VLAN conundrum

B

bkrateku

New Member
Aug 28, 2019
5
0
1
45
We have a server that we can't quite get working. The host sits on a management VLAN, and after tagging all the VLANs on the switch it's on, it can see everything, including the default VLAN. However, the guests can only see the default VLAN if they're on another VLAN than the default. Otherwise, they go nowhere. I've tried adding a tag of 1 to the guests, but it makes no difference. I can't use OVS to get around it like my former boss did on our older ones as we're going with enterprise support on this one. I've asked the support team, but they're having trouble understanding the issue. Any thoughts on what is going on? Thanks ahead of time!
 
Based on what you've written

  • The ports should be untagged for the VLANs
  • Your Proxmox bridges should be VLAN Aware (it's a checkbox)
  • Your VMs should be on the VLAN you need them on (text box on the Networking page of the VM Hardware tab)
  • If you want a VM to see more than one VLAN it either needs multiple interfaces or the OS needs to be configured to see multiple VLANS.
 
Ok. We had that at first, but seemed to have a similar issue. I'll try that again, though. I guess I'm a little confused as to how the bridge can see the VLANs if the ports are untagged, i.e., not passing VLAN info with the packets. We do have the bridge set as VLAN aware, and the VMs have their tags accordingly. VMs should be able to use just one VLAN and see what they need, though I'm not sure if OVS helped with this or if it was something else. I'll update after I check this out. Thanks!
 
VLANs work simply by adding a bit of information in the header that says "I'm in VLAN 25". Untagged port 25 is the switch saying "I expect the traffic to tell me what to do" and Tagged 25 is "I'm telling the traffic what to do". This is obviously oversimplified but it's pretty close.

One thing to check - you said you're configuring the OS to do be VLAN aware - if that's the case you *shouldn't* set a VLAN in the VLAN Tag box of the network config.
 
I've untagged the VLANs on the ports, which requires me to alter the bridge get the host to see anything, and it's restricted to the VLAN it's on (42, which is what the switch is also on). With the ports tagged, the host could go anywhere, it was just the servers on the main VLAN that didn't work. Configs are below:

#with tagged VLANs
iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr0.42
iface vmbr0.42 inet static
address 10.99.27.39
netmask 27
gateway 10.99.27.33

#with untagged VLANs
iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
address 10.99.27.39
netmask 27
gateway 10.99.27.33
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
 
That was 2 different configurations we had tried. I caught that as well on the "static" part, but still nothing. I did find out today that openvswitch has an enterprise version for Proxmox5, so we used that and copied the config from another server and changed things appropriately. Working well now! Not sure what it is in that program, but apparently it's required for our setup. Thank you all!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back