Sorry to scare you. I mentioned ‘basic’ to discuss some fundamental networking aspects in Proxmox without going into even more complex configurations. Using a virtualization server in general is going a little beyond basic networking for many home users.

Thanks! What would you like to see? Once you have a separate network for IoT, you can just put whatever devices you like on that network since it will be isolated from other parts of your network (in case they get compromised).

I just rewatched your opnsense tutorial and there is definitely enough info for IOT in there. Is it that big of a security risk to have everything on the same subnet/vlan? its the only way i can get IOT devices to work with my homeassistant and AP@@homenetworkguy

IOT devices are typically the most insecure devices because they are quickly produced and are only supported with updates for a short while after the products are released. That is why it is recommended to put those devices on their own network so if something gets compromised it doesn’t spread to the rest of your network. You can minimize the damage caused by an exploit.

You’re welcome!

Interesting.. what type of hardware are you using? I recently had some issues with a system with 10Gbps SFP+ interfaces but it could’ve been incompatible DAC cables I was using.

@@homenetworkguy I got 2 x 36-bay Supermicro super storage servers, primary and a backup. Bother were running Unraid, but Unraid isn’t that stable and the performance is bad so I’ve kept one on Unraid and the other on TrueNAS Scale. Then I realized it was risky homelabbing on the servers storing all my data so I got a NUC with 64GB RAM. Ran out of RAM in like a week so I bought a Dell R730 and threw ~400TB RAM to run Proxmox and I’m homelabbing on that snd just keep some backup Plex and arrs on Unraid in case the Proxmox server goes down. Ended up wanting to build a rack mount PC for me and another for my son and realized that the 25U rack that I thought would be more than enough wasn’t, and got another one. I use SFP+ as an uplink to my primary router in another part of the house and also to a 10G switch I have for the servers. Got a cheap 10G and 2.5G switch for the second rack which uplinks to the main server rack so it’s all pretty fast with loads of bays to spare.

If you connect a switch port to a VLAN-aware interface on the Proxmox system and the switch port is already assigned to a particular VLAN, all VMs and CTs will be on that particular VLAN. If that is the case, you don't even need to make the bridge VLAN aware. It will just exist on that VLAN by default because the switch will tag all the traffic with the VLAN ID. VLAN-aware bridges are better suited if you are connecting to a trunk port on a network switch where you assigned multiple VLANs. This gives you the flexibility of assigning VMs and CTs to any VLAN on your network that you like.

Yes I love and use all 3 products on my home network. Several years ago, it took a little bit of time for me to warm up to the concept of using a virtualization server at home but now I can’t imagine my homelab without it.

If both bridges are on 2 different physical interfaces, you could simply configure the network switch to be on 2 separate VLANs. This would prevent traffic from communicating between the 2 interfaces because they are on separate Layer 2 networks. You can also restrict access at Layer 3 via a router with firewall rules.

If you can’t configure it from the web UI, you may have to tweak that configuration via command line. I haven’t tried configuring wireless with Proxmox since I have always used wired interfaces. Would be interesting to look into though even though it’s not quite as ideal as using a wired connection (I understand you are trying to reuse a laptop as a virtualization server and don’t have other options).

If you have a managed switch configured for multiple VLANs, you can connect an unmanaged switch to any of those VLANs and anything connected to that unmanaged switch would belong to that VLAN. Same concept with virtualization. If you configure a VLAN on the server and connect an unmanaged switch it will be on that VLAN. But of course is not very practical to have one physical unmanaged switch per multiple VLANs. I actually have 1 unmanaged switch in my server rack connected to OPNsemse for my lab network so I can have a few higher speed interfaces to test performance, etc.

@@homenetworkguy nice! Thanks. Might be a good stepping stone for 1st vlans, or like you said, other specific use cases... I don't have a managed switch but for my first clan/exploration, this new knowledge I think will help... An extra NIC is far cheaper than a managed switch... Maybe I'll buy a card that has a double interface. I already "need" a port to have my server running pihole to also run OpenSense and replace my old router/firewall. I think a video of your or someone explained how I can do that with a single interface but its probably best I just add a NIC to that underutilized box

I've had someone mention Kea DHCP a while ago. I haven't spent a lot of time digging into this yet but I did see where ICS DHCP is deprecated in favor of the more modern Kea DHCP. Based on a few comments on the OPNsense forum, it is likely not ready for prime time since it has recently just become available as an option to select as your DHCP service. I think this would be a good topic to cover especially once it becomes mandatory (or very strongly recommended) to switch over to it. Not sure if there will be an easy migration path or not.

@@homenetworkguy thank you for your reply. I’ve noticed they implemented it into opnsense 2.41.1. Also seen on Reddit that they planning to remove the ICS DHCP at some point

@@homenetworkguy Same deal for pfsense. It's not ready for prime time yet as not all the features are there like the old ICS.

Thanks for your feedback.

Same, this wasn’t very informative for someone new to proxmox. Please define what a bridge is and the concept of assigning ports to them first.

