Shared vlans and nics

L

letho

New Member
Jul 6, 2025
2
0
1
Hello,

I’m working on segmenting my network with VLANs and running into an issue getting my Proxmox host to talk to VLAN 77.

Current setup:
  • Main LAN: 10.0.66.1/24 on vmbr0 (bridged to enp65s0f3), with Sophos at 10.0.66.3 as gateway.
  • VLANs handled by Sophos (DHCP, firewall) — already working for other clients.
  • Trying to add VLAN 77 (10.0.77.1/24 for DNS) on the same physical interface enp65s0f3.

What’s not working:
  • VMs and WiFi clients get IPs on VLAN 77 and can reach my Pi-hole just fine.
  • But Proxmox host itself cannot communicate on VLAN 77 to pihole (10.0.77.253).
    (e.g. can’t ping the Pi-hole or other VLAN 77 devices)

Heres my network config:
auto vmbr0
iface vmbr0 inet static
address 10.0.66.1/24
gateway 10.0.66.3
bridge-ports enp65s0f3
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vlan77
iface vlan77 inet static
address 10.0.77.1/24
vlan-raw-device enp65s0f3

(Tried vmbr0.77 as well, didn’t seem to work.)


Question:
  • What’s the recommended way to let the Proxmox host itself communicate on VLAN 77?
  • Should I be using a vmbr0.77 subinterface instead, since vmbr0 is already VLAN-aware?
  • If I want to allow interfaces to be plugged into and get a IP address on that vlan, how could I do that and have enp65s0f3 get access?

Thank you for any help. Eventually I want to get my main lan split into at rusted and untrusted segment (vlan66 being trusted and auth with 802.1x on a ubiquity ap).
 
Hey,

something like this should work
Code: 
auto vlan77
iface vlan77 inet static
    address 10.0.77.1/24
    vlan-raw-device vmbr0
alternatively
Code: 
auto vmbr0.77
iface vmbr0.77 inet static
    address 10.0.77.1/24

You can either name it vmbr0.77, or vlan77 and specify vmbr0 as its vlan-raw-device. Both should work fine.
 
Hannes Laimer said:
Hey,

something like this should work
Code: 
auto vlan77
iface vlan77 inet static
    address 10.0.77.1/24
    vlan-raw-device vmbr0
alternatively
Code: 
auto vmbr0.77
iface vmbr0.77 inet static
    address 10.0.77.1/24

You can either name it vmbr0.77, or vlan77 and specify vmbr0 as its vlan-raw-device. Both should work fine.
Click to expand...

Hi Hannes,
Thank you for getting back to me. Im still confused here I tried doing either or recommendations and I seem to lose all connectivity when I start messing with my vlans. I can ping my gateways no problem but everything else seems to fail. Im curious, hunting for anything and everything here, if ip forwarding may be the issue (cat /proc/sys/net/ipv4/ip_forward) returns zero.

Right now setting:
auto vmbrA.B
iface vmbrA.B inet static
address .1/24

Where the interface is A and the vlan is B should work for any vlan. Im at a loss for troubleshooting further.
 
What does ifreload -avvvv say? If that doesn't fail, so exits with 0, could you post the output of ip a? So currently it look like this
Code: 
auto vmbr0
iface vmbr0 inet static
    address 10.0.66.1/24
    gateway 10.0.66.3
    bridge-ports enp65s0f3
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr0.77
iface vmbr0.77 inet static
    address 10.0.77.1/24
right?
 
You must log in or register to reply here.
Top Bottom