Vlans & VMs

[Ben McGuire]

By adding bridge_vlan_aware yes to /etc/network/interfaces under each bridge network interface you can use vlan tag as usual again?

Using this configuration do we just need to add a vlan tag to each network interface for each VM so the VM;s are segmented so each cannot communicate with one another?

 

[wolfgang]

Hi,

yes but your switch have to handle this Vlan.
If you only want isolate the VM's from each other, than use the firewall.

 

[Ben McGuire]

We are a little worried that the host is also using the same bridge as the VM's . Our VMs are all on public IPs and everything is using eth0 even though we have eth1 available it is not being used. It maybe a little later to create a bond as we have running VMs which cannot be disturbed. If firewall rules are the answer could you suggest a sample rule based upon the host and all vms using vmbr0?

 

[wolfgang]

The problem with sample rules is I don't know nothing over your Network and what should communicate.
A good start is here.
see
https://pve.proxmox.com/wiki/Proxmox_VE_Firewall