Traffic Not Tagged in Proxmox SDN VLAN Setup

W

wi83k

New Member
May 20, 2025
2
0
1
I have pfSense in front of my Proxmox cluster and I’m trying to configure SDN using VLAN 60 for a LXC container.
• Zone: untrust (bridge: vmbr0)
• VNet: VLAN tag 60
• Container: LXC set to use bridge untrust, gets IP via DHCP (in correct 10.10.60.x range)

The container gets an IP correctly, and I can see traffic leaving via tcpdump on the container and the SDN bridge. However, packets don’t appear to be VLAN-tagged when reaching vmbr0, and there’s no outbound connectivity (no internet, no ping).

What am I missing to make SDN correctly tag traffic from this LXC with VLAN 60?
Is there an extra step beyond creating the zone and vnet in SDN?
 
Last edited:
How does the generated network configuration look like?

Code: 
cat /etc/network/interfaces
cat /etc/network/interfaces.d/sdn

How does the container config look like?

Code: 
pct config <id>

How does your SDN config look like?

Code: 
cat /etc/pve/sdn/.running-config

please post the output in CODE tags for better readability.
 
Thx for the answer

cat /etc/network/interfaces
Code: 
auto lo
iface lo inet loopback

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.10.0.102/24
        gateway 10.10.0.1
        bridge-ports eno2
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

iface wlo1 inet manual

source /etc/network/interfaces.d/*

cat /etc/network/interfaces.d/sdn

Code: 
#version:4

auto untrust
iface untrust
        bridge_ports vmbr0.60
        bridge_stp off
        bridge_fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

pct config <id>
Code: 
arch: amd64
cores: 1
description: 
features: keyctl=1,nesting=1
hostname: debian
memory: 512
net0: name=eth0,bridge=untrust,hwaddr=BF:11:14:91:BE:C0,ip=dhcp,type=veth
onboot: 1
ostype: debian
rootfs: local-zfs:subvol-100-disk-0,size=2G
swap: 512
tags: os
unprivileged: 1

cat /etc/pve/sdn/.running-config

Code: 
{"zones":{"ids":{"untrust":{"ipam":"pve","bridge":"vmbr0","type":"vlan"}}},"vnets":{"ids":{"untrust":{"type":"vnet","vlanaware":1,"tag":60,"zone":"untrust"}}},"controllers":{"ids":{}},"version":4,"subnets":{"ids":{}}}
 
Do you have any VLAN tags configured inside the container? Can you try removing the VLAN-aware setting from the VNet?
 
You must log in or register to reply here.
Top Bottom