We have a server that we can't quite get working. The host sits on a management VLAN, and after tagging all the VLANs on the switch it's on, it can see everything, including the default VLAN. However, the guests can only see the default VLAN if they're on another VLAN than the default. Otherwise, they go nowhere. I've tried adding a tag of 1 to the guests, but it makes no difference. I can't use OVS to get around it like my former boss did on our older ones as we're going with enterprise support on this one. I've asked the support team, but they're having trouble understanding the issue. Any thoughts on what is going on? Thanks ahead of time!
VLAN conundrum
- Thread starter bkrateku
- Start date
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Based on what you've written
- The ports should be untagged for the VLANs
- Your Proxmox bridges should be VLAN Aware (it's a checkbox)
- Your VMs should be on the VLAN you need them on (text box on the Networking page of the VM Hardware tab)
- If you want a VM to see more than one VLAN it either needs multiple interfaces or the OS needs to be configured to see multiple VLANS.
Ok. We had that at first, but seemed to have a similar issue. I'll try that again, though. I guess I'm a little confused as to how the bridge can see the VLANs if the ports are untagged, i.e., not passing VLAN info with the packets. We do have the bridge set as VLAN aware, and the VMs have their tags accordingly. VMs should be able to use just one VLAN and see what they need, though I'm not sure if OVS helped with this or if it was something else. I'll update after I check this out. Thanks!
VLANs work simply by adding a bit of information in the header that says "I'm in VLAN 25". Untagged port 25 is the switch saying "I expect the traffic to tell me what to do" and Tagged 25 is "I'm telling the traffic what to do". This is obviously oversimplified but it's pretty close.
One thing to check - you said you're configuring the OS to do be VLAN aware - if that's the case you *shouldn't* set a VLAN in the VLAN Tag box of the network config.
One thing to check - you said you're configuring the OS to do be VLAN aware - if that's the case you *shouldn't* set a VLAN in the VLAN Tag box of the network config.
I've untagged the VLANs on the ports, which requires me to alter the bridge get the host to see anything, and it's restricted to the VLAN it's on (42, which is what the switch is also on). With the ports tagged, the host could go anywhere, it was just the servers on the main VLAN that didn't work. Configs are below:
#with tagged VLANs
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto vmbr0.42
iface vmbr0.42 inet static
address 10.99.27.39
netmask 27
gateway 10.99.27.33
#with untagged VLANs
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet manual
address 10.99.27.39
netmask 27
gateway 10.99.27.33
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#with tagged VLANs
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto vmbr0.42
iface vmbr0.42 inet static
address 10.99.27.39
netmask 27
gateway 10.99.27.33
#with untagged VLANs
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet manual
address 10.99.27.39
netmask 27
gateway 10.99.27.33
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
You have defined vmbr0 twice... Also it need to be "inet static" if you define an IP on the vmbr0
That was 2 different configurations we had tried. I caught that as well on the "static" part, but still nothing. I did find out today that openvswitch has an enterprise version for Proxmox5, so we used that and copied the config from another server and changed things appropriately. Working well now! Not sure what it is in that program, but apparently it's required for our setup. Thank you all!