Trunk port to guest

[xtropx]

Proxmox does VLANS a little different than I am used to. VLANS are assigned on a per-machine basis, not on a per-interface/per-logical-grouping-identifier [I.E. "port-group"]. Now this works just fine for 1:1 interface-to-vlan mapping, but where I run into issues is how to configure a guest to have 1 logical interface as a 802.1q trunk port. In some situations I'd also like this interface to trunk to the outside world, as well as have other guests access VLANS originating from it, internally.

In vmware I just set to vlan 4095 and whatever machine I assign an interface in that port group has a trunk. Basically I am looking for a way to do this with proxmox.

Thanks in advance

 

[pirateghost]

I run my router in proxmox KVM. I have this exact thing setup. It works fine. All my vlans go through one interface to my router with only a single vmbr tied to it

Sent from my Nexus 5

 

[fmoreira86]

@pirateghost

Can you share your config?


Sent from my iPad using Tapatalk

 

[pirateghost]

@pirateghost

Can you share your config?


Sent from my iPad using Tapatalk

cat /etc/network/interfaces # network interface settings
auto vlan10
iface vlan10 inet manual
	vlan_raw_device bond0


auto vlan13
iface vlan13 inet manual
	vlan_raw_device bond0


auto vlan192
iface vlan192 inet manual
	vlan_raw_device bond0


auto vlan666
iface vlan666 inet manual


auto lo
iface lo inet loopback


iface eth0 inet manual


iface eth1 inet manual


iface eth2 inet manual


iface eth3 inet manual


iface eth4 inet manual


auto bond0
iface bond0 inet manual
	slaves eth3 eth4
	bond_miimon 100
	bond_mode 802.3ad


auto vmbr0
iface vmbr0 inet static
	address  1.1.1.232
	netmask  255.255.255.0
	gateway  1.1.1.1
	bridge_ports eth0
	bridge_stp off
	bridge_fd 0


auto vmbr1
iface vmbr1 inet manual
	bridge_ports eth1
	bridge_stp off
	bridge_fd 0


auto vmbr2
iface vmbr2 inet manual
	bridge_ports eth2
	bridge_stp off
	bridge_fd 0


auto vmbr100
iface vmbr100 inet manual
	bridge_ports none
	bridge_stp off
	bridge_fd 0


auto vmbr666
iface vmbr666 inet manual
	bridge_ports vlan666
	bridge_stp off
	bridge_fd 0


auto vmbr4095
iface vmbr4095 inet manual
	bridge_ports bond0
	bridge_stp off
	bridge_fd 0


auto vmbr10
iface vmbr10 inet manual
	bridge_ports vlan10
	bridge_stp off
	bridge_fd 0


auto vmbr13
iface vmbr13 inet manual
	bridge_ports vlan13
	bridge_stp off
	bridge_fd 0


auto vmbr11
iface vmbr11 inet manual
	bridge_ports none
	bridge_stp off
	bridge_fd 0


auto vmbr999
iface vmbr999 inet manual
	bridge_ports none
	bridge_stp off
	bridge_fd 0


auto vmbr192
iface vmbr192 inet manual
	bridge_ports vlan192
	bridge_stp off
	bridge_fd 0

For my VyOS router, I use VMBR2 (WAN), VMBR100 (as a crossover to my webfilter and firewall for main LAN), and VMBR4095 to bring in all the VLANs to my router

 

[fmoreira86]

Is this possible to config with GUI?


Sent from my iPhone using Tapatalk

 

[pirateghost]

Is this possible to config with GUI?


Sent from my iPhone using Tapatalk

I did it all by hand based on a config I had before but I assume you should be able to accomplish the same thing in the current GUI

#stayparanoid

 

[fmoreira86]

Could you please post a print screen of your networking GUI?

Thanks a lot!!


Sent from my iPhone using Tapatalk

 

[pirateghost]

You dont really need all those VMBRs. I have them on this node to match my other nodes, where i need VMBRs for containers.

 

[fmoreira86]

Thanks! I belive it is no possible to create vlan interfaces with GUI.

It shows as Unknown


Sent from my iPhone using Tapatalk

 

[pirateghost]

4095 is not a vlan though. Its just an ETH device passing all traffic.

#stayparanoid

 

[fmoreira86]

I mean the vlanxxx interfaces...


Sent from my iPad using Tapatalk

 

[pirateghost]

I mean the vlanxxx interfaces...


Sent from my iPad using Tapatalk

You don't need them.

All you need to do is tie a vmbr to an ETH device and add it to your VM.

#stayparanoid

 

[fmoreira86]

You don't need them.

All you need to do is tie a vmbr to an ETH device and add it to your VM.

#stayparanoid

And then you do not set any vlan ID on the vim settings correct?



Sent from my iPad using Tapatalk

 

[pirateghost]

And then you do not set any vlan ID on the vim settings correct?



Sent from my iPad using Tapatalk

Correct. All you need is one vmbr tied to an ETH device that is on a trunk port on your switch for vlan traffic. I happen to use a bond for mine. I also use vmbr4095 due to my days using esxi.

Once you attach that trunk port to your VM, you can tag vlans coming and going from that vlan.

 

[fmoreira86]

I understand. So there is no need of something like vlan 4095 like ESXi.

Do you know if this pass all the tagged traffic plus native vlan? Or just the tagged traffic.

ESXi passes only tagged when you do 4095.


Sent from my iPad using Tapatalk

 

[pirateghost]

I understand. So there is no need of something like vlan 4095 like ESXi.

Do you know if this pass all the tagged traffic plus native vlan? Or just the tagged traffic.

ESXi passes only tagged when you do 4095.


Sent from my iPad using Tapatalk

It will pass all traffic unless you control it from your switch

#stayparanoid

 

[fmoreira86]

Done. It works.

Do you use dedicated physical nic to your VyOS?

Or do you share it among other VMs?

 

[pirateghost]

Done. It works.

Do you use dedicated physical nic to your VyOS?

Or do you share it among other VMs?

I use dedicated NICs for vyos.

#stayparanoid

 

[fmoreira86]

Ok Thank you !!


Sent from my iPhone using Tapatalk