I recently got into Ubiquiti, and am trying to limit intra-vlan communications.
I have a Proxmox server hosting a couple VMs that are on the same VLAN (192.168.8.0/24).
These two devices can ping each other, even after I follow the guide here. I’ve tried just adding that VLAN to the Device Isolation (ACL) section in Settings > Network as I believe this should just block everything within that VLAN, as well as trying to add explicit rules in the ACL to block client A -> B and B -> A with no luck.
I feel like I must be missing something simple. Has anyone done this successfully?
If they are on the same vlan and the same proxmox server the packets likely never leave your proxmox server. The bridge interface on your virtual host acts like its own switch so packets between those VMs would never hit the Ubiquiti ACLs.
If you have another nic on the host you could attach each VM to a different NIC which would force that traffic through the switch.
I assume these are Ubiquiti’s Unifi switches not the Edgeswitches? The Edgeswitches can’t be managed through Unifi but have a lot more capabilities like community vlans which would be another potential solution for intra-vlan isolation.
Proxmox might have its own options to solve this but I am not familiar with their capabilities.
Thanks so much for the reply! Yes this is a Ubiquiti switch and everything is a lot more clear to me now with the understanding that this traffic is never even reaching my switch. I’m currently running on a NUC which has a management port and another trunked port for my VMs, but in the future maybe I could grab something with more NICs. There also is a PVE firewall in Proxmox that I might play with a bit.
