this post was submitted on 03 Jan 2025
5 points (100.0% liked)

Ubiquiti

559 readers
1 users here now

Unofficial Ubiquiti community.

Discover innovations, troubleshoot, and optimize your Ubiquiti products and software.

founded 2 years ago
MODERATORS
[email protected]
5
Ubiquiti MAC ACLs not working (self.ubiquiti)
submitted 2 weeks ago by root to c/[email protected]
2 comments fedilink hide all child comments
 

I recently got into Ubiquiti, and am trying to limit intra-vlan communications.

I have a Proxmox server hosting a couple VMs that are on the same VLAN (192.168.8.0/24).

These two devices can ping each other, even after I follow the guide here. I've tried just adding that VLAN to the Device Isolation (ACL) section in Settings > Network as I believe this should just block everything within that VLAN, as well as trying to add explicit rules in the ACL to block client A -> B and B -> A with no luck.

I feel like I must be missing something simple. Has anyone done this successfully?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] greyfox 1 points 2 weeks ago (1 children)

If they are on the same vlan and the same proxmox server the packets likely never leave your proxmox server. The bridge interface on your virtual host acts like its own switch so packets between those VMs would never hit the Ubiquiti ACLs.

If you have another nic on the host you could attach each VM to a different NIC which would force that traffic through the switch.

I assume these are Ubiquiti's Unifi switches not the Edgeswitches? The Edgeswitches can't be managed through Unifi but have a lot more capabilities like community vlans which would be another potential solution for intra-vlan isolation.

Proxmox might have its own options to solve this but I am not familiar with their capabilities.

[โ€“] root 1 points 1 week ago

Thanks so much for the reply! Yes this is a Ubiquiti switch and everything is a lot more clear to me now with the understanding that this traffic is never even reaching my switch. I'm currently running on a NUC which has a management port and another trunked port for my VMs, but in the future maybe I could grab something with more NICs. There also is a PVE firewall in Proxmox that I might play with a bit.