Understanding Vlan ant NIC managment

M

m.nosarzewski

New Member
Aug 6, 2024
1
0
1
Im pretty new to Proxmox and have some difficulties. My machine is reciving 5 Vlans via trunk port (im only reciving them so i can't change anything on this side)
One Vlan is for managment, from that Vlan proxmox host should be accessible.
Then i have two VM - one should have ip addres in 3 of these Vlans, and one in 2 of them.
How best to configure it ? I got bit lost in configuration options.
 
Here's a working example from one of my Proxmox nodes. You need to edit /etc/network/interfaces, or try to do the same thing in the web ui (I have never done it that way, so I am little help there.) VLAN 100 is the management interface VLAN. I access the Proxmox web UI at 10.10.100.3:8006. None of my VMs or CTs are on this VLAN.

Because it is connected to a trunked port on my managed switch, any VM or CT can access any VLAN. I just select the VLAN when creating the VM or CT. I use DHCP in all of my VMs and CTs and then do IP reservations on the router/firewall side of things


auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4092

auto vmbr0.100
iface vmbr0.100 inet static
address 10.10.100.3/24
gateway 10.10.100.1
 
Last edited:
  • Like
Reactions: m.nosarzewski
Then i have two VM - one should have ip addres in 3 of these Vlans, and one in 2 of them.
How best to configure it ? I got bit lost in configuration options.
Click to expand...

I am not 100% sure, but I don't think a VM can have an IP address in more than one VLAN unless you create multiple bridges and attache more than one bridge to a VLAN. I have never tried that. It may be better to give each VM one IP address and have firewall rules in your network that allows the VM to reach services on the other VLANs
 
louie1961 said:
I am not 100% sure, but I don't think a VM can have an IP address in more than one VLAN unless you create multiple bridges and attache more than one bridge to a VLAN. I have never tried that. It may be better to give each VM one IP address and have firewall rules in your network that allows the VM to reach services on the other VLANs
Click to expand...
You only need a single vlan-aware bridge. For a VM in multi vlans you got two options:
1.) a single vNIC and you don't set a "VLAN Tag" in the vNICs settings. In this case the guestOS got access to all vlans on that bridge and vlan config has to be done inside the guestOS.
2.) you create one vNIC for each vlan and connect all those vNICs to that single vlan-aware bridge. Set the "VLAN Tag" field in the vNICs settings for each vNIC so each vNIC is serving another vlan. This way PVE is handling all the tagging and all the guestOS is seeing are untagged packets (so no VLAN config required inside the guestOS).
 
Last edited:
  • Like
Reactions: louie1961, m.nosarzewski and nautilus7
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back