Sunday, December 3, 2023

Question: Debian 12 w/ KVM, Bridge and VLAN


full image - Repost: Question: Debian 12 w/ KVM, Bridge and VLAN (from Reddit.com, Question: Debian 12 w/ KVM, Bridge and VLAN)
Greetings:I recently introduced VLAN into my homelab. I have OpnSense Router and a TL-SG1024DE (802.1q capable) switch. I have segmented my home network into three domains:Work 172.16.0.0/29 (VLAN10)LAN 192.168.0.1/24HomeLab 10.0.0.0/24 (VLAN100)The OpnSense Router and Switch sit within the "LAN" domain. The rest of the LAN space is reserved for WiFi (which doesn't include work or homelab endpoints as they are all wired).The issue is that I am not starting from scratch. Everything (including what will be Work and HomeLab) currently sit in what is now "LAN".99% if what is in the HomeLab is within a PVE environment which handles VLAN tagging. Therefore, this will be simple to reconfigure. The port connected to the PVE is already set to handle Tagged packets with VLAN100 (as opposed to untagged with PVID configured). All I need to do is set the virtual nic VLAN tags to 100 for each container and reconfigure the IP info. Easy peezy.The problem is with my Daily Driver; a Debian 12 host and a KVM guest running Windows Server 2022 Host = 192.168.0.100Guest = 192.168.0.203If it were just a matter of one IP, I'd just connect it to a port on the switch that was an untagged member of VLAN 100 with PVID set to VLAN 100. And I might still do this if its advised.However, I am also running KVM on this host with the following configuration (incidentally, the nameservers are AD DCs running in VMs. 202 on the PVE, 203 via KVM on the host in question): source /etc/network/interfaces.d/*# The loopback network interfaceauto loiface lo inet loopback# The primary network interfaceiface enp42s0 inet manual# Bridgeauto br0iface br0 inet static bridge_ports enp42s0 dhcp address 192.168.0.100/24 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 192.168.0.202 192.168.0.203So, given the above, should I just: keep it simple, set the switchport to "untagged member of 100, pvid set to 100" and be done with it:source /etc/network/interfaces.d/*# The loopback network interfaceauto loiface lo inet loopback# The primary network interfaceiface enp42s0 inet manual# Bridgeauto br0iface br0 inet static bridge_ports enp42s0 dhcp address 10.0.0.100/24 broadcast 10.0.0.255 gateway 10.0.0.1 dns-nameservers 10.0.0.202 10.0.0.203Or should I get VLANs involved?Appreciate any advice y'all may have!​Cheers

Mining:
Bitcoin, Cryptotab browser - Pi Network cloud PHONE MINING
Fone, cloud PHONE MINING cod. dhvd1dkx - Mintme, PC PHONE MINING

Exchanges:
Coinbase.com - Stex.com - Probit.com

Donations:
Done crypto



aT
Tags ,

Comments System

Disqus Shortname

Disqus Shortname

designcart
Powered by Blogger.