<div dir="ltr">Couple of things to try<div><ul><li>At the VM level, ping your own address on eth1 to see if local traffic works.</li><li>Using your existing port config, capture traffic at the VM level to see if the packets are reaching the VM.</li><li>Disable port-security on the port level and validate if the traffic is reaching the VM.</li><li>If you have access to the compute, capture traffic at the interface/tap/bridge level. Where to capture will depend on if you are using OVS/OVN/Linux-bridge.</li><li>I do believe that even with allowed-address on the port, you will need to have the corresponding traffic allowed in your sec-group.<br></li></ul><div><br></div></div><div>Can you paste the port info with "openstack port show $port_id_here"?</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Oct 25, 2021 at 10:23 AM lejeczek <<a href="mailto:peljasz@yahoo.co.uk">peljasz@yahoo.co.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi guys.<br>
<br>
What I expected turns out not to be enough, must be <br>
something trivial - what am I missing?<br>
I set a port with --allowed-address and on the <br>
instance/guest using the port I did:<br>
-> $ ip add add <a href="http://10.0.1.99/24" rel="noreferrer" target="_blank">10.0.1.99/24</a> dev eth1<br>
yet that IP other guest cannot reach.<br>
<br>
many thanks, L.<br>
<br>
</blockquote></div>