Management and VM traffic on same physical interface?

E

etfz

Member
Aug 29, 2025
32
1
8
Hi,

I have a physical interface (bond) which should be used for PVE management (VLAN 20) and VM traffic. (all other VLANs) What's the proper way to set this up? I understand I need a bridge for VM traffic, at least.

Is the following enough? Should PVE have a bridge interface, too/instead? Should I exclude VLAN 20 from the VM bridge?
  • bond0
    • bond0.20 - PVE management
    • vmbr0 - VM traffic, VLAN IDs 2-4094
 
VLAN on the bridge, eh? I suppose that makes sense, but I don't think I need the 20 bridge? I won't have any VMs on that VLAN.
 
Yes if you are not planning on connecting anything you can leave out the 20 bridge, but I would suggest you test this setup out before using it in a production environment.

Ideally setting up PVE in a VM where you then setup the network and use tools like:
  • ping
  • tcpdump -envi <interface> arp or icmp
  • To send tagged VLAN traffic you can add a new interface on your host:
    sudo ip link add link vmbr1 name vmbr1.20 type vlan id 20
    sudo ip link set dev vmbr1.20 up
    sudo ip addr add 172.16.0.101/24 dev vmbr1.20
    ping -I vmbr1.20 172.16.0.4
to make sure you get the behavior you are looking for. Keep in mind you will have to adjust the IPs accordingly.
 
  • Like
Reactions: Johannes S
You must log in or register to reply here.
Top Bottom
Back