[pve-devel] [PATCH docs v1] warn about fail-open default in vlan

[pve-devel] [PATCH docs v1] warn about fail-open default in vlan

[Yahya Jabary]

fix #4642: improve VLAN documentation

Signed-off-by: Yahya Jabary <y.jabary@proxmox.com>
---
 pve-network.adoc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pve-network.adoc b/pve-network.adoc
index 03524e4..23fd2a3 100644
--- a/pve-network.adoc
+++ b/pve-network.adoc
@@ -614,6 +614,14 @@ which is transparently supported by the Linux bridge.
 Trunk mode is also possible, but that makes configuration
 in the guest necessary.
 
+[WARNING]
+====
+If no VLAN tag is specified in the guest configuration, the interface defaults
+to a VLAN trunk. This allows the guest to access *all* VLANs on the bridge by
+configuring VLAN tags inside the guest OS. To strictly isolate the guest to a
+specific VLAN (Access Mode), you must define a VLAN tag in the hardware settings.
+====
+
 * *"traditional" VLAN on the Linux bridge:*
 In contrast to the VLAN awareness method, this method is not transparent
 and creates a VLAN device with associated bridge for each VLAN.
-- 
2.47.3


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH docs] warn about fail-open default in vlan

[Yahya Jabary]

Signed-off-by: Yahya Jabary <y.jabary@proxmox.com>
---
 pve-network.adoc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pve-network.adoc b/pve-network.adoc
index 03524e4..23fd2a3 100644
--- a/pve-network.adoc
+++ b/pve-network.adoc
@@ -614,6 +614,14 @@ which is transparently supported by the Linux bridge.
 Trunk mode is also possible, but that makes configuration
 in the guest necessary.
 
+[WARNING]
+====
+If no VLAN tag is specified in the guest configuration, the interface defaults
+to a VLAN trunk. This allows the guest to access *all* VLANs on the bridge by
+configuring VLAN tags inside the guest OS. To strictly isolate the guest to a
+specific VLAN (Access Mode), you must define a VLAN tag in the hardware settings.
+====
+
 * *"traditional" VLAN on the Linux bridge:*
 In contrast to the VLAN awareness method, this method is not transparent
 and creates a VLAN device with associated bridge for each VLAN.
-- 
2.47.3


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH docs v1] warn about fail-open default in vlan

[Shannon Sterz]

hey,
not sure what happened here, but you send the same patch twice in
the same thread. once with a version tag and a longer description and
once without. you may want to check your mail setup :)

On Thu Jan 22, 2026 at 11:50 AM CET, Yahya Jabary wrote:
> fix #4642: improve VLAN documentation
>
> Signed-off-by: Yahya Jabary <y.jabary@proxmox.com>
> ---
>  pve-network.adoc | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/pve-network.adoc b/pve-network.adoc
> index 03524e4..23fd2a3 100644
> --- a/pve-network.adoc
> +++ b/pve-network.adoc
> @@ -614,6 +614,14 @@ which is transparently supported by the Linux bridge.
>  Trunk mode is also possible, but that makes configuration
>  in the guest necessary.
>
> +[WARNING]
> +====
> +If no VLAN tag is specified in the guest configuration, the interface defaults
> +to a VLAN trunk. This allows the guest to access *all* VLANs on the bridge by
> +configuring VLAN tags inside the guest OS. To strictly isolate the guest to a
> +specific VLAN (Access Mode), you must define a VLAN tag in the hardware settings.
> +====
> +

other than that: this reads fine to me!

>  * *"traditional" VLAN on the Linux bridge:*
>  In contrast to the VLAN awareness method, this method is not transparent
>  and creates a VLAN device with associated bridge for each VLAN.



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH docs v1] warn about fail-open default in vlan

[Fiona Ebner]

Am 22.01.26 um 11:49 AM schrieb Yahya Jabary:
> fix #4642: improve VLAN documentation

We usually put a 'fix #4642:' prefix as part of the commit title. This
makes it easier to search for bug fixes in the git logs and mail
archives. We don't usually repeat the bug title verbatim anywhere in the
commit message. It's often written by end users and not very descriptive
or precise, like here.

> 
> Signed-off-by: Yahya Jabary <y.jabary@proxmox.com>
> ---
>  pve-network.adoc | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/pve-network.adoc b/pve-network.adoc
> index 03524e4..23fd2a3 100644
> --- a/pve-network.adoc
> +++ b/pve-network.adoc
> @@ -614,6 +614,14 @@ which is transparently supported by the Linux bridge.
>  Trunk mode is also possible, but that makes configuration
>  in the guest necessary.
>  
> +[WARNING]
> +====

It seems like everywhere else in the docs we use 'WARNING: ' for this,
so I'd suggest staying consistent with that. Or have a patch (series) to
change it everywhere if there are good reasons for it.

> +If no VLAN tag is specified in the guest configuration, the interface defaults
> +to a VLAN trunk. This allows the guest to access *all* VLANs on the bridge by
> +configuring VLAN tags inside the guest OS. To strictly isolate the guest to a
> +specific VLAN (Access Mode), you must define a VLAN tag in the hardware settings.
> +====
> +
>  * *"traditional" VLAN on the Linux bridge:*
>  In contrast to the VLAN awareness method, this method is not transparent
>  and creates a VLAN device with associated bridge for each VLAN.


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel