Am 03.03.2015 um 12:38 schrieb Dietmar Maurer: >> On March 3, 2015 at 9:48 AM Stefan Priebe - Profihost AG >> <s.pri...@profihost.ag> wrote: >> >> >> @dietmar >> I think this is a big problem and i never noticed it. Currently a guest >> attached to the bridge see all frames. I thought it sees only untagged >> frames. >> >> This means i cannot isolate a guest to only untagged frames. What's your >> opinion? > > The purpose of vlans is to filter tagged frames (not untagged frames) ... > Maybe you can ask (or write a feature request) on the kernel/network list? > Maybe OVS supports that?
Sure but a VM attached to a bridge should not see per default tagged frames. It should only see unttaged frames until we allow to see it tagged Frames from different VLANs. Currently you cannot forbid to listen to tagged traffic inside a VM. This shouldn't be the default. Stefan _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
