I’ve got a proxmox server running in my lab along with two other computers running xcp-ng and ESXi. The lab network I have has 6 vlans for traffic segregation. The proxmox server has two network connections – one for management, and the other containing the trunked vlans for the rest of the lab. However, I’ve been unable to get Proxmox to properly pass the vlans to the VMs. Running some analysis software on a VM that should have the entire trunk reveals that the traffic is coming in with no vlan tag. Running this on the other servers shows the traffic properly tagged. The switch is configured to tag all vlans.
Is there a tutorial or document describing what needs to be done to ensure proper transit of the vlans from a NIC port to a VM?
I have the management (M) interface assigned to vmbr0.
I have the trunk (T1) interface assigned to vmbr1.
There is no need for Proxmox to be aware of any of the specific vlans at this point, as I’m not assigning an interface on those. I just want it to pass the traffic directly to the VMs.
Thanks in advance!
Welcome to the forum!
I’d advise you that you actually create the VLAN interfaces on vmbr1, like vmbr1.3 for VLAN 3, vmbr1.90 for VLAN 90 etc., then make a new bridge (say vmbr90) to which the master would be the VLAN interface (vmbr1.90), then assign the virtio NIC in proxmox to the specific bridge (vmbr90 in this case).
That way, the VM will have untagged packets inside it, proxmox bridge will route to the tagged interface, which will tag the packet and send it out the network. Otherwise, if you make a VM and the NIC is attached straight to vmbr1, then your OS needs to know how to address VLANs (you need to make the VLAN interfaces inside the VM, say eth0.3, eth0.90 etc.).
Bellow you’ll see a similar thing I helped someone else to configure.
Threat vmbr10 as vmbr1 in your case (with the slave port being T1 in your net diagram), vmbr10.2 and 10.2 are the VLAN interfaces and the vmbr22 and 33 are bridges with slaves 10.2 and 10.3. Make use of the screenshot, should be self-explanatory. If you don’t get it, feel free to ask me.
Final config will have your VMs be assigned to vmbr22 or 33, so you don’t have to deal with manually tagging the VLANs. If you want your VM to speak to multiple VLANs, you can either assign multiple virtio NICs, one for each vmbr master to a vlan interface, or you could assign a single virtio NIC to vmbr10 alone and inside the VM you just configure the VLAN tagging.
Thank you for the response. I realize now that I wasn’t clear on my requirement. I’ve got an analyzer program that I’m running on the VM that categorizes traffic by VLAN. In my case, I actually need the VM to receive the full tagged traffic from T1. It needs to be tagged on the same interface, as I’m only able to categorize it if it shows up with the proper tag. I feel like this is something easy to do, but I’ve consistently failed to get the tagged interface to the VM.
What OS is the VM running? If it’s linux, what distro?
Ubuntu 23.04. Just for reference, I’m running this same VM on both xcp-ng and esxi servers and it works great. The specific thing I’m trying to do is figure out how to map a trunk port in proxmox to a VM. This is very simple to do on the other hypervisors, so I would anticipate that it’s simple in proxmox, but I seem to be overlooking the procedure.
Create a bridge in proxmox under host network config in the GUI. Make it VLAN aware and make it master of the T1 trunk port. Edit the VM’s NIC in proxmox and connect it to the bridge that have the VLAN. In addition, make sure you disable firewall in the network edit on the VM. You shouldn’t need anything else. If it’s still not working, it’s a config problem.
