VLAN for Proxmox Host

S

spetrillo

Member
Feb 15, 2024
262
14
18
Hello all,

Straight from the Network Configuration wiki for Proxmox: https://pve.proxmox.com/wiki/Network_Configuration

Example: Use VLAN 5 for the Proxmox VE management IP with VLAN aware Linux bridge

iface eno1 inet manual

auto vmbr0.5
iface vmbr0.5 inet static
address 10.10.10.2/24
gateway 10.10.10.1

auto vmbr0
iface vmbr0 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

I have configured my primary interface as follows:

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr0.3
iface vmbr0.3 inet static
address 192.168.1.66/26
gateway 192.168.1.65

After I saved the config and rebooted I could not get to the Proxmox GUI. Only when I changed the mgmt config from vmbr0.3 to vmbr0.1 did it work. Why is this when the wiki shows something different? Is it the order of the statements?

Thanks,
Steve
 
Hello Steve,

configuration seems fine.
Honestly, it sounds like a network issue on your side. Have you configured tagged VLAN3 on your switch and/or a devices inside this VLAN + Subnet?

As VLAN 1 is the default for basically every network device (untagged or tagged), it surely is the explanation why vmbr0.1 works. (VLAN 1 is not allowed normally and the default vlan for untagged traffic).

Cheers
 
So here is the catch...there is no switch involved. I am connected directly from my PC to the Proxmox server.

Its soo weird...
 
spetrillo said:
So here is the catch...there is no switch involved. I am connected directly from my PC to the Proxmox server.

Its soo weird...
Click to expand...
Then you need to configure your network card in this VLAN. Based on your network card this is possible in the settings directly or you need to go another way with virtual bridges (e.g. von hyperv).
 
I would assume you are talking about the network card on the PC side. I just did this. I moved it to VLAn 3, to match
 
Ding ding ding...I had to throw the network card on my PC into vlan 3. That got the Proxmox mgmt IP to ping back but now I cannot connect to the GUI via a web browser. It times out with no connection, which is very confusing.
 
  • Like
Reactions: Khensu
spetrillo said:
Ding ding ding...I had to throw the network card on my PC into vlan 3. That got the Proxmox mgmt IP to ping back but now I cannot connect to the GUI via a web browser. It times out with no connection, which is very confusing.
Click to expand...

Congratz spetrillo,
that was what I wanted to add, while reading through the posts. :)

In this configuration encapsulation into vlan3 happens at the clan device
Code: 
vmbr0.3
and should not happen anywhere else on the pvehost. (e.g. at the physical network device).
On the partner of the communication the packages needs to be decapsulated of course to enable IP communication.

If your PVE host is pinging back now, try an ssh connection as next step. The root users password based login is enabled, by default.
Afterwards you can drill down potential issues on the host.

BR, Lucas
 
Last edited:
So you are right SSH is up and I can connect, so that leaves the GUI as the source of issue. Going to look into things.
 
Yes I meant the network card in your pc. If you send it in vlan 3 from pve your network card needs to be in it as well.

Are you accessing the GUI via port 8006?
Or did you modify the hostname in /etc/hosts? Be sure it also matches in /etc/hostname
If they do not match, the GUI won't come up.

Also the gui is running under the service pveproxy.

What is the status of pveproxy?
Output of:
systemctl status pveproxy

Normally what I see often is that hosts and hostname files are not matching and/or are being wrong. Because that's what could cause the GUI not to come up.
 
Last edited:
  • Like
Reactions: bl1mp
yes, the pveproxy service is the next thing I would check.
try:
Code: 
systemctl status pveproxy
It should be up and running, otherwise you can check the logs with:
JavaScript: 
journalctl -xeu pveproxy

And like Kensu stated, the pveproxy service requires to resolve the host under a non localhost address.
therefore the ipaddress given during the installation is added to the /etc/hosts file.
If the ipaddress ist removed from the hosts the file needs to be adopted. e.g.

Code: 
root@pve:~# cat /etc/hosts
169.254.255.100 pve.test pve
127.0.0.1       localhost
127.0.1.1       pve.test pve

Beside that, the pveproxy service (and therefore the webui) is by default active on all ipaddresses of the hypervisor. To restrict this behavior entries in /etc/defaults/pveproxy can be set (docs), or you configure the firewall. But be careful with activating the firewall, because the default setting will lock you out from the host, if you are on a remote connection to the host.

BR, Lucas
 
You must log in or register to reply here.
Top Bottom