diff --git a/ansible/roles/network-redhat/tasks/main.yml b/ansible/roles/network-redhat/tasks/main.yml
index d15cc4b4dcc568f008362527f41a9b4d5bbdb1aa..754ea23333432be152ed175d0a787510137d6b12 100644
--- a/ansible/roles/network-redhat/tasks/main.yml
+++ b/ansible/roles/network-redhat/tasks/main.yml
@@ -12,7 +12,7 @@
     interfaces_ether_interfaces: >
       {{ network_interfaces |
          net_select_ethers |
-         map('net_interface_obj') |
+         map('net_interface_obj', names=network_interfaces) |
          list }}
     interfaces_bridge_interfaces: >
       {{ network_interfaces |
diff --git a/kayobe/plugins/filter/networks.py b/kayobe/plugins/filter/networks.py
index a89462eba9a81d6301962068166bdb81f9191e40..6d47544b71a9ff5e2b3eee9560515d38b880cbd3 100644
--- a/kayobe/plugins/filter/networks.py
+++ b/kayobe/plugins/filter/networks.py
@@ -374,7 +374,7 @@ def _validate_rules(rules):
 
 
 @jinja2.pass_context
-def net_interface_obj(context, name, inventory_hostname=None):
+def net_interface_obj(context, name, inventory_hostname=None, names=None):
     """Return a dict representation of a network interface.
 
     The returned dict is compatible with the interfaces_ether_interfaces
@@ -394,6 +394,27 @@ def net_interface_obj(context, name, inventory_hostname=None):
         netmask = None
     vlan = net_vlan(context, name, inventory_hostname)
     mtu = net_mtu(context, name, inventory_hostname)
+
+    # NOTE(priteau): do not pass MTU for VLAN interfaces on bridges when it is
+    # identical to the parent bridge, to work around a NetworkManager bug.
+    if names is not None and net_is_vlan_interface(context, name,
+                                                   inventory_hostname):
+        # Make a mapping of bridge interfaces and their MTUs
+        bridge_mtus = {}
+        for bridge in net_select_bridges(context, names, inventory_hostname):
+            bridge_interface = net_interface(context, bridge,
+                                             inventory_hostname)
+            bridge_mtus[bridge_interface] = net_mtu(context, bridge,
+                                                    inventory_hostname)
+
+        # Get parent and check for its MTU if it is a bridge
+        parent_or_device = get_vlan_parent(
+            context, name, device, vlan, inventory_hostname)
+        if parent_or_device in bridge_mtus:
+            parent_mtu = bridge_mtus[parent_or_device]
+            if mtu == parent_mtu:
+                mtu = None
+
     routes = net_routes(context, name, inventory_hostname)
     if routes:
         routes = [_route_obj(route) for route in routes]
diff --git a/releasenotes/notes/nm-bridge-vlan-mtu-workaround-71d48d582b5e23d6.yaml b/releasenotes/notes/nm-bridge-vlan-mtu-workaround-71d48d582b5e23d6.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e1568eb7a6e7cf2901c7a1755e362b1e9de8fc5c
--- /dev/null
+++ b/releasenotes/notes/nm-bridge-vlan-mtu-workaround-71d48d582b5e23d6.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Adds a workaround to avoid NetworkManager setting the MTU of bridge VLAN
+    interfaces to an incorrect value.
+    `LP#2039947 <https://bugs.launchpad.net/kayobe/+bug/2039947>`__