What method should I use for promiscuous mode for on prem AP controller VM

K

k12nate

New Member
Apr 23, 2025
2
1
3
Hi all,

I'm a bit confused on what direction I should go, hoping you can help. In VMware I have a NIC that acts as trunk and has full access to all VLANs (NIC4). NIC4 is then split into multiple port groups to give different VLAN accesses and one port group is specifically in promiscuous mode to my on prem AP Controller. I was hoping to mimic this.

In PVE, I have vmbr1 getting a trunk with all VLANs currently and assigning out VLAN access at the VM NIC settings level. From what I have read, promiscuous mode can be enabled at the bridge w/ or w/out port mirror, but it seems that would impact the entire bridge, not just the VMs I want to have promiscuous mode, like the port groups did in vsphere.

Am I misunderstanding? Or, would it be easier to simply add another NIC and dedicate this NIC to another vmbr and have promiscuous mode enabled for my VM's that need it only.

I'd prefer to not add another NIC, but it's an option.

Also, promiscuous is a hard word to type. :)

Thanks

Nate
 
  • Like
Reactions: Brethsteallar
Well, I thought I could point a bridge to a bridge, but that seems wrong? I'm not following how I can have two VLAN aware bridges pointed at the same interface. Am I approaching this wrong, and with this setup, should I just move to creating bridges for every VLAN for the VMs vs deciding the vlan at the VM NIC?

A quick network diagram (real simple), a snapshot of what I have now for network conff(simple), and a screenshot of my vSwitch topology today.

Vswitch0 is a failover bond between VMNIC4 and 5 which their ports are tagged with all VLAN traffic for trunk. At each port group the ability to turn on and off promiscuous is given. Since I can only do that at the bridge in PVE, how do I mimic this without another phsyical NIC?

1771433240474.png
1771433300012.png

Code: 
auto lo
iface lo inet loopback

iface eno4 inet manual
#Management Dedicated

auto eno1np0
iface eno1np0 inet static
        address 192.168.1.20/24
#10gb Eth4 to SFP Port to Corosync Dedicated Network

auto ens1f0
iface ens1f0 inet manual
#Trunk Port SFP to Core

auto vmbr0
iface vmbr0 inet static
        address 10.2.220.141/16
        gateway 10.2.10.250
        bridge-ports eno4
        bridge-stp off
        bridge-fd 0
#eno4 for Management only

auto vmbr1
iface vmbr1 inet manual
        bridge-ports ens1f0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#Trunk Port ens1f0 for VMs
 
Last edited:
You must log in or register to reply here.
Top Bottom
Back