OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: romain on July 03, 2015, 05:00:07 pm

Title: [SOLVED] - Bridge between two vlans
Post by: romain on July 03, 2015, 05:00:07 pm

Hello,

I have a two ports network card plugged to two different switchs which are not stackable.

I configured a vlan 8 on the two network cards and created a bridge to be on the same "switch". I activated STP RST on the two sitchs to avoid layer 2 loop.

I didn't put any IP on the vlan interface directly but I added my IP on the bridge interface. I changed some setting to set ip filter on the bridge int and deactivated ip filter on member int.

But since nothing works. If I remove my bridge and put different IP on my vlan int. I can ping any machine on the network. With the bridge I always get "Host not found".

If I look with a TCPDUMP on the interface (bridge and VLAN int) I can see the arp request:

Code: [Select]

root@KISS0525002:~ # tcpdump -i bridge0 -xxx
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bridge0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:17:40.945966 ARP, Request who-has 172.28.11.26 tell 172.28.11.102, length 28
        0x0000:  ffff ffff ffff 02bd 8562 ce00 0806 0001
        0x0010:  0800 0604 0001 02bd 8562 ce00 ac1c 0b66
        0x0020:  0000 0000 0000 ac1c 0b1a
14:17:41.961821 ARP, Request who-has 172.28.11.26 tell 172.28.11.102, length 28
        0x0000:  ffff ffff ffff 02bd 8562 ce00 0806 0001
        0x0010:  0800 0604 0001 02bd 8562 ce00 ac1c 0b66
        0x0020:  0000 0000 0000 ac1c 0b1a
14:17:43.024847 ARP, Request who-has 172.28.11.26 tell 172.28.11.102, length 28
        0x0000:  ffff ffff ffff 02bd 8562 ce00 0806 0001
        0x0010:  0800 0604 0001 02bd 8562 ce00 ac1c 0b66
        0x0020:  0000 0000 0000 ac1c 0b1a
14:17:44.087801 ARP, Request who-has 172.28.11.26 tell 172.28.11.102, length 28
        0x0000:  ffff ffff ffff 02bd 8562 ce00 0806 0001
        0x0010:  0800 0604 0001 02bd 8562 ce00 ac1c 0b66
        0x0020:  0000 0000 0000 ac1c 0b1a
14:17:45.150840 ARP, Request who-has 172.28.11.26 tell 172.28.11.102, length 28
        0x0000:  ffff ffff ffff 02bd 8562 ce00 0806 0001
        0x0010:  0800 0604 0001 02bd 8562 ce00 ac1c 0b66
        0x0020:  0000 0000 0000 ac1c 0b1a
14:17:45.447351 ARP, Request who-has 172.28.11.3 tell 172.28.11.100, length 42
        0x0000:  ffff ffff ffff 0cc4 7a32 5bca 0806 0001
        0x0010:  0800 0604 0001 0cc4 7a32 5bca ac1c 0b64
        0x0020:  0000 0000 0000 ac1c 0b03 0000 0000 0000
        0x0030:  0000 0000 0000 0000
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
root@KISS0525002:~ # tcpdump -i oce0_vlan8 -xxx
tcpdump: WARNING: oce0_vlan8: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on oce0_vlan8, link-type EN10MB (Ethernet), capture size 65535 bytes
14:18:03.182844 ARP, Request who-has 172.28.11.26 tell 172.28.11.102, length 28
        0x0000:  ffff ffff ffff 02bd 8562 ce00 0806 0001
        0x0010:  0800 0604 0001 02bd 8562 ce00 ac1c 0b66
        0x0020:  0000 0000 0000 ac1c 0b1a
14:18:04.183251 ARP, Request who-has 172.28.11.26 tell 172.28.11.102, length 28
        0x0000:  ffff ffff ffff 02bd 8562 ce00 0806 0001
        0x0010:  0800 0604 0001 02bd 8562 ce00 ac1c 0b66
        0x0020:  0000 0000 0000 ac1c 0b1a
14:18:05.203726 ARP, Request who-has 172.28.11.26 tell 172.28.11.102, length 28
        0x0000:  ffff ffff ffff 02bd 8562 ce00 0806 0001
        0x0010:  0800 0604 0001 02bd 8562 ce00 ac1c 0b66
        0x0020:  0000 0000 0000 ac1c 0b1a
14:18:06.266969 ARP, Request who-has 172.28.11.26 tell 172.28.11.102, length 28
        0x0000:  ffff ffff ffff 02bd 8562 ce00 0806 0001
        0x0010:  0800 0604 0001 02bd 8562 ce00 ac1c 0b66
        0x0020:  0000 0000 0000 ac1c 0b1a
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel
My Network card is an Emulex OCE11102-NT and I use the driver found on the freebsd kernel module 10.1 (oce.ko).

Do you know what I do in the wrong way ?

Thanks
Romain

Title: Re: Bridge between two vlans
Post by: lucifercipher on July 06, 2015, 10:58:52 am

dear romain,

Since the ideology of bridging is same among BSD style routing platforms, please take a look here for really detailed documentation. https://doc.pfsense.org/index.php/Interface_Bridges

You must read everything in order to grab knowledge :) Afterall, knowledge is power .

P.S: Just a tip. You have to create firewall rules to allow the traffic among bridged / to and fro on bridges too.

Title: [SOLVED] - Re: Bridge between two vlans
Post by: romain on July 07, 2015, 05:59:44 pm

it was something related to the driver. Everything I've done as configuration was okay.

Thank you for the reply.