Hi,
the documentation of Incus OS under:
suggest adding a managed VLAN network to Incus as --type=physical:
incus network create enp5s0.1234 parent=enp5s0 vlan=1234 --type=physical
But then I can not add ACLs. Is there any way to use ACS in this kind of setup? Maybe by using --type=bridge with bridge.external_interfaces?
I found this:
When adding the instance role to an VLAN devices, would that make ACLs available via macvlan then? For sure adding overhead…
Indeed ACLs are only supported when Incus itself owns the bridge, not when it’s external to Incus.
You should be able to set that up with a regular Incus bridge using the bridge.external_interfaces using the physical NIC as part of that.
The physical NIC is named _pMAC, so something like _p112233445566.
Note that when extracting a VLAN from that for use with an Incus managed bridge, that VLAN tag will disappear from the regular interfaces so this only works if you’re fine with the VLAN not being available on enp5s0anymore (in the case of the example you referenced). This is particularly problematic if you are using that VLAN for host connectivity.