Suricata and vlans

kapara · November 25, 2018, 12:04:50 AM

I read that you dont want to add vlans to Suricata but when I added the physical interface (LAN) and not the vlan (which is on the LAN physical Interface) as a monitored interface none of my phones would work or get DHCP. Then when I removed the physical interface (LAN) the phones started to work again.

Is this by design?

ruggerio · November 26, 2018, 02:55:44 PM

i am not aware of your architecture and wishes, but how big is your installation? I personally (@home!!!!) just inspect traffic on WAN, as i don't want traffic to get inspected, if i am in a "secure" zone.

If you have vlans, have you entered the networks in suricata?

abraxxa · February 24, 2019, 05:45:31 PM

For me the following worked:

Interfaces: Settings: disable Hardware CRC, Hardware TSO, Hardware LRO and VLAN Hardware Filtering
Services: Intrusion Detection: Administration: enable Promiscuous mode and select the physical LAN interface (my WAN is PPPoE for IPv4 and IPv6)

Suricata and vlans

kapara

November 25, 2018, 12:04:50 AM

ruggerio

November 26, 2018, 02:55:44 PM #1

abraxxa

February 24, 2019, 05:45:31 PM #2