vlan aware bridges and vlan 1

B

Björn Lässig

Member
Proxmox Subscriber
Jul 1, 2019
7
2
8
54
Hi,
i manage a little proxmox cluster with 2 hosts now (more to come) to serve all of my companies virtual machines. We are developing on linux embedded systems in lots of vlans that are created and destroyed with ansible. I setup two proxmox hosts (holodeck11 and holodeck12) with a vlan-aware-bridge. (rebooting after creation of a bridge for 1 vlan was not an option, so this one was the option without required reboots)

i attached the generated the full network config. I gave it a '.txt' suffix cause could not upload it otherwise.
(i masked IP addresses)

Code: 
auto vmbr0
iface vmbr0 inet static
        address 10.18.1.11/24
        gateway 10.18.1.1
        bridge-ports enp97s0f0
        bridge-stp off 
        bridge-fd 0
        bridge-vlan-aware yes 
        bridge-vids 2-4094



I created a virtual machine with an interface in vlan1 and configured some ipv6 autoconfiguration and routing and were quite surprised, that i got an ipv6 from the proxmox-cluster-network and from the network-router on vlan 1. This was very unexpected and dangerous.

You see there is this line "bridge-vids 2-4094" ?

The Holodecks are connected to a procurve/aruba switch with the following configuration:

interface D1
name "#D1 Holodeck11"
tagged vlan 1,2100-2300
untagged vlan 2000
When i change the line to bridge-vids 1-4094 everything quite works as expected but i cannot do this within the web interface.

What could i do to get this fixed?
Vlan aware bridges are quite new to me, do i miss something?

Have a nice day
Björn
 

Attachments

  • holodeck11.interfaces.txt
    882 bytes · Views: 10
The Proxmox-Support gave me the short advice to „Never use VLAN 1, every vendor uses it with different defaults.“ and they are totally right with this.
The reason, why i want to connect to vlan 1 is to have a virtual machine, that can reach vlan1 to find all those broken gizmos on unconfigured ports and unconfigured devices and to serve them to icinga/nagios.
 
Hit this today after installing, thanks for the solution. I'm only a home user but I use VLAN1 (tagged) all over and never had any issues. Bit of a shame that instead of warning you or blocking you or something, when you tag something on VLAN1 they just put things on the management network.. not sure that makes sense. I can't comment on the "advice" though I think they should be free to give it.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back