Unable to access {on a specific lan} some device-linked vlans under Proxmox VE

patient0

@Ghost-0 said in Unable to access {on a specific lan} some device-linked vlans under Proxmox VE:

I was able to access all devices and including vlan linked devices on all lans [...] I have no issues pinging vlan linked devices from lan1 and lan3

What are VLAN linked device, can you describe it? Can you draw a network diagram of your network layout including Proxmox? Is Proxmox connected to a VLAN capable switch?

Ghost 0

@patient0
Thanks for the reply!

Proxmox (pve) is on its own dedicated LAN3, which I had to create during installation.

Here's a crude diagram of my network

Pfsense router
{HP SFF Intel i-5)
intel 4-NIC ------->LAN1------> managed switch
(level 2)
------->LAN2-------> parent for all the vlans (vlan10, vlan20,vlan30, vlan40, vlan,50) ---------->>> managed switch #1, level 2+---------> managed switch #2
-------->LAN3 (pve management & no vlans or switch on this lan--connects directly into pfSense and to a desktop.

Total of three managed switches on the network,
24-port PoE switch x 2 and 16-port non-PoE x 1.

To summarize, prior to switching to pve, my network worked without any issues for the most part. I could access all vlans on all lans. Now, I can only access vlans linked devices on lan1 and lan3 only. This is a huge problem because I live in a relatively huge house, wired for ethernet, and some vlan devices are in areas of the house that are linked to lan2 and are not accessible post installation of proxmox hypervisor. This issue doesn't affect non-vlan linked items because we can access all non-vlan items, e.g., non-wireless devices, on all the lans. The workaround is to re-organize the network by moving those affected devices to the other lans. This is not an easy feat for us because my switches are scattered around the house instead of being housed in a typical centralized network rack and would have to run a new ethernet cable to one of the other switches, which is on the other end of the house. We wanted a clean look. Thus, we chose this method because we didn't want to deal with a rat nest of cables coming down from the attic through the ceiling and plus we have beautiful ceilings. I hope this helps and didn't make things more confusing.

patient0

@Ghost-0

Now, I can only access vlans linked devices on lan1 and lan3 only.

I do have difficulty to understand what you mean by "vlans linked devices". Are you referring to VLAN tagged traffic?

Can you read throughFundamentals of 802.1Q VLAN Tagging and see if that explains the terminology?

E.g. do you also have VLAN10/VLAN20/VLAN30/VLAN40/VLAN50 tagged traffic on LAN1 and LAN3?

(what is your native language, maybe you can

Ghost 0

This post is deleted!

Ghost 0

@patient0

Sorry, I may have used the wrong terminology. "vlan linked devices" simply mean devices that are firewalled from the lans for security reasons. For instance,

vlan40 is the network for all IoT devices, e.g., water heater, garage door, doorbell cams, etc.

vlan30 is the network for IP cameras.

All WiFi devices reside on a seperate vlan and are firewalled from the lans.

After installing PVE, I can't access WiFi on lan2. I didn't have this issue prior to PVE. Your statement suggests that I don't understand the fundamentals of the IEEE 802.1Q vlan standard. With all due respect, my system is properly configured for vlan 802.1q. for example, I temporarily removed proxmox and my system was back to normal. So you see, your suggestion that I may not understand 802.1q vlan tagging is inaccurate. Moreover, I spent the last several years learning and using 802.1q. I'll try another forum, perhaps Proxmox, because it sounds like this forum is not the appropriate place for this issue because you are the only person that has tried to help. Thanks for trying and g'day!

patient0

@Ghost-0 said in Unable to access {on a specific lan} some device-linked vlans under Proxmox VE:

our statement suggests that I don't understand the fundamentals of the IEEE 802.1Q vlan standard

That is not what I meant, no. I more assumed that english is not your first language (it's neither for me). And as long I don't understand the issue I won't be able to help.

Gblenn

@Ghost-0 I run pfsense virtualized on Proxmox myself and I have a simlar setup with VLAN's for IoT, wifi and Guest.
However, I never set the VLAN aware flag for pfsense (or any of my VM's), I simply run them as vanilla VirtIO. No trouble with VLAN's of any sort.

Not sure that is what is creating the problem though, but worth investigating.

Also it's a bit unclear what you mean here?

@Ghost-0 said in Unable to access {on a specific lan} some device-linked vlans under Proxmox VE:

Now, I can only access vlans linked devices on lan1 and lan3 only.

