Show Posts
1
General Discussion / VLAN traffic shows up in forewall under LAN interface
« on: August 16, 2024, 06:58:12 am »
I've been trying to get some VLANs working. The VLAN setup in question is bridged with two tagged interfaces (eno1.vlan1222 and eno2.vlan1222 for example, members of bridge br2, both tagged 1222). The bridge is assigned interface say VLAN1222_INF with a static IP 10.252.0.1/16.
Some of the issues I've been having is getting traffic working thru the VLAN. For example, if I try to ping (or nslookup, or etc.) 1.1.1.1 or 10.252.0.1 on eno1 or eno2 thru their VLAN interfaces, I see on the firewall a request and reply logged and pass (see attached image), however the interfaces do not receive anything
However, what I'm more specifically asking about, is that the firewall capture is reported on the LAN interface, which is an untagged bridge with IP 10.0.0.1/9, the source and destination IPs aren't even in the subnet. Because of this, rules I've been making to get VLANs working have been floating on all interfaces (sometimes traffic is reported on the VLAN interface, typically broadcast).
Why is the traffic showing up on the LAN interface and not the VLAN? Is there some fix for this, like some tunable to configure? Could this be a hint to the underlying issue why packets aren't being received by the VLAN members (perhaps it's routing thru the LAN interface, though the routing tables show 10.252.0.0/16->VLAN1222_INF)?
Some of the issues I've been having is getting traffic working thru the VLAN. For example, if I try to ping (or nslookup, or etc.) 1.1.1.1 or 10.252.0.1 on eno1 or eno2 thru their VLAN interfaces, I see on the firewall a request and reply logged and pass (see attached image), however the interfaces do not receive anything
However, what I'm more specifically asking about, is that the firewall capture is reported on the LAN interface, which is an untagged bridge with IP 10.0.0.1/9, the source and destination IPs aren't even in the subnet. Because of this, rules I've been making to get VLANs working have been floating on all interfaces (sometimes traffic is reported on the VLAN interface, typically broadcast).
Why is the traffic showing up on the LAN interface and not the VLAN? Is there some fix for this, like some tunable to configure? Could this be a hint to the underlying issue why packets aren't being received by the VLAN members (perhaps it's routing thru the LAN interface, though the routing tables show 10.252.0.0/16->VLAN1222_INF)?