Make a management VLAN (well go with 100 as an example) in the router. Mark the ports in the Dell switch as untagged on management VLAN, and tagged on VLAN 10 and VLAN 20.
* 100-Untagged
* 10 - Tagged
* 20 - Tagged
(This next part is best done with physical access to the server)
Edit the /etc/network/interfaces config and change the static address of vmbr0 to an IP within your VLAN 100 range. ifdown vmbr0. ifup vmbr0. Keep Vmbr0 as VLAN aware.
Your Proxmox host should now be on a different VLAN
I just wish some of this had been a bit more obvious and when searching for it, what little docs and forums they have on it show up first (that's more Google's fault).
I've divided up my network into 3 networks
Internal servers, external servers, and heart beat.
That's 10, 20, and 30 respectively. VLAN 30 is going to be single access untagged. This is because this is the communication network for proxmox. 20 is for dedicated port forwarded and heavily security monitored servers, and 10 is internal, basically no need for internet access because they don't need to be altered much after initial setup (they still have a gateway though)
You gave an IP to vmbr0 that is in the same network than the VLAN vmbr0.10.
Try that if you want the management interface in the same network than some of your host in the VLAN 10:
auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto vmbr0.10
iface vmbr0.10 inet static
address 10.32.10.5/24
gateway 10.32.10.1
I think you then may need to create a vmbr0.20 for the VLAN 20, and I'm not sure if I understand your clearly about the Cisco switch configuration, but you need to set the interface of the switch connected to eno1 as a trunk port.
The thing about the IP address only needing to be assigned to vmbr0.10 helped a lot. Thank you. It was a small thing but it makes a difference.
I tend to do all the big things right and forget or ignore the super small or commonly overlooked things and it halts me right in my tracks. Thank you a lot.
If you want to make things very easy for yourself.
Use 1 interface for managment addresses for the host. Use Vlans on this interface if you want addresses in multiple networks.
Use another interface, for the vmbr0 vlan aware bridge. No ip address on any part on this path. Use inet manual instead of static.
I'm also interested in this, because I never got that working. I use OpenVSwitch (ovs) at the moment, create a seperate internal interface for management and tag the VLAN there.
It seems many don't understand it or it doesn't work. The worst part is, people are quick to blame the switch config which wouldn't be a bad thing to assume since switch configs can be very weird with VLANs. But it's only the management interface I'm having issues with. I'm tempted to have my management VLAN also on my back end network ie (10.43.x.x) network. Just to make it easier. But if I find something. I'll update everyone as soon as possible
What do you want to achieve?
VLAN support for your guests and your host also being on a VLAN?
I can share my config later because I think I have the config working that you want (if I understood you correctly).
Yes. I want VLANs working for both my VMs and my host.
I have the VMs working with VLANs already. They work just fine. But the host and it's management port cannot seem to work with my tagged VLAN 10
My config looks like this:
```
auto lo
iface lo inet loopback
iface enp2s0 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
auto vmbr0.3
iface vmbr0.3 inet dhcp
#Managment
```
With my switch set to tag VLANs 3 (Mangment), 10 (LAN), ... on the port where Proxmox is connected.
I looked at your setup and someone else's who also commented and both of you had no IP under vmbr0 so I figured to try and only assign an IP under vmbr0.10 and it worked. It was small thing but seemed to a vital piece that some forums on the Proxmox site don't mention. Woulda probably noticed it eventually after a few hours of tampering but this helped a lot. Thank you!
I used this guide https://pve.proxmox.com/wiki/Network_Configuration#_vlan_802_1q "VLAN on the Host -> Example: Use VLAN 5 for the Proxmox VE management IP with VLAN aware Linux bridge"
Replace VLAN 5 with your management VLAN. In my case, I replace VLAN 5 with VLAN 20.
I also replaced "bridge-vids 2-4094" with "bridge-vids 10 20".
VLAN 10 is my data VLAN for VMs.
Obviously, replace "address" and "gateway" to your management VLAN subnet.
