVE node to be VLAN 10 but I can't see a way to do that from the UI. I am wondering if this may be part of my problem.

I currently have 2x 10Gb fibre connections running as a bond. The interface is VLAN aware so I can set the VLANs on the individual virtual machines but how I can set the VLAN of PVE to VLAN 10 and assign the static address 192.168.10.229?

I have tried a few things from the docs, modifying /etc/network/interfaces but couldn't get it to work. My particular scenario doesn't seem to be covered in the examples. VLAN with bond for PVE management IP with VLAN aware Linux bridge.

Code:
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

auto eno2
iface eno2 inet manual

auto enp185s0f0
iface enp185s0f0 inet manual

auto enp185s0f1
iface enp185s0f1 inet manual

auto enp100s0f0
iface enp100s0f0 inet manual

auto enp100s0f1
iface enp100s0f1 inet manual

auto bond0
iface bond0 inet manual
        bond-slaves enp100s0f0 enp100s0f1
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2+3

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.229/24
        gateway 192.168.1.1
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

Any help would be greatly appreciated.

Thanks,

FS
 
Add this device:
Code:
auto vmbr0.10
iface vmbr0.10 inet static
  address 192.168.10.229/24
With this the host has an address in vlan 10.

Can also be added through the GUI:
node->network->create vlan
 
Last edited:
  • Like
Reactions: spirit
Could someone help to enlighten me on why this did the trick?

- How does the host know where to put the management UI?
- Is it maybe per default always connected to vmbr0?
- What would the same configuration look like if we want to have the management UI on vmbr1?
 
Could someone help to enlighten me on why this did the trick?

- How does the host know where to put the management UI?
- Is it maybe per default always connected to vmbr0?
- What would the same configuration look like if we want to have the management UI on vmbr1?
the management ui listen on all servers ip

#netstat -an|grep 8006
tcp6 0 0 :::8006 :::* LISTEN
 
I suspected as much, but now it makes sense. Thank you!

This is the one piece of information I wasn't able to confirm from reading the documentation.
 
the management ui listen on all servers ip

#netstat -an|grep 8006
tcp6 0 0 :::8006 :::* LISTEN

Sorry for awakening an old thread, but I am struggling with the same thing.

If I want the UI to only be accessible on a specific vlan (is this advisable?), how would you prevent Proxmox from listening to all ports.

Also, how is the vlan device (vmbr0.10) tied to vmbr0? Is Proxmox just looking at the name of the device to "connect" it to vmbr0?
 
Sorry for awakening an old thread, but I am struggling with the same thing.

If I want the UI to only be accessible on a specific vlan (is this advisable?), how would you prevent Proxmox from listening to all ports.

Also, how is the vlan device (vmbr0.10) tied to vmbr0? Is Proxmox just looking at the name of the device to "connect" it to vmbr0?
vmbr0 is just the default Proxmox starts naming bridges with, but it holds no magic otherwise. The management IP could be assigned to vmbr1 or vmbr67 and any vlan from 2-4094.

vmbr0.10 is tied to vmbr0 by standard naming nomenclature. Just as vmbr67.8 would be one way to define/create vlan8 on linux bridge vmbr67.

Proxmox will listen only on port :8006, but I think you mean listen on all IPs when using port 8006. You limit the exact IP's proxmox listens on via what is input to the /etc/network/interfaces file. Many people edit this through the web interface GUI, but they are indirectly editing that file nonetheless. So if you only want proxmox to listen on one IP address the easiest way to make that happen is not to include another IP address in the /etc/network/interfaces file. There are other ways to limit via firewall rules and or network segmentation, but the KISS method is to only save one static IP address as stated.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!