Two-NIC Setup: One Dedicated Management Interface and One VLAN Trunk for VMs

[Ma907xb]

Hello everyone,

I have a Proxmox server with two physical NICs (ens1 and eno1). My goal is to:

1. Use one NIC strictly for management (on a dedicated VLAN access port).
2. Use the other NIC as a trunk that carries multiple VLANs for different VMs (one VLAN per VM).

Below is my current /etc/network/interfaces configuration, where I’m attempting to make ens1 the trunk and eno1 the management interface.

How do I assign the VMs to the correct VLAN within proxmox, and how do I handle the native vlan with the trunk?

I currently ahave eno1 set to an access port on my switch with the management VLAN. I was trying to do this in the GUI, but I couldn't follow all the edits that were happening in the terminal below.

Can I now just set my VMs as using vmbr1 and then set each VMs respective VLAN and it will go to my DHCP server?

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

auto vmbr1
iface vmbr1 inet manual
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    # Pass VLAN IDs 2, 3, 4, 5, 6, 7, *and* 88:
    bridge-vids 2 3 4 5 6 7 88
    # set this so untagged traffic goes to VLAN 88.
    bridge-pvid 88

auto ens1
iface ens1 inet manual

auto vmbr0
iface vmbr0 inet dhcp
    bridge-ports ens1
    bridge-stp off
    bridge-fd 0

source /etc/network/interfaces.d/*

 

[dj423]

You can just set the tag on the VM interface, ie:

net0: virtio=BE:22:15:09:0A:F4,bridge=vmbr1,tag=88

As for the native VLAN, kind of depends on how your switch is filtering tagged packets. My MikroTik stuff uses vlan1 as the native vlan, but I only allow tagged traffic so all packets must be tagged - even the management interface since it too attaches to another trunk port in my case.

Since ens1 is acting as a trunk, you would normally want ALL traffic to be tagged I would think, but not sure how your switch handles tagged vs untagged.