Adding a VLAN-transparent bridge to Linux (Debian)

On my current Debian system I use VLAN tagging and I create bridges br-wan and br-lan that I use for LXC containers: auto lo br-lan br-wan iface lo inet loopback iface br-wan inet manual     bridge_ports eth0.3     bridge_maxwait 0 iface br-lan inet static     address 192.168.200.10 netmask 255.255.255.0 gateway 192.168.200.1 bridge_ports eth0.2 bridge_maxwait 0       iface eth0.1 inet static address 10.7.1.10 netmask 255.255.255.0 Now I would like to add a KVM guest that gets transparent access to eth0 and in turn uses VLAN tagging internally (for example, to create a virtualized router routing between eth0.2 and eth0.3). To test, I did the following: brctl addbr br-master brctl addif eth0 And then I created a KVM guest with --network=bridge=br-master,model=virtio which creates an interface vnet0 that is also added as bridge port to br-master. Inside the guest added the VLAN interfaces.   On the host, I see tagged packets in vnet0 (tcpdump -i vnet0 -e vlan) and br-master (tcpdump -i br-master -e vlan).   However, the traffic never reaches eth0 on the host. I am sure the story is not that simple. How can I add such a VLAN-transparent "master bridge" to my system, without disrupting my old config?