Recently, I’ve received a request to provide some additional information about VLAN configuration and ProxMox VE. Because I have a limited hardware here and because I’m currently travelling, I’ll try to provide with this post a basic configuration walkthrough. The scenario hasn’t been fully tested but this should be working.
This post will be a little bit fussy because it’s really a kind of “quick and dirty post”
Note : In this post, we do not cover the configuration of your switch. The switch should support Vland and you might need to create Trunks as well
So,…Let’s start….
The Scenario
The following drawing provides a quick overview of the infrastructure that will be used to perform our tests.
Click to enlarge picture
In our scenario, we will have to configure a ProxMox VE host equipped with 2 network Cards (eth0 and eth1). One of the network card will be dedicated to the the “management network”. The management network will be simply the network where the Proxmox VE Host will be located.
The remaining network card will be dedicated to the virtual machines traffic (see drawing above). We will call this network “Production network”. The production network will be configured with 2 different VLANs (Vlan 20 and Vlan 30). We will be using the following ip scheme for this example.
- Management network : 192.168.1.0/24
- VLAN 20 network: 192.168.20.0/24
- VLAN 30 network : 192.168.30.0/24
Initial Setup
As a first step, you will simply perform the installation of your Proxmox VE as usual. You can use the following links to perform the initial setup of your Proxmox VE
-
Setup your Proxmox Ve Infrastructure – Part 1 : http://c-nergy.be/blog/?p=356
-
Setup your Proxmox Ve Infrastructure – Part 2 : http://c-nergy.be/blog/?p=369
After your initial configuration, Go to the system Configuration (in the left menu, click system). You should see something similar to the following screenshot below. This is basically how your network interfaces have been configured so far by the Proxmox Ve setup.
Click to enlarge picture
If you have some experience with Proxmox Ve, you know that one of the network card will be used to create the network bridge (vmbr0). The network brige can be compared to the “virtual switch” concept that’s used by VMware Products. We will not change this configuration. We assume that the IP address you have set for your proxmox ve host is located in the Management network Lan.
Because your system has an additional network interface, this one is listed as well in the system configuration>network page. At this stage, this network card has no IP address and is not really used by the Proxmox VE host.
Network Bridges & Vlans
It’s time to create 2 additional network bridges that will be used to split the network traffic between the VLAN’s. You can create the VLAN’s and the network bridges through the Web Interface. You have to know that ProxMox VE (and Linux) uses a specific notation on the network interface when implementing VLAN’s. In our example, we need to create 2 Vlans (Vlan 20 and Vlan 30) that will be attached to the network interface eth1. To indicate the Proxmox Ve host that we will be using VLAN’s we will need to use the following notation
-
eth1.20 (on the ethernet device1, we will be using Vlan 20)
-
eth1.30 (on the ethernet device2, we will be using VLAN 30)
Let’s create the network bride vmbr20 (used to connect to VLAN 20).
In the web interface, click on system link in the left menu. You will land in the system configuration page > network Settings. Clikc on the arrow next to the Inteface Configuration section and from the drop down menu select “Create Bridge Devices” (see screenshot below)
Click to enlarge picture
In the “Create Bridge Device” page, in the Bridge name, you can type a representative name. In our example, we will be using vmbr20.
Do not put any ip addresses.
Finally, in the bridge ports, enter the ethernet interface that will be connected to the network bridge. In our case, because we are implementing Vlan 20, we will insert the information eth1.20
Click to enlarge picture
To create your VLAN 30, you will perform the same operation as above but you will enter the following information
-
bridge name : vmbr30
-
IP address : none (or 0.0.0.0)
-
bridge ports : eth1.30
At the end of the configuration, you should have something like this in your System Configuration page >Interface Configuration
Click to enlarge picture
Note: after changing the vmbr configuration, you will need to reboot your proxmox ve host
Connect the VM’s to the correct Vlans
In my mini test infrastructure, I have created 2 virtual machines : one will be connected to the VLAN 20 and the other to the VLAN 30. To have a virtual machine connected to the appropriate VLAN, you simply need to ensure that the network interface of the virtual machine is connected to the correct network bride. The following screenshots shows the configuration of my two virtual machines
Click to enlarge picture
Click to enlarge picture
Test your configuration
At this stage, your ProxMox VE host configuration should be ready. You still need to configure your switch with the VLAN information and trunking ports (if needed). This is not the purpose of this post. If you have no switch configured, you will notice that virtual machines in VLAN 20 will not be able to ping (or connect) to virtual machines located on the VLAN 30 or even to the management network. If you need to route traffic between vlans and you do not have a vlan capable switch, you can always create a virtual machine (with multiple networks interface) and configure it to act as a router.