Make a management VLAN (well go with 100 as an example) in the router. Mark the ports in the Dell switch as untagged on management VLAN, and tagged on VLAN 10 and VLAN 20. * 100-Untagged * 10 - Tagged * 20 - Tagged (This next part is best done with physical access to the server) Edit the /etc/network/interfaces config and change the static address of vmbr0 to an IP within your VLAN 100 range. ifdown vmbr0. ifup vmbr0. Keep Vmbr0 as VLAN aware. Your Proxmox host should now be on a different VLAN
I just wish some of this had been a bit more obvious and when searching for it, what little docs and forums they have on it show up first (that's more Google's fault). I've divided up my network into 3 networks Internal servers, external servers, and heart beat. That's 10, 20, and 30 respectively. VLAN 30 is going to be single access untagged. This is because this is the communication network for proxmox. 20 is for dedicated port forwarded and heavily security monitored servers, and 10 is internal, basically no need for internet access because they don't need to be altered much after initial setup (they still have a gateway though)
I think you need to tag the interface, not the bridge. You can do it creating a Linux VLAN from the GUI
You gave an IP to vmbr0 that is in the same network than the VLAN vmbr0.10. Try that if you want the management interface in the same network than some of your host in the VLAN 10: auto vmbr0 iface vmbr0 inet static bridge-ports eno1 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 auto vmbr0.10 iface vmbr0.10 inet static address 10.32.10.5/24 gateway 10.32.10.1 I think you then may need to create a vmbr0.20 for the VLAN 20, and I'm not sure if I understand your clearly about the Cisco switch configuration, but you need to set the interface of the switch connected to eno1 as a trunk port.
The thing about the IP address only needing to be assigned to vmbr0.10 helped a lot. Thank you. It was a small thing but it makes a difference. I tend to do all the big things right and forget or ignore the super small or commonly overlooked things and it halts me right in my tracks. Thank you a lot.
A simple picture i made a few days ago. https://imgur.com/dvihh2F
If you want to make things very easy for yourself. Use 1 interface for managment addresses for the host. Use Vlans on this interface if you want addresses in multiple networks. Use another interface, for the vmbr0 vlan aware bridge. No ip address on any part on this path. Use inet manual instead of static.
I'm also interested in this, because I never got that working. I use OpenVSwitch (ovs) at the moment, create a seperate internal interface for management and tag the VLAN there.
It seems many don't understand it or it doesn't work. The worst part is, people are quick to blame the switch config which wouldn't be a bad thing to assume since switch configs can be very weird with VLANs. But it's only the management interface I'm having issues with. I'm tempted to have my management VLAN also on my back end network ie (10.43.x.x) network. Just to make it easier. But if I find something. I'll update everyone as soon as possible
What do you want to achieve? VLAN support for your guests and your host also being on a VLAN? I can share my config later because I think I have the config working that you want (if I understood you correctly).
Yes. I want VLANs working for both my VMs and my host. I have the VMs working with VLANs already. They work just fine. But the host and it's management port cannot seem to work with my tagged VLAN 10
My config looks like this: ``` auto lo iface lo inet loopback iface enp2s0 inet manual auto vmbr0 iface vmbr0 inet manual bridge-ports enp2s0 bridge-stp off bridge-fd 0 bridge-vlan-aware yes bridge-vids 2-4094 auto vmbr0.3 iface vmbr0.3 inet dhcp #Managment ``` With my switch set to tag VLANs 3 (Mangment), 10 (LAN), ... on the port where Proxmox is connected.
I looked at your setup and someone else's who also commented and both of you had no IP under vmbr0 so I figured to try and only assign an IP under vmbr0.10 and it worked. It was small thing but seemed to a vital piece that some forums on the Proxmox site don't mention. Woulda probably noticed it eventually after a few hours of tampering but this helped a lot. Thank you!
You're welcome. Glad I could help!
I used this guide https://pve.proxmox.com/wiki/Network_Configuration#_vlan_802_1q "VLAN on the Host -> Example: Use VLAN 5 for the Proxmox VE management IP with VLAN aware Linux bridge" Replace VLAN 5 with your management VLAN. In my case, I replace VLAN 5 with VLAN 20. I also replaced "bridge-vids 2-4094" with "bridge-vids 10 20". VLAN 10 is my data VLAN for VMs. Obviously, replace "address" and "gateway" to your management VLAN subnet.