VLAN1 is not reachable | Proxmox Support Forum

VLAN1 is not reachable

F

flgndrhs

New Member
Mar 29, 2023
7
0
1
Hey there,

I am building a small Proxmox-Setup, 1 thin-client server (@home) for simple stuff.

My goal is also to reach a good network isolation, vlan1 for management and vlan3 for DMZ - more will follow as soon as vlan1 works as expected.
Long text simply described - no matter what I do, I cannot use vlan1 on vmbr0, here is my network config:
Code: 
# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp1s0 inet manual

auto vmbr0
iface vmbr0 inet manual
    bridge-ports enp1s0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 1-4094

auto vmbr200
iface vmbr200 inet manual
    ovs_type OVSBridge

auto vlan3
iface vlan3 inet static
    address 192.168.9.201/24
    vlan-raw-device vmbr0
#DMZ

auto vlan1
iface vlan1 inet static
    address 192.168.101.201/24
    vlan-raw-device vmbr0
#management

If I put vlan-raw-device enp1s0 and add the vlan-tag, it works.
But my goal is to also allow a VM (OPNsense) to access vlan1 - which doesn't work.
All VMs are currently offline, to not interfere with anything. Firewall is also offline.

I hope you have some ideas to solve this.
 
Just that you know that I know how to setup a VLAN on a switch:
1687012912263.png
Port 01 == Router
Port 02 == Laptop (from which I manage everything)
Port 08 == Proxmox thin-client (the one from above)

Port 01, 02 and 08 are tagged.
 
fyi - this works for Proxmox, but ofc VMs won't work:

Code: 
auto vlan1
iface vlan1 inet static
    address 192.168.101.201/24
    vlan-raw-device enp1s0

edit:
I reduced vmbr vlans to 1-14
Now I can see a bit more with the bridge command (which is pretty new to me):

Code: 
~# bridge vlan
port              vlan-id
enp1s0            1 PVID Egress Untagged
                  2
                  3
                  4
                  5
                  6
                  7
                  8
                  9
                  10
                  11
                  12
                  13
                  14
vmbr0             1 PVID Egress Untagged
                  3

edit2:
After experimenting a bit I think it's much wiser to use vlan1 as DMZ - or not use it at all, since proxmox/kernel uses it as "PVID egress untagged" by default.
To modify that I would need to run a bunch of commands which would complicate a lot of stuff.
 
Last edited:
Solution:
Code: 
auto vmbr0
iface vmbr0 inet manual
    bridge-ports enp1s0
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 1-14
    post-up bridge vlan add dev enp1s0 vid 1
    post-up bridge vlan add dev vmbr0 self vid 1

This cleans the PVID Egress Untagged flags after vmbr0 is up.
I also added the first line of post-up to enp1s0, just in case.

Now I can use vmbr0 for vlan1 - VM test will be done later, if I don't add another comment, it works.


edit: nope, this is not fixable for VMs - I assume there is some sysctl flag I don't know about - or in the proxmox scripts.


Code: 
~# bridge vlan
port              vlan-id 
enp1s0            1
                  2
                  3
                  4
                  5
                  6
                  7
                  8
                  9
                  10
                  11
                  12
                  13
                  14
vmbr0             1
                  3
tap100i0          2 PVID Egress Untagged
tap100i1          3 PVID Egress Untagged
tap100i2          1 PVID Egress Untagged
                  2
                  3
                  4
                  5
                  6
                  7
                  8
                  9
                  10
                  11
                  12
                  13
                  14
                  15
                  16
                  17
                  18
                  19
                  20
                  21
                  22
                  […]
 
Last edited:
You must log in or register to reply here.
Top Bottom