If you perform some basic tests, (ping between vlans), you should have traffic passing through the different Vlans.
Final Words
I hope that this post has demonstrate how you could implement VLAN configuration with Proxmox VE. As you have seen, you can configure your Proxmox VE host to support VLAN by simply using the Web Gui Interfaces. For more advanced scenario, you might want to edit the /etc/network/interfaces file and update it accordingly. Again, I would like to outline that I didn’t fully check and test this configuration because I do not have the adequate equipment right now (I’m traveling and I’m in a room hotel with basically 1 laptop…) but based on the information found in the Proxmox VE web site, this configuration should be working.
Finally, note also that if you are using a vlan capable switch you might need to configure it to have it working with your Proxmox VE Vlan configuration (creating VLAN and Port Trunking at the switch level)
Now, It’s your turn to test it. (and let me know if it’s working)
Till next time
See ya
it’s very good explication for how make vlans in proxmox
kenn you make connexion with this vlans ?? when we use a virtual machine for ex (pfsense) pfsense cann create vlans and we cann make inter-vlan with pfsense pfsense is installed in kvm in proxmox sorry for my english
Hello aksel;
As a generic answer; yes, you should be able to have traffic passing between your vlans if your configuration has been done accordingly.
I’m assuming that you have only a virtual environment (no physical switch/routers where vlan can be configured)
I’m assuming that the Pfsense will be the default gateway for each vlans and the pfsense will perform the routing to the destination vlan.
You might need to configure pfsense with multiple networks cards (one per vlans) to allow traffic…depends the ways you have setup your infrastructure
I’ll have no time to perform a test but I would be really interested in the out coming. Let us know your findings :-))
Possibly, can you provide details on your configuration (a drawing may be ?)
you can find more info about Proxmox ve and VLAN at
Hope this help
See ya
thank you very much admin
I want to draw well ,but I do not know how to send it here
in proxmox ve : eth1 = eth1.10 eth1.20 vmbr10 vmbr20 i want mike pfsense between vmbr10 end vmbr20
vmbr10=10.0.10.0/16
vmbr20=10.0.20.0/16
i create 2 ifaces in pfsense r1 re2 who re1 is connectewith vmbr10 @ip 10.0.10.1
re2 is connecte with vmbr20 @ip 10.0.20.1
ping from a machine in vmbr10 to re1 succeeded
not succeeded to re2 or machine in vmbr20
ps rules allow in pfsense
realy i want create link 802.1Q between pfsense (router on a stick) and the differente vmbr i create in my eth1
thix for all
Hello aksel,
Sorry for the late answer,…kinda busy
What the IP address of the Proxmox Ve Host (the one you use to connect to the web interface)
You have only one network interface on your Proxmox VE ? This is for me to have a full picture
Waiting for your reply
see ya
Hello Aksel,
is this the correct ip information you gave me
10.0.10.0/16 and 10.0.20.0/16 ? -> these are considered to be on the same subnet….
Try a /24 on your network or you have to change your ip scheme to something 10.x.0.0/16 where x could be 10 for VLAN1 and 20 for VLAN 20
Best regards
Hello Aksel,
Just for our readers, I confirm that the problem you has was due to wrong ip configuration. Based on the information you’ve provided me,
VLAN 1 was using 10.0.10.0/16 and VLAN2 was using 10.0.20.0/16. If you use /16 and the ip information you gave me, you do not have 2 subnets; you are considered to be on the same subnet and thus no routing through the pfsense will be performed.
