VLAN1 is not reachable

F

flgndrhs

New Member
Mar 29, 2023
7
0
1
Hey there,

I am building a small Proxmox-Setup, 1 thin-client server (@home) for simple stuff.

My goal is also to reach a good network isolation, vlan1 for management and vlan3 for DMZ - more will follow as soon as vlan1 works as expected.
Long text simply described - no matter what I do, I cannot use vlan1 on vmbr0, here is my network config:
Code: 
# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp1s0 inet manual

auto vmbr0
iface vmbr0 inet manual
    bridge-ports enp1s0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 1-4094

auto vmbr200
iface vmbr200 inet manual
    ovs_type OVSBridge

auto vlan3
iface vlan3 inet static
    address 192.168.9.201/24
    vlan-raw-device vmbr0
#DMZ

auto vlan1
iface vlan1 inet static
    address 192.168.101.201/24
    vlan-raw-device vmbr0
#management

If I put vlan-raw-device enp1s0 and add the vlan-tag, it works.
But my goal is to also allow a VM (OPNsense) to access vlan1 - which doesn't work.
All VMs are currently offline, to not interfere with anything. Firewall is also offline.

I hope you have some ideas to solve this.
 
Just that you know that I know how to setup a VLAN on a switch:
1687012912263.png
Port 01 == Router
Port 02 == Laptop (from which I manage everything)
Port 08 == Proxmox thin-client (the one from above)

Port 01, 02 and 08 are tagged.
 
fyi - this works for Proxmox, but ofc VMs won't work:

Code: 
auto vlan1
iface vlan1 inet static
    address 192.168.101.201/24
    vlan-raw-device enp1s0

edit:
I reduced vmbr vlans to 1-14
Now I can see a bit more with the bridge command (which is pretty new to me):

Code: 
~# bridge vlan
port              vlan-id
enp1s0            1 PVID Egress Untagged
                  2
                  3
                  4
                  5
                  6
                  7
                  8
                  9
                  10
                  11
                  12
                  13
                  14
vmbr0             1 PVID Egress Untagged
                  3

edit2:
After experimenting a bit I think it's much wiser to use vlan1 as DMZ - or not use it at all, since proxmox/kernel uses it as "PVID egress untagged" by default.
To modify that I would need to run a bunch of commands which would complicate a lot of stuff.
 
Last edited:
Solution:
Code: 
auto vmbr0
iface vmbr0 inet manual
    bridge-ports enp1s0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 1-14
    post-up bridge vlan add dev enp1s0 vid 1
    post-up bridge vlan add dev vmbr0 self vid 1

This cleans the PVID Egress Untagged flags after vmbr0 is up.
I also added the first line of post-up to enp1s0, just in case.

Now I can use vmbr0 for vlan1 - VM test will be done later, if I don't add another comment, it works.


edit: nope, this is not fixable for VMs - I assume there is some sysctl flag I don't know about - or in the proxmox scripts.


Code: 
~# bridge vlan
port              vlan-id 
enp1s0            1
                  2
                  3
                  4
                  5
                  6
                  7
                  8
                  9
                  10
                  11
                  12
                  13
                  14
vmbr0             1
                  3
tap100i0          2 PVID Egress Untagged
tap100i1          3 PVID Egress Untagged
tap100i2          1 PVID Egress Untagged
                  2
                  3
                  4
                  5
                  6
                  7
                  8
                  9
                  10
                  11
                  12
                  13
                  14
                  15
                  16
                  17
                  18
                  19
                  20
                  21
                  22
                  […]
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back