Sometimes finding the right balance between novice level information and more advanced topics is difficult because you have to assume a certain level of knowledge when covering topics. I like to focus more on intermediate/advanced topics rather than beginner topics. However I do want to make as much of my content approachable to new users as possible. Thanks for the feedback! It helps me determine what is useful and what is not as useful.

If you create a Linux Bridge, you can either create VLANs inside a VM (such as a pfSense or OPNsense VM) and it will work just like a bare metal installation. You can also set the VLAN aware option on a bridge so that your VMs/CTs can be set to a specific VLAN using the VLAN Tag option. For VMs such as pfSense/OPNsense you won’t want to set the VLAN Tag on the bridge assigned to the VM but rather configure VLANs as usual inside the VM.

@@homenetworkguy so for whatever reason, if VLAN aware is unchecked on my Linux Bridge, I can go to a VM and set the VLAN tag and it works just fine. On the other hand, if I check the VLAN aware on the bridge, the VM can't get networking anymore -- regardless if I set or not the VLAN tag.

@@Tyron76 that sounds odd.. not sure I had that happen before. How do you have your switch configuration set for the port that’s connected to that physical network interface of your Proxmox system?

Found out that I just needed a reboot to make it work 🙄 In the process, actually discovered a use case for creating a Linux VLAN (5:00). If you configure the port on the switch with VLAN40, then your physical network interface will be on that, thus your bridge's (vmbr0) CIDR for management needs to be in that VLAN. If you want to keep your switch in another VLAN (eg Default VLAN = 1), then you can not set CIDR on vmbr0 and configure CIDR on vmbr0.40. That way, VMs connected to the vmbr0 bridge will not be on VLAN40 by default if no tag is assigned.

Seriously? Wow. I was focused on editing out the “umm”s and lips smacks (which I’m getting better at avoiding now that I’m more aware of the situation). Speaking in videos is much more challenging (for me) than writing guides, reviews, etc. like on my website. Always something to improve upon! Haha

@@homenetworkguy don't worry, you are doing GREAT job ;-)

​@@homenetworkguy wonder if noisegate can help take those out or if it will someday with a little ML love.

Nope, but thats a good idea for him.

I don’t have my own server set up but I do have a Discord account. I have debated if it’s best to use an ecosystem like Discord or set up a Discourse forum on my website (right now I’m using Simple Machines Forum but it feels more clunky than a Discourse forum- I’m also have other issues with that forum I have yet to fix).

@@homenetworkguy why limit yourself to just one platform? You can have a forum site for the people that prefer a thread oriented support system (where answers can build up) and a discord server for people like me that are seeking real time support. Kinda spit balling over here but you could probably set up something that can automatically archive 14 days old discord tickets and post them on your site for them google clicks. Mind if I ask here on youtube?

The hard part for me is not spreading myself too thin, I get emails through my contact page, comments on my website, questions on my forum (when it was working properly), comments on KZbin, comments/questions on Reddit, questions on Facebook (rare but has happened), questions/comments on Twitter/X, comments on Instagram. I think have quite a few options already. I’m only one man doing all of this in my spare time (would be awesome to do it full time though!), haha. I could try adding another platform.. but I may be slow to answering questions at times. I still have an email backlog to get through from December. Haha. Sure, you may ask some questions here. Sometimes it’s a bit hard to find them because KZbin kind of makes it hard to follow back up with comments once you start getting new comments (they get a bit buried).

I think you need to centralize your community instead trying to keep up with multiple platforms. I get posting and helping people on reddit,x/twitter, Instagram and Facebook since it brings attention to your page, but what happens when your channel starts growing at a rapid rate? If you were to set up a discord server with a ticketing system and/or a dedicated forum site, you can offload a lot of the common questions you might normally receive to the individuals you have helped previously. You won't have to be as hands on unless there's an individual trying to set up something more complex than the average user. A bit of context for my questions: I'm trying to set up a glorified 10gb router/switch using a modified supermicro board with 3x540-t2 chips (6×10gb ports). I am not bridging my connection between my modem and opnsense box but running it behind my modem (I will be switching from fiber to cable in the coming days for 3 months and then switch back to my fiber provider when I qualify as a new customer for the $70 8gb plan). Questions: Bare metal opnsense: why is it that whenever I configure opnsense lan address using the same subnet as my isp provided modem, 192.168.2.x, I can't access the webgui? Same thing happens when I use opnsense cli commands to grab a dhcp lan address from my modem. Virtualize opnsense using proxmox: all the problems I was having with bare metal just works, but how can I set up my network so I can have a 10gb connection between opnsense and my pc but still have access to proxmox management interface on my pc? When I was testing it out during the weekend, I had to use a cheap unmanaged switch to connect proxmox management network, opnsense lan and my pc to the same newtwork just to access the webguis

Sorry that you are confused. I wasn’t implying a “basic network setup” but a “basic network interface” configuration in Proxmox. Basic network configuration in Proxmox consists of knowing how to use bridges. I suppose you could only use the default bridge that Proxmox sets up by default and that would be considered more basic. The reason I said ‘basic’ is that you could get into SDNs (software defined networks) which I consider more advanced network configuration for Proxmox. The SDN is a newer networking feature of Proxmox.