Try a /24 on your network or you have to change your ip scheme to something 10.x.0.0/16 where x could be 10 for VLAN1 and 20 for VLAN 20
Best Regards
Till next time
See ya
Hello,
For this configuration, what is your configuration file ?
You’re declare eth1 with /16 for take the differents network ?
Thanks
I can’t edit my previous com, sorry.
This operation is not available in proxmox VE 2.2.
0.0.0.0 address IP not work and when you write the netmask address, the ip address is require.
Have you a solution for this ?
Thanks !!
hello alex,
can you explain what you wanna achieve (what’s your setup/ what do you wanna do ???)
if you provide me a little more info, i might be able to answer your question
till then
see ya
Hi guys,
Not sure if anyone is still following this or not, I have a similar situation as the one discussed in the comments. Thanks for the post btw, it was quite helpful to get started.
I am experimenting with a 2 node cluster (Proxmox 2.3)
I created vmbr10 = eth0.10 and vmbr20 = eth0.20 on both proxmox hosts.
I then assigned the vmbr10 to 3 vms as follows:
Host[192.168.1.230] (proxmox 1)
— vm1 -> 10.10.0.1 (pfsense)
— vm2 -> 10.10.0.88 (debian)
Host[192.168.1.231] (proxmox 2)
— vm3 -> 10.10.0.10 (winxp)
There is no issue in pinging / communication between vms on promox 1 (vm1 and vm2), but vm3 can’t reach either.
I am guessing it’s because the switch that my proxmox hosts are connected to are not vlan aware, just wondering if you guys can confirm this or if it’s something I haven’t done in proxmox correctly.
Thanks!
Yes,
this might be the problem
maybe you have to check your networking to check that for example you have not created a private vlan and not a external vlan
routing might be the issue as well
the first 2 vms are on the same hosts, the third is on a different one… the PVE host has to know how to reach it
Hope this help
Till next time
see ya
Thank you! Even though its old, all of it still applies today
@Zubin,
yes a little bit old but the concept should be indeed quite similar than the one of today
Thank for the visit and the feedback
Till next time
See ya
I have been trying to get VLAN setup working for awhile, and this was the first site that made things a little clearer. My problem is that I am trying to use a single port machine (laptop) that I am running Proxmox 6.1 on. Initially, I had only a single bridge vmbr0. I attempted to create a VLAN interface and I have not been able to create a VLAN interface. Each time I try to create the interface, I get the following error:
Parameter verification failed. (400)
gateway: Default gateway already exists on interface ‘vmbr0’
I tried to create a new bridge based upon what I see above:
Create bridge device
Name: VMBR25
IP: 0.0.0.0/24
Gateway: 192.168.25.1
Autostart: X
Bridge Port: enp0s25.25
root@vserver:~# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
link/ether a4:5d:36:9a:00:cc brd ff:ff:ff:ff:ff:ff
3: wlo1: mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether a4:4e:31:b6:01:48 brd ff:ff:ff:ff:ff:ff
4: vmbr0: mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a4:5d:36:9a:00:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.30.250/24 brd 192.168.30.255 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::a65d:36ff:fe9a:cc/64 scope link
valid_lft forever preferred_lft forever
5: docker0: mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:62:02:2b:d2 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
root@vserver:~# ip route show
default via 192.168.30.1 dev vmbr0 onlink
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.30.0/24 dev vmbr0 proto kernel scope link src 192.168.30.250
So what am I missing?
@Kallis,
No clue so far… we will need a little bit of time to check on this one…
Currently, we are extremly busy because of the lockdown situation in our country…
if time permit, we will try to have a deeper look into it
Sorry about that….
Till next time
See ya
Hi there, I am trying to setup VLANs on my Proxmox 7.0-11 but it is not working. Could you guys help me? I am trying this on my HomeLab. I would really appreciate.
@Luciano,
We have not much time in providing detailed instructions…. have you checked this post (https://engineerworkshop.com/blog/configuring-vlans-on-proxmox-an-introductory-guide/) ? maybe this can be helpful for you
hope this help
till next time
See ya