PVE: Custom VLANs

This guide presents two methods for setting up VLANs in Proxmox and configuring a UniFi switch to work with them.

Prerequisites

• Proxmox VE installed
• Root access to the Proxmox host
• UniFi Network Controller access
• Network interface(s) available for configuration

Method 1: Manual VLAN Creation Without Explicit VLAN Tagging

Proxmox Configuration

1. Access the Proxmox host

   • SSH into your Proxmox host or access the console directly

2. Edit the network configuration file

   • Open the network interfaces configuration file:

     nano /etc/network/interfaces
     

3. Configure the main bridge (vmbr0) and VLAN bridge (vmbr1)

   • Add the following configuration:

     auto vmbr0
     iface vmbr0 inet static
             address 192.168.1.7/24
             gateway 192.168.1.1
             bridge-ports eno1
             bridge-stp off
             bridge-fd 0
     
     auto vmbr1
     iface vmbr1 inet static
             address 192.168.2.1/24
             bridge-ports eno1.2
             bridge-stp off
             bridge-fd 0
             bridge-vlan-aware yes
             bridge-vids 2-4094
     
     source /etc/network/interfaces.d/*
     

4. Save and apply the configuration

   • Save the file and exit the editor
   • Restart networking or reboot the Proxmox host:

     systemctl restart networking
     

     or

     reboot
     

UniFi Switch Configuration for Method 1

1. Access the UniFi Network Controller

   • Log in to your UniFi Network Controller interface

2. Navigate to the Devices section

   • Find and select the UniFi switch connected to your Proxmox host

3. Locate the correct port

   • Identify the port number that your Proxmox host is connected to

4. Configure the port for multiple VLANs

   • Click on the port to open its configuration settings
   • Set the "Port Profile" to "All"
   • In the "Native VLAN" field, enter the VLAN ID for your main network (usually 1)
   • In the "Tagged VLANs" field, enter "2-4094" to allow all possible VLANs

5. Enable VLAN awareness on the switch

   • In the switch settings, ensure that "VLAN Aware" is turned on

6. Create VLANs in UniFi Controller

   • Go to the "Settings" > "Networks" section in your UniFi Controller
   • Create a new network for each VLAN you plan to use
   • Assign appropriate VLAN IDs to these networks (matching the ones you set up in Proxmox)

7. Configure DHCP and routing (if needed)

   • If you want the UniFi Controller to handle DHCP for your VLANs, configure DHCP servers for each VLAN network
   • Set up appropriate firewall rules to control traffic between VLANs

8. Apply the changes

   • Save the port configuration
   • Apply the changes to the switch

9. Verify the configuration

   • Check the UniFi Controller's insights or statistics to ensure traffic is flowing correctly on the configured VLANs

Method 2: Using VLAN Tags in Proxmox VMs and UniFi

Proxmox Configuration

1. Access the Proxmox host

   • SSH into your Proxmox host or access the console directly

2. Edit the network configuration file

   • Open the network interfaces configuration file:

     nano /etc/network/interfaces
     

3. Configure the main bridge (vmbr0)

   • The main bridge typically does not need to be changed. Here's an example of a basic default configuration:

     auto lo
     iface lo inet loopback
     
     iface eno1 inet manual
     
     auto vmbr0
     iface vmbr0 inet static
             address 192.168.1.100/24
             gateway 192.168.1.1
             bridge-ports eno1
             bridge-stp off
             bridge-fd 0
     
     source /etc/network/interfaces.d/*
     

   • Adjust the address and gateway as needed for your network

4. Save and apply the configuration

   • Save the file and exit the editor
   • Restart networking:

     systemctl restart networking
     

5. Configure VLAN tagging for VMs

   • When creating or editing a VM in the Proxmox web interface:
     • Go to the VM's "Hardware" tab
     • Add a new network device or edit an existing one
     • Set "Bridge" to vmbr0
     • In the "VLAN Tag" field, enter the desired VLAN ID (e.g., 10, 20, 30)

UniFi Switch Configuration for Method 2

1. Access the UniFi Network Controller

   • Log in to your UniFi Network Controller interface

2. Navigate to the Devices section

   • Find and select the UniFi switch connected to your Proxmox host

3. Locate the correct port

   • Identify the port number that your Proxmox host is connected to

4. Configure the port for tagged VLANs

   • Click on the port to open its configuration settings
   • Set the "Port Profile" to "All"
   • In the "Native VLAN" field, enter the VLAN ID for your main network (usually 1)
   • In the "Tagged VLANs" field, enter the VLAN IDs you plan to use in your Proxmox VMs (e.g., "10,20,30")

5. Create VLANs in UniFi Controller

   • Go to the "Settings" > "Networks" section in your UniFi Controller
   • Create new networks for each VLAN, matching the IDs you plan to use in Proxmox VMs

6. Configure DHCP and routing (if needed)

   • If you want the UniFi Controller to handle DHCP for your VLANs, configure DHCP servers for each VLAN network
   • Set up appropriate firewall rules to control traffic between VLANs

7. Apply the changes

   • Save the port configuration
   • Apply the changes to the switch

8. Verify the configuration

   • Check the UniFi Controller's insights or statistics to ensure traffic is flowing correctly on the configured VLANs

Comparison of Methods

• Method 1 uses a VLAN-aware bridge in Proxmox, which can be more flexible for the host system but may be more complex to set up initially.
• Method 2 keeps the Proxmox network configuration simple and uses VLAN tagging at the VM level. This method is more straightforward and aligns directly with how most network equipment handles VLANs.

Choose the method that best fits your network architecture and management preferences. Method 2 is often preferred for its simplicity and flexibility in managing VLANs on a per-VM basis.

Troubleshooting

• Verify VLAN IDs match between Proxmox (either in the host configuration for Method 1 or VM settings for Method 2) and UniFi configurations
• Check UniFi firewall rules for inter-VLAN traffic
• Use UniFi Controller's built-in tools to test connectivity between VLANs
• In Proxmox, use these commands to verify VLAN configurations:

  ip a
  bridge vlan show
  

• For Method 2, ensure the VLAN tag is correctly set in each VM's network device settings
• If using Method 1, check that the VLAN-aware bridge (vmbr1) is correctly configured and up
• Test connectivity from within VMs to ensure they can reach their intended networks

Remember to adjust IP addresses, interfaces, and VLAN IDs as needed for your specific network setup.