AW: debian 10, vm cant connect to the host bridge

I should have what i want to achive. The server is intended as a host for VMs. Our network has multiple VLANs, and the VMs will be connected to different VLANS. The interface eno1 is for host traffic and eno2 is connected to the trunk port of the switch, making the different VLANS availabel to the VMs via the br0. I want to use a VLAN-aware br0, so that I specify in my VM config (on the host side) which VM connects to which VLAN. is it true that br0 and eno2 need to have the same mac? Someone suggested br0 needed an IP - is that generally true? The bridge is connected to different VLANS (and to different subnets) and would need several IPs. I would have expected the NICs of the VMs to get the IPs and the br0 to be level3 transparent. ________________________________ Von: Schuldei, Andreas Gesendet: Sonntag, 6. September 2020 16:13:23 An: libvirt-users(a)redhat.com Betreff: debian 10, vm cant connect to the host bridge This is my system info: Debian Release: 10.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.4.60-1-pve (SMP w/16 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Libvirt version 5.0.0 qemu Version: 1:3.1+dfsg-8+deb10u7 I try to get the filtering bridge to work. This is the host, with the br0 that is connected to a trunked port ================================ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 34:48:ed:f0:a9:e8 brd ff:ff:ff:ff:ff:ff inet 10.12.0.13/24 brd 10.12.0.255 scope global eno1 valid_lft forever preferred_lft forever inet6 fe80::3648:edff:fef0:a9e8/64 scope link valid_lft forever preferred_lft forever 3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000 link/ether 34:48:ed:f0:a9:e9 brd ff:ff:ff:ff:ff:ff inet6 fe80::3648:edff:fef0:a9e9/64 scope link valid_lft forever preferred_lft forever 4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether e6:67:7b:87:b5:ca brd ff:ff:ff:ff:ff:ff inet6 fe80::e467:7bff:fe87:b5ca/64 scope link valid_lft forever preferred_lft forever 5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:2b:e3:f7 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:2b:e3:f7 brd ff:ff:ff:ff:ff:ff 19: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000 link/ether fe:54:00:fc:ea:e6 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc54:ff:fefc:eae6/64 scope link valid_lft forever preferred_lft forever =================== bridge vlan show port vlan ids eno2 4 7 221 800 br0 None virbr0 1 PVID Egress Untagged virbr0-nic 1 PVID Egress Untagged vnet0 800 ================== however the mac does not show up when i do ================== brctl showmacs br0 ================== so vnet0 does not yet communicate with the bridge inside the vm: ============================= ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:fc:ea:e6 brd ff:ff:ff:ff:ff:ff inet 195.37.235.121/26 brd 195.37.235.127 scope global enp1s0 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fefc:eae6/64 scope link valid_lft forever preferred_lft forever =============================== and =========== ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ============== The mac address of vnet0 and enp1s0 is the same. That means they are the same entity. yay! The XML describing the network part of the VM is here: ===================== <interface type='bridge'> <mac address='52:54:00:29:b6:e0'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </interface> ======================= what could be the problem?