Why enable vlan aware linux bridge if VMs assigned to vlans are already working

A

apap

Member
Apr 18, 2021
24
2
8
50
I have VMs assigned to various vlans and they seem to work fine, with the "VLAN aware" switch in vmbr0 unchecked.

The OCD in me wants to turn it on (after all I have multiple vlans in the network) but I am concerned I will lock myself out of the proxmox server (I am not physically in the same place).

-----

1619136450751.png
 
Last edited:
Looking at the wiki, if you don't enable "VLAN Aware" on the node (vmbr0), with vlan set on the guest eth cards, you would fall under this category, is that correct? (red box)

It implies that if you enable "VLAN Aware" on the node, you cannot use more than one VLAN on a single virtual NIC. Which virtual NIC is this, node's or VM's?

----------

1619137616866.png
 
The virtual NICs are usually the VM ones.
Checking VLAN aware will not lock you out, it just makes it possible to put a VM into a VLAN without creating a dedicated bridge for the VLAN. If you forward a bridge with VLANs into a VM in total, you have to take care of that inside the VM.
 
Thank you for the prompt response. This is precisely my puzzle.

I already have a VM running on a vlan just fine (it gets ip from the dhcp server and can see other devices on that vlan). All while the node's vmbr0 is NOT vlan aware and I don't have dedicated bridges for each vlan set-up in the node.

Why is vlan working in the guest when it shouldn't?

-----

This is the VM's network card:

1619139230291.png

-----

This is the node's Network interfaces (there are no vlan bridges setup (I don't know how to do this) and vmbr0 is not vlan aware):

1619139446906.png
 
Last edited:
Well that's bullet no. 2 in your picture above. Proxmox probably generated another bridge for that vlan. You can check with ip link
 
  • Like
Reactions: apap
For vlan aware bridges it is possible to directly configure the vlans for each port connected to the bridge. (Which vlan ids should pass through, which should get tagged/untagged along the way).
Without this setting, each vlan tag gets its vlan-bridge. This only works if the selected bridge is connected to something we recognize as its physical main port. A vlan device for that device is created, connected to the dedicated vlan bridge. Traffic within the bridge is untagged and only receives its tag once it crosses over to the physical network.
 
Could you provide source on how to configure the bridge according to your first paragraph? For now I only know how to assign a tag via the GUI but would like to configure it more precisely.
 
The only other thing we currently semi-expose is the `trunks` option you can configure only via the command line (see the qm(1) and pct(1) man pages on how to use their 'set' subcommand), this corresponds to using `bridge vlan add dev <iface> vid <ids>`. Note that any custom changes you do manually via the bridge(8) command from iproute2 will not be persistent across restarts of the VMs or host.
 
  • Like
Reactions: markve
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back