But then you say LAN2 is parent for all VLAN's?

Ghost 0

Dude,

"I simply run them as vanilla VirtIO. No trouble with VLAN's of any sort."

You're the man! I solved this issue after you casually referenced "Virtlo." When I was running pfSense bare metal, VirtIO (paravirtualized) was utilized with an Intel 4-port NIC without issues. I got cute when I transitioned to pfSense to PVE. Instead of continuing with Virtlo, I selected "E1000E" during the installation. And this has been the issue and as a result, created this unnecessary trials and tribulations for weeks. Dude, I went down so many rabbit holes trying to fix this thing. I got so many different opinions from forums and watched tons of useless YouTube videos. And here you come and made a simple comment and problem solved. The good thing is you didn't insult me like some other users in some forums for seeking help. I thought these forums are setup to help others? Why do some so-called advanced users like to berate newbies when they ask simple questions? How are we going to learn if we don't ask those questions that may seem rudimentary to the advanced user but confusing to a newbie? I was still insulted in so many forums for asking polite questions. They hurt my feelings. Anyway, thanks for helping me resolved this issue. I must say this experience wasn't all bad... a blessing in disguise, I'd say. I learned so much because this issue forced me to read the pve manual and to bone up on vlan 802.1q.

To answer your question, I have three lans [ lan1, lan2, lan3]. It was weird because during this ordeal, initially I was able to access tagged vlan devices on lan 1 and 3 but not on lan2, which is the parent interface for all the vlans. But it turned out this was a fluke... short lived, because a short time later, I couldn't access any tagged vlan device from any lan. Thanks and appreciate the reply that resulted in resolving this issue because I was about to flip pfSense back to bare metal, grudgingly though, because I like what pve offers, overall. Now, I'm ready to tackle the beast... the docker/frigate installation, wish me luck! I may come back with more stupid questions because I hear docker/frigate/fortainer can be a b****h (expletive) to install.

Gblenn

@Ghost-0 I'm glad it worked out, although I'm not sure why E1000 would create problems that VirtIO doesn't? I mean I would expect them all to work, assuming they do emulate some common NIC or other. I wonder if it has something to do with the fact that you have set the VLAN aware flag. And then E1000 behaves differently with that vs VirtIO. But I guess it doesn't matter now that things are working...

The good thing with Proxmox is that you can fail with your VM's as many times you want, and simply start over from a backup. So my suggestion is to make backups of your VM whilst working on the docker/frigate install, and I assume you mean Portainer?? I usuall keep a clean and update Ubuntu VM as a backup that I can deploy so I don't have to start totally from scratch installing Ubuntu every time. Next step is to install Docker and Portainer and make a backup of that VM. Then you have the baseline VM's to work from...

And try to find an install of frigate where there is a compose file. It really helps for editing and setting it up as you want with perhaps port changes, file locations etc. In Portainer you deploy that as what they call a Stack...

Ghost 0

@patient0

It is inexplicable to me why you must insult me while simultaneously trying to help. I just don't get it. FYI: Mr. know it all, you don't have to insult people. I may not be at your level when it comes to IT stuff, but that doesn't give you the right to bully others here in this respected forum. Insults are not necessary here, my friend. This is a friendly venue for the exchange of free ideas. Just focus on the problem if you can help. If you can't, move on... Nobody comes here to be bullied. I'm just a newbie trying to improve my little network so I can eventually install Docker/Frigate to monitor my cams in order to keep an eye on my field for potential deadly predators. I'm just a poor person from a poor country who just recently discovered this awesome tech. Why won't you share it with me? Why keep it for yourself? I may not be as rich as you, American, I presumed? But you still should respect people even if they are from a less desirable place and not from the "great USA." I have been coming to this forum for many years and for the most part, the users have been very good to me until now. Sir, you my friend is a bully! It shouldn't matter if my native tongue isn't English. By the way, I can read and write English relatively well for a poor sheep farmer. The problem is you, sir. You just don't know how to express thyself, and you made numerous assumptions about an individual you don't even know. What does that statement have to do with my issue? And was that necessary? Nobody is forcing you for assistance. You did it voluntarily. Anyway, the problem has been resolved with the help of a genteel person who tackled the problem instead of focusing on insulting me with unnecessary salty statements...Bye for the no help and must go monitor my herd. I think I see a predator coming for my flock