vlan network bridges

bridge for each vlan segment

sudo nmcli con add \
    ifname br<vlan> \
    type bridge \
    con-name bridge-br<vlan>

disconnect new bridge from nm GUI

slave native/untagged interface for default bridge

sudo nmcli conn add \
    type ethernet \
    con-name bridge-slave-<interface>.<vlan> \
    master br<vlan> \
    connection.autoconnect yes

slave vlan interface for each bridge

sudo nmcli con add \
    type vlan \
    con-name bridge-slave-<interface>.<vlan> \
    dev <interface> \
    id <vlan> \
    master br<vlan> \
    connection.autoconnect yes

disconnect new bridge from nm

disable dhcp and dhcp6 on bridge from nm

connect new bridge from nm

create virsh networks - see xml files in this dir

Copy these files to the host where they will be defined

qualityvlan.xml

labvlan.xml

testvlan.xml

hbvlan.xml

Run each:

sudo virsh net-define qualityvlan.xml
sudo virsh net-define labvlan.xml
sudo virsh net-define testvlan.xml
sudo virsh net-define hbvlan.xml

sudo virsh net-start qualityvlan.xml
sudo virsh net-start labvlan.xml
sudo virsh net-start testvlan.xml
sudo virsh net-start hbvlan.xml

sudo virsh net-autostart qualityvlan.xml
sudo virsh net-autostart labvlan.xml
sudo virsh net-autostart testvlan.xml
sudo virsh net-autostart hbvlan.xml

Do the netfilter stuff here

https://linuxconfig.org/how-to-use-bridged-networking-with-libvirt-and-kvm