VM VLAN Tag not working

[mammutserver]

I activated "VLAN aware" in the network config of the Proxmox host, rebooted the server and added VLAN Tags to the VM (Netgate Installer).
VLAN 5 has a DHCP server and is the WAN network, VLAN 6 is the LAN network.
The Netgate Installer doesn't get an address assigned and even if I assign a static address it seems like there is not network traffic. I also tested this setup with a LXC and Ubuntu VM and got the same results.



/etc/network/interfaces

auto lo
iface lo inet loopback

iface enp1s0f0 inet manual

iface enp1s0f1 inet manual

iface enp2s0f0 inet manual

iface enp2s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.10.4.2/24
    gateway 10.10.4.1
    bridge-ports enp1s0f0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

 

[golem]

How is the switch port configured?

Is vlan 4 native and 5/6 tagged?

 

[mammutserver]

How is the switch port configured?

Is vlan 4 native and 5/6 tagged?

Yes, VLAN 4 is native and 5/6 are tagged.

 

[_--James--_]

-what network switch is being used, vlan 5 and 6 are tagged, but what is handling the routing for these vlans? I suspect the end goal is that vm, but until its up how is that vm expected to get DHCP and route to the internet?

-DHCP is on vlan 5, sounds like its coming from the WAN router (ISP managed?). If you untag another port on the switch for vlan 5 does a PC get an IP from DHCP? Most ISP routes mac lock to the CPE, have you rebooted the ISP router after making all of these changes since the VM's vnet0 wan is going to have a different MAC address.

-while the vlan's are correct on the VM, are you sure the virtio drivers are installed and the nics are "up/up" and do you have the vlan bound to the right virtual nic inside of the VM (is vnet0 actually nic0?)

-what physical network adapter is being used on PVE to handle the vlans? There are known issues with Connect X4's with limited ROM spce and being unable to tag 2-4095, and to fix this you need to edit the vmbr and specify the vlans manually ' bridge-vids 4 5 6 100 200' and so on.

 

[mammutserver]

-what network switch is being used, vlan 5 and 6 are tagged, but what is handling the routing for these vlans? I suspect the end goal is that vm, but until its up how is that vm expected to get DHCP and route to the internet?

-DHCP is on vlan 5, sounds like its coming from the WAN router (ISP managed?). If you untag another port on the switch for vlan 5 does a PC get an IP from DHCP? Most ISP routes mac lock to the CPE, have you rebooted the ISP router after making all of these changes since the VM's vnet0 wan is going to have a different MAC address.

-while the vlan's are correct on the VM, are you sure the virtio drivers are installed and the nics are "up/up" and do you have the vlan bound to the right virtual nic inside of the VM (is vnet0 actually nic0?)

-what physical network adapter is being used on PVE to handle the vlans? There are known issues with Connect X4's with limited ROM spce and being unable to tag 2-4095, and to fix this you need to edit the vmbr and specify the vlans manually ' bridge-vids 4 5 6 100 200' and so on.

There is a router on the WAN VLAN 5 (not ISP managed) and I can get an address when connecting to my switch with VLAN 5 untagged on a port.
VLAN 6 will be configured as a LAN network so I assume it should not affect the installation.
The network card is a Intel X540 (Supermicro server).

 

[_--James--_]

There is a router on the WAN VLAN 5 (not ISP managed) and I can get an address when connecting to my switch with VLAN 5 untagged on a port.
VLAN 6 will be configured as a LAN network so I assume it should not affect the installation.
The network card is a Intel X540 (Supermicro server).

Then you might want to change the network adapters from virtio to e1000e on the VM as a test to make sure its not a driver issue at the guest level. You can also try a liveCD of Ubuntu/Debian and see if its pulling DHCP as a VM on vlan5.

I have not had any issues with the x540's but I also carve out my vids by numbers on the connected bridge, you might want to consider adjusting the vids from 2-4095 to the ones you are trying to use to make sure its not an issue. Then just issue ifreload -all instead of doing a reboot to make the changes live.