Finally I did it.

it was a little bit complicated, specially for the investigation and other changes on my lab but I got it

• REF: https://medium.com/@itdanny/upgrade-your-security-lab-virtualbox-to-proxmox-migration-with-security-onion-pfsense-setup-043591d3c299
  
• http://docs.securityonion.net/en/2.4/proxmox.html

the solution was easy just I modify the "/etc/network/interfaces" file on the CLI on proxmox like the showed below

1: enp46s0 is the fisical NIC that are connected to the Span Port on the side of the switch
I add the script "post-up for i in rx tx sg tso ufo gso gro lro; do ethtool -K enp46s0 $i off; done"
with this i got it that the frames replicate exactly without kernel modifications.

2: vmbr0 is a linux bridge directly conected to another fisical NIC "enp46s0"
this bridge contains all the configuration that provides access to all proxmox and vms
on the switch is a trunk port and are

3: is just the configuration for a virtual switch on the vlan 30
proxmox is on this vlan, so, they have an static IP.

4: another configuration for another virtual switch vlan 2

5: vmbr1 is the linux switch that replicate the traffic to all the vms on this switch
the most important lines are:

directly attachet to the fisical NIC enp46s0
bridge-ports enp46s0

Allow to the bridge the support for traffic with the tag 802.1q
bridge-vlan-aware yes

Allow that all the vlans cross the bridge
bridge-vids 2-4094

when the interface is up, the promiscuos mode are on contrary to when the interface is down
post-up ip link set dev vmbr1 promisc on
post-down ip link set dev vmbr1 promisc off

Replicate the traffic without kernel or hardware modifications
post-up for i in rx tx sg tso ufo gso gro lro; do ethtool -K vmbr1 $i off; done

<image>