Several VLANs on one NIC for VM-Guests

F

Florian1

New Member
Jan 19, 2025
4
0
1
Hi all,

am new to Proxmox and wondering how I can setup several VLANs for one guest-VM.
This guest VM will be used as proxy and firewall between several networks.

So, the server itself has two hardware interfaces. Interface 1 is used as the mangement network port
Interface 2 shall be used for guest-VMs sitting on several different VLANs

The server is connected via two hardware network cables to a Netgear switch.
On the switch, interface 1 is configured to auto-tag all incoming networks packts as "VLAN100"
On the switch interface 2 will be used for "VLAN100" "VLAN110" and "VLAN120" (without auto-tagging)

As of today, only interface 1 (Management) is configured:

Code: 
cat /etc/network/interfaces


auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0

iface vmbr0 inet static

        address 172.18.0.3/16

        gateway 172.18.0.250

        bridge-ports eno1

        bridge-stp off

        bridge-fd 0

iface idrac inet manual

iface eno2 inet manual

So, how can I bring up interface 2, so that I can map the individual VLANs from interface 2 onto the VMs?
Can someone provide a step-by-step guide?
 
Last edited:
Hi,

do not map the physical interface, but create Linux Bridges and assign these to the VM. The bridge can be used in following ways:
* just forward everything, VLAN handling and tagging must be done in VM
* bridge is VLAN-aware and forwards only the configured VLANs to the VM, which must take care of handling and tagging
* bridge is connected to a VLAN-interface. VM has nothing to do with VLAN, tagging is done by the bridge/vlan-interface. Only single VLAN per bridge is possible here.

Which one do you want to use?

I mainly use the third way, so e. g. create a Linux bridge, provide Name like vmbr110 and assign as Bridge port eno2.110. This bridge can then be assigned to the VM.
 
  • Like
Reactions: maxim.webster and UdoB
Forgot last method, which is same like third but spares the separate creation of the Linux Bridge. This can be used via GUI for single VLAN per interface only.
* Linux Bridge has physical interface as bridge port. Then, in network settings of the VM just write the VLAN id you want to use at the selected bridge for this VM.

network-settings-vm.jpg
 
I think I prefere the very last option, since only traffic for the configured vlan gets visible to the VM. (the one with the screenshot)
If I get you right, I can configure everything via the web-gui - nothing todo via the command shell - right?

Is there some general configuration which I have to configure on the proxmox host, so that I can use the bridge within the VM?
In the end there is one physical interface which I want to to use for several vlans and map them to different VMs.
 
All described options can be configured via GUI, that's what makes Proxmox so accessible, imho.
There is no special configuration in addition needed. Just create the bridge with the physical port assigned and then start using it as described.
 
So, after many "trail and error" I finally made it ...

Here a step-by-step guide:
  1. Login to the web-gui
  2. navigate to your proxmox VE server and go to the network settings
  3. Create as many VLANs as necessary (create -> Linux VLAN)
    1. For creating a VLAN which is tagged as "100" type "vlan100" in the "name" field. The field "VLAN Tag" will adjust automatically
    2. The field "VLAN raw device" is the name of your hardware NIC (in my case "eno2")
    3. keep all other fields as they are
  4. Create as many bridges as you configured VLANs beforehand (create -> Linux Bridge)
    1. "Name" has to start with "vmbr" followed by a number
    2. "Bridge ports" must be the VLAN that you just configured (e.g. vlan100)
    3. "Comment": Since in some selection options of the web-gui, you only see the bridge name, it is whise to enter a hint to which VLAN the bridge bridges (e.g. "Bridge_to_vlan100")
    4. keep all other fields as they are
  5. Create a new VM
    1. In the wizard, under the tab "Network" select the correct bridge (remember the vlan bridging)
    2. "Model": Some software appliances seem to struggle with the default setting of "VirtIO". Switching to "VMware" resolved the issue (in my case)
    3. VLAN Tag: Keep this field empty, since the bridge is taking care of tagging
  6. Additional Interfaces
    Unfortunately you can only create one single interface during the creation of the VM (wizzard).
    Therefore you have to add additional virtual network cards after you completed the VM setup wizard:
    1. Select the VM you want to modify
    2. Navigate to Hardware
    3. click on "add -> Network Device"
    4. follow steps from point 5.2 and 5.3 above
Have fun ;)
 
You must log in or register to reply here.
Top Bottom