[SOLVED] vmbr0 vlan aware but VM attached cannot see vlan traffic

[Skizzo3000]

Hi,
my server with proxmox 7.3 has one 10GBit nic called ens6.
ens6 is a trunk from the core switch that transport many vlans (about 30).
I created ens6.10 (managment vlan) and bridged to vmbr0
Proxmox is accessible via vmbr0 with static ip
i made also ens6.20 and ens6.30, bridged respectively to vmbr20 and vmbr30 without any ip.
I attached these BRs to 2 VMs, so the VMs are connected to the right VLAN

auto ens6
iface ens6 inet manual

auto ens6.10
iface ens6.10 inet manual

auto ens6.20
iface ens6.20 inet manual

auto ens6.30
iface ens6.30 inet manual

auto vmbr1
iface vmbr1 inet static
        address 192.168.0.46/24
        gateway 192.168.0.254
        bridge-ports ens6.10
        bridge-stp off
        bridge-fd 0
#LAN

auto vmbr2
iface vmbr2 inet manual
        bridge-ports ens6.20
        bridge-stp off
        bridge-fd 0

auto vmbr3
iface vmbr3 inet manual
        bridge-ports ens6.30
        bridge-stp off
        bridge-fd 0

# brctl show
bridge name     bridge id               STP enabled     interfaces
vmbr1           8000.04d9f5c1052a       no              ens6.10
vmbr2           8000.04d9f5c1052a       no              ens6.20
                                                        tap107i1
vmbr3           8000.04d9f5c1052a       no              ens6.30
                                                        tap108i1

So, for now is working fine.

Now i need to attach to a new VM (act as firewall) 'directly' to ens6 so in VM is possible to create the VLAN interface without create many bridges in proxmox and may vNIC in VM.

I made this configuration

auto vmbr1000
iface vmbr1000 inet manual
    bridge-ports ens6
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094
#GLOBAL VLAN

bridge name     bridge id               STP enabled     interfaces
vmbr1000                8000.04d9f5c1052a       no              ens6
                                                        tap122i1

But if i create a VLAN interface in VM, i do not see traffic.

Have you any ideas ?

Thanks
Sk3

 

[Dunuin]

You should skip creating a vlan interface and bridge for each vlan. Only use a single vlan aware bridge. Something like this:

auto lo
iface lo inet loopback

auto ens6
iface ens6 inet manual

auto vmbr0
iface vmbr0 inet manual
    bridge-ports ens6
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr0.10
iface vmbr0.10 inet static
        address 192.168.0.46/24
        gateway 192.168.0.254

Your PVE management is then in VLAN 10.
To define what VM should be in what VLAN you can then edit the "VLAN Tag" for each individual virtual NIC in the webUI at "YourNode -> YourVM -> Hardware -> YourVirtualNIC -> Edit -> VLAN Tag". If you keep that "VLAN Tag" field empty, then that virtual NIC can listen to all the VLANs so you can manage all the VLANs from the guest OS.

 

[Skizzo3000]

Thanks a lot ! Works perfectly !
To get works, i rebooted the server after live configuration.

SOLVED

 

[TikTok90]

You should skip creating a vlan interface and bridge for each vlan. Only use a single vlan aware bridge. Something like this:

auto lo
iface lo inet loopback

auto ens6
iface ens6 inet manual

auto vmbr0
iface vmbr0 inet manual
    bridge-ports ens6
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094

auto vmbr0.10
iface vmbr0.10 inet static
        address 192.168.0.46/24
        gateway 192.168.0.254

Your PVE management is then in VLAN 10.
To define what VM should be in what VLAN you can then edit the "VLAN Tag" for each individual virtual NIC in the webUI at "YourNode -> YourVM -> Hardware -> YourVirtualNIC -> Edit -> VLAN Tag". If you keep that "VLAN Tag" field empty, then that virtual NIC can listen to all the VLANs so you can manage all the VLANs from the guest OS.

Hi Dunuin,
I think I have a very similar issue - a single NIC, enp1s0 on the default network, management IP address 192.168.10.150 also on the default network. I want to have a VM on VLAN 30. Will the code below do the trick if I set the VM to be on vmbr0 with a VLAN tag of 30?

Also really daft question - I can get into the shell, but I can't for the life of me work out how to execute/save this code? What am I missing please?

auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet manual

auto vmbr0
iface vmbr0 inet manual
bridge-ports enp1s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

auto vmbr0
iface vmbr0 inet static
address 192.168.10.150/24
gateway 192.168.10.1

 

[Dunuin]

Will the code below do the trick if I set the VM to be on vmbr0 with a VLAN tag of 30?

If your want your management untagged, then yes.

Also really daft question - I can get into the shell, but I can't for the life of me work out how to execute/save this code? What am I missing please?

Thats not code you run in the console. That is the content of your network config file you can edit with the command nano /etc/network/interfaces.

 

[TikTok90]

Thanks Dunuin. Seems to be running but my Home Assistant VM still isn't getting an IP, but I'm still not sure if the problem is with Proxmox, Home Assistant or Unifi. Troubleshooting continues...

 

[TikTok90]

Okay so I've created a second HA instance on my default network the same way as I created the one on VLAN 30. The on on default connected like a charm, but the one on the VLAN continues to not get an IP address from Unifi. I'm stumped as to what else to look at.