Skip to main content Best way to configure vlan ? : r/Proxmox
r/Proxmox icon
Go to Proxmox

Best way to configure vlan ?

Question

Hi,

I'm looking to configure my Proxmox server, and thinking to have an architecture like this.

I would like to add VLANs in it, but I'm wondering where and how I should configure them ?

Do I simply set a VLAN id in the VM configuration ?

Thanks !

Calling all experts and enthusiasts! Time is money, and with Squarespace, you can make even *more* when you offer your services with its all-in-one Commerce tools. So turn your practice into profit and your expertise into income.
Sign Up
squarespace.com
Thumbnail image: Calling all experts and enthusiasts! Time is money, and with Squarespace, you can make even *more* when you offer your services with its all-in-one Commerce tools. So turn your practice into profit and your expertise into income.
Sort by:
Best
Open comment sort options

So my experience with proxmox is there are two ways to do Vlans.

  1. The easy way - Vlan aware interface A. Create an interface and set the Vlan aware checkbox. B. Then create a bridge on the interface like you normally do C. When setting up network on a VM, pick the bridge and then set the VLAN tag manually.

This is easy because it is the simplest from the network configuration part, but you do have to remember to set the VLAN on each VM

2. The more complex way - Linux Vlans A. Create a Linux VLAN for each VLAN on your chosen interface. They will have names like <interfaceName>.<vlanID> so if you wanted to make Vlan 10 on interface eno1 you would create the Linux Vlan “eno1.10”. Typically, you do not want to assign IP addresses to these interfaces. B. For each newly created Linux Vlan interface, make a new Linux bridge, no need to check the “Vlan aware” box. C. When assigning the network, just choose the correct bridge that corresponds to the desired VLan. No requirement to put in a Vlan value.

Pretty much, the first option you have a large trunk interface and you set Vlan tagging at the virtual machine level. The second option as the host you create a bunch of VLAN specific interfaces, and have a bridge for each.

The second options means more network configuration items, but could also be easier to visualize if you are used to some of the VMware switching concepts.

Edited

Hey I really like this explanation and actually would like to use strategy #2 since I want to make the VM's totally unaware of any existing vlan's -- I just want to present them with various network cards (with each network card on a different VLAN).

I'm struggling however on the method of how to exactly accomplish this within proxmox.

I've bonded enp2s0 and enp3s0 to create a bond0. I'm using unifi for my switch so the /etc/network/interfaces is going to look something like this: 

auto bond0
iface bond0 inet manual
   bond-slaves enp2s0 enp3s0
   bond-miimon 100
   bond-mode 802.3ad

To accomplish option #2 -- within proxmox do I do the following ??:

For untagged traffic - create a simple bridge with parent interface bond0. It would look something like this: 

auto vmbr1 
iface vmbr1 inet manual
     bridge-ports bond0 
     bridge-stp off 
     bridge-fd 0

For the tagged traffic (using VLAN 20 for this example) - create a vlan with appropriate tag tying it to the appropriate parent interface (which is my case is bond0): 

auto bond0.20 
iface vlan bond0.20 inet manual

Create a bridge (vmbr20) and use bond0.20 as the bridge port: 

auto vmbr20 
iface vmbr20 inet manual 
     bridge-ports bond0.20
     bridge-stp off 
     bridge-fd 0

For each new VLAN you want to add, you need to create a new VLAN and a new bridge (2 step process). You would then add the bridge (vlan unaware) to each VM. So if your VM needed to be reached on VLAN 20 and VLAN 40, you in essence you would need add two network adapters to the VM to accomplish this.

I've seen the notation you've referenced before in terms of eth0.20 however is what I'm describing going to make an interface bond0.20?? I'm struggling how to accomplish this. Is my thinking about right here?

the interface does not have the VLAN aware option, the bridge does. I thought option 2 was simpler. It worked for me, the 1st did not. Now I cannot get the first to work either.

More replies

What'd you use for the diagram? I like the colors.

It's not mine, but I've made something similar using Visio

It seems to me that diagram was created on www.drawio.com . Feel free to check out that free tool

More replies

trying to do something similiar or even almost identical as in the link you have provided. I just think I do not want to seperate vmbr0 and vmbr1 - my OPNSense instance would have a port assigned directly to vmbr1 and that would allow the usage of PPPoE.

Do you know why the vmbr0/vmbr1 separation is recommended? or maybe it is not.

If you want to create vlan for your vm

  • Connect pfsense lan to vmbr2

  • Create vlan id with ip subnet in pfsense

  • Config vlan trunk and tag vlan id to pfsense lan

  • Enable vlan aware on vmbr2 in pve

  • when use vlan for vm use vlan tag id

I would not give proxmox direct internet access. Instead, give your firewall direct nic access with vfio. Allocate 2 nics, one for wan, one for lan. Access to proxmox either on a management interface or a dedicated vlan.

More replies