Messages

So, after an exhausting review of the network infrastructure, I located the problem. One particular punch down (going to this particular computer) was broken. Tying into a completely different drop and running a 100ft cable fixed the problem (apparently).

*sigh*

Cable Modem --> IGB0(WAN) --> IGB1 (Vlan10/20 Trunk) --> 3750 Trunk Port 52 -->everything on network

I am having a very strange issue.

When I attach my main desktop to the network, I get flapping on vlan 10. If I attach my Surface to the same link (Gig 1/0/8) it flaps on vlan 10.
If I move to Gig 1/0/9, either computer, it flaps on vlan 10.

953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:51:32.793: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:51:47.742: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/8 and port Gi1/0/52
*Mar  3 01:52:03.109: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:52:17.966: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:52:33.476: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:52:49.784: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:53:10.294: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:53:18.271: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:53:34.780: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:53:51.775: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:54:02.865: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8
*Mar  3 01:54:19.609: %SW_MATM-4-MACFLAP_NOTIF: Host 14da.e913.953c in vlan 10 is flapping between port Gi1/0/52 and port Gi1/0/8

Now where it gets funny, if I unlink the OPNSense router from the cisco switch, the flapping stops completely.

I'm not sure if I have a cisco issue or an OPNSense issue.

Additionally, I am tearing my hair out trying to figure out wtf is causing this. I have tried everything I could find, engaging bpduguard, disengaging, going for rapid pvst, standard, portfast, and so forth. Nothing is changing how this is flapping.


eply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Request timed out.
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Request timed out.
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64
Reply from 172.20.10.254: bytes=32 time<1ms TTL=64

Its maddening. I'm not sure if its because of the opnsense, or if there's something that is wrong with the switch, but this issue did not exist while we were using the 5520ASA as a router.

Help please? :(

They're both set to igb1 now. There was something missing that was not allowing me to add vlan20 to igb1 initially. Can't recall exactly what it was at the moment.

Since I have an issue with an unmanaged switch, I've ordered a small 8port managed cisco to replace the unmanaged one so I can trunk instead. That should solve the other issues I was dealing with.

https://imgur.com/a/ROiIrKv

I think I see where I botched it.

So now I have IGB1to3750
Vlan10on3750p52 (assigned to igb1)
Vlan20on3750p52 (assigned to igb1)
Bridge IGB1to3750,Vlan10on3750p52
--Problem here. I don't know if I even need this. If I attach Vlan20on3750p2 to the Bridge, my connection (on vlan10) drops. Do I even need a bridge for vlan10?
Firewall rules for Vlan10 & 20 are autogenerated + pass any any. Not sure if this is smart, but the wan link is what blocks everything.

Initially what I ran into was that I could not get traffic to function without a bridge between the vlan and the lan port. I don't know if that's 'standard fare' for these or not. The ASA had to have no bridges, and it just worked once I had things in place. Yet, the bridge does not even look to be active (it does not show up in interface list)

3750:
gig 1/0/1-1/0/12 VLAN 10
gig 1/0/13-1/0/24 VLAN20
gig 1/0/25-36 Testing
--1/0/33 NAS that flaps at vlan10 when the port is on (weee)
gig 1/0/37-51 Future
gig 1/0/52 - Trunk to OPNSense vlan 10 only at the moment, since it broke when I tried to get vlan 20 up.
ip default gateway 172.20.10.254


OPNS Interfaces:
IGB0 - WAN -->Motorola Modem
IGB1 - LAN [IGB1to3750]
+vlan 10 on igb1 (172.20.10.254/24)
em0 - Management (192.168.1.254/24)

Firewall rules:
WAN: No rules- autogenerated only
Vlan10: pass any + autogenerate
IGB1 - LAN - any

NAT - Port Forward, autogenerated 80,443
- Automatic outbound

Services: DHCPv4
vlan10 dhcp enabled
management port dhcp enabled



Also... latency dropped after I unplugged a dummy switch off of one of the drops. There was only one thing there, the switch wasn't needed there. At least not at the moment.

bpduguard was up. Maybe I'm not understanding what bpduguard is for.

Not understanding what is going on with this thing.

I'm running an HP 8200 Elite. This thing is a powerhouse for what its getting used for. i5-2400 @ 3.10ghz 4 cores with 16gb of ram. The only shortfall is that its presently using a spindle drive, but swap usage is at 0, so that can't be a bottleneck here?

This is a fairly fresh installation, and I'm noticing a few concerns. When I moved from the old 5520ASA to OPNSense, the difference was almsot immediate. Webpages began to sit for several seconds before loading, load times were significantly slower.

Beyond that, there's an issue with trunking two vlans across one link. It doesn't seem to want to work. (this was attempted because of apparent latency)

I am running an OPNSense Custom Router out of an HP 8200 Elite, onboard NIC, secondary NIC, and an Intel 4 Port NIC.

Modem --> WAN --> LAN (vlan10) --> Cisco 3750 trunk

What I have not found yet, is where I would go to prioritize traffic for a specific device?

Is there a plugin, perhaps, for the OPNSense to talk to the Cisco to gather information directly?