VLAN setup for Management interface

T

TapNL

Member
Feb 3, 2022
3
0
6
48
I have struggled with this for quite a while, but I don't seem to get it right.

This is my physical setup:
- I have a server running Proxmox behind an Unifi managed switch.

What I do want to achieve is that:
1) The management interface is on a VLAN
2) That a VM on ProxMox can be set on a specific VLAN.
3) That a VM on ProxMox is on the native vlan of the whole network (in this case this is 192.168.1.x)

For the most I have this working, except for point 3. As soon as I try to setup this up, something breaks down.
The route I think is the most succesfull is to set in the unifi app, the port on the switch with the following profile

Native network: default (this 192.168.1.x)
Allowed networks: 10 (Apps) and 40 (Labs)

If I use this /etc/network/interfaces

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.10.100/24
    gateway 192.168.10.1
    bridge-ports eno1
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

# Apps VLAN
auto vmbr0.10
iface vmbr0.10 inet static
        address 192.168.10.100/24
        gateway 192.168.10.1

# Labs VLAN
auto vmbr0.40
iface vmbr0.40 inet static
        address 192.168.40.100/24
        gateway 192.168.40.1

Combined with the unfii setup, I loos the connection with management GUI and SSH access.
The individual VMs keep functioning and are assigned to IP in VLAN10 and native VLAN.

What do I need to change/improve to also have the management interface to be available in VLAN10.
(I know security wise, I can do better - but if I fix this, I can fix that easily)

Thanks in advance for any support/help/pointers.
 
Hello,

I suppose your configuration causes a routing problem. Do not give two different interfaces the same IP address unless you have a very good reason to do so (and then you must configure some routes manually). In fact don't give two IP addresses in the same subnet to different interfaces without manual routing.

In your case the routing table to 192.168.10.* has two interfaces vmbr0 and vmbr0.10 and depending on which interface gets set up first, the packets will get sent through that interface only. So packets from the other interface never get an answer.

If you want your Proxmox Management IP (I assume it wil be 192.168.10.100) in the VLAN 10, then you only have to give it to interface vmbr0.10

Kind regards,
Benedikt
 
Yes, as described above, different network intefaces = different IPs, even different networks, or you will get some fun with network connectivity lost.
 
Hi,

Thank for your answers, it does make sense what you are saying, so thank you for that.
Bit struggling how to get this working in practice.

Should I set the native vlan for the port in unifi to 10 and then remove the address and netmask part under auto vmbr0?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back