[Solved] Problems with Proxmox/vlan-tagging/SG-2100 Switch config

rcoleman-netgate

@furom Is your PVE connected directly to the 2100 or through a second switch?

furom

@rcoleman-netgate said in Problems with Proxmox/vlan-tagging/SG-2100 Switch config:

@furom Is your PVE connected directly to the 2100 or through a second switch?

Yes, PVE is directly connected to the 2100's built-in switch port #3, (pic above)

furom

This is the config of one VM which won't get an IP on defined vlan (in fact no IP at all to be exact);

And the Proxmox config;

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0.22
iface vmbr0.22 inet static
        address 192.168.22.2/28
        gateway 192.168.22.1

auto vmbr0
iface vmbr0 inet static
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-500

Edit: I just now tried editing the last line, just specifying two vland id's, like "bridge-vids 30 44", but still refuse to work...

What am I missing? I read and read and test, still not working. And I'm repeatedly told I won't need any rules for DHCP...

rcoleman-netgate

@furom Do an unfiltered packet capture on the VLAN on pfSense (https://docs.netgate.com/pfsense/en/latest/diagnostics/packetcapture/index.html) and filter against UDP 68 with a limit of 0 packets and see if the traffic is even getting there... or if it is getting there and responding...

I suspect the issue is in your PVE config

furom

@rcoleman-netgate said in Problems with Proxmox/vlan-tagging/SG-2100 Switch config:

@furom Do an unfiltered packet capture on the VLAN on pfSense (https://docs.netgate.com/pfsense/en/latest/diagnostics/packetcapture/index.html) and filter against UDP 68 with a limit of 0 packets and see if the traffic is even getting there... or if it is getting there and responding...

I suspect the issue is in your PVE config

Just so I get this right, I am supposed to do this from a VLAN that is not working, or from pfSense? I'm not used capturing other than quite simple tcpdumps, but will figure it out I hope :)

Edit: I tried this from pfSense, and started a machine that should've requested an IP - nothing.

[root@pfSense ~]# tcpdump -ni mvneta1.30 udp port 68

rcoleman-netgate

@furom the GUI in pfSense makes the PCAP easier... that's why I linked you to how to perform the packet capture in our documentation.

furom

@rcoleman-netgate Sorry. I used the GUI and I can see Proxmox trying something from its own GUI, I don't get anything in the PCAP....

viragomann

@furom
You have enabled the Firewall on the VMs virtual NIC. Did you also configure it properly to allow access?

furom

@viragomann said in Problems with Proxmox/vlan-tagging/SG-2100 Switch config:

@furom
You have enabled the Firewall on the VMs virtual NIC. Did you also configure it properly to allow access?

That is on by default I think, but turning it off makes no difference unfortunately, was hoping it would... Still not seeing any captured packets though. Something is quite weird. Even tried "promiscous" mode, leaving Port blank... That should show something, right?

Edit: Only when I select WAN as interface I get some capture... :/ I don't get this. If I remove port and protocol I get some activity, but none on the one for Proxmox VM..

Removing Port & protocol on vlan 30 on which I am trying to setup an ubuntu, this was all it captured;

19:25:03.205680 IP 192.168.1.3 > 224.0.0.1: igmp
19:26:03.820911 IP 192.168.1.3 > 224.0.0.1: igmp

furom

@rcoleman-netgate said in Problems with Proxmox/vlan-tagging/SG-2100 Switch config:

@furom
I suspect the issue is in your PVE config

Agreed. With my limited knowledge of package capture and your help I think we can conclude that pfSense seems to do what it is supposed, right? It certainly looks as if PVE is not relaying anything to or from it's VMs...

I tried a laptop in a switch port for the same VLAN I set for the VM, and although it per definition is getting it untagged, the DHCP server responds as it should...

viragomann

@furom said in Problems with Proxmox/vlan-tagging/SG-2100 Switch config:

I tried a laptop in a switch port for the same VLAN I set for the VM, and although it per definition is getting it untagged,

The switch port, which is connected to Proxmox is a trunk with tagged VLANs as I understood so far.
If so and you connect a device to it, you have to configure its NIC for VLAN.

Can you post your interface settings of pfSense, please?
Status > Interfaces

Which interface did you run the packet capture?

furom

@viragomann said in Problems with Proxmox/vlan-tagging/SG-2100 Switch config:

@furom said in Problems with Proxmox/vlan-tagging/SG-2100 Switch config:

I tried a laptop in a switch port for the same VLAN I set for the VM, and although it per definition is getting it untagged,

The switch port, which is connected to Proxmox is a trunk with tagged VLANs as I understood so far.
If so and you connect a device to it, you have to configure its NIC for VLAN.

Can you post your interface settings of pfSense, please?
Status > Interfaces

Which interface did you run the packet capture?

I got it working (!) while composing the answer to you! Thanks a lot!! It turned out to be a misconfiguration on the 2100-switch after all, I had not added the vlan to the port I am using... Having done that it now works as it is supposed to. This feels really great, and I am sorry for all the trouble, but very grateful for such a great forum and to all that has tried (and) helped!

Thanks !