Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
15.1 Legacy Series
»
Problem with VLAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: Problem with VLAN (Read 20523 times)
pah
Newbie
Posts: 6
Karma: 0
Problem with VLAN
«
on:
May 09, 2015, 01:07:01 pm »
Hello,
I´m running now for 2 weeks OPNsense 15.1.9-amd64 on a PCengines APU1D. One week ago I setup vlan for the management stuff like switches etc. It is called vlan99 placed on interface re1 ("LAN", vlan1):
re1_vlan99: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:0d:b9:3a:15:c9
inet6 fe80::20d:b9ff:fe3a:15c9%re1_vlan99 prefixlen 64 scopeid 0xb
inet 192.168.99.1 netmask 0xffffff00 broadcast 192.168.99.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 99 vlanpcp: 0 parent interface: re1
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 00:0d:b9:3a:15:c9
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
Everything was ok - vlan99 was accessible from vlan1 and backwards. Now I tried to move my Managment-Client from vlan1 ("LAN") into this vlan99 by changing IP-Adresse of the client. I also checked the vlan-configuration on the switch for it´s port. Didn´t work, so I changed the IP back to vlan1.
Everything was ok again but devices in vlan99 aren´t accessible any more from vlan1. From the OPNsense-box I can access devices in vlan99 with source re1_vlan99 but not any other. From vlan1 I only can see SYN/requests to vlan99, on vlan99 I can see requests and reply´s. The firewall doesn´t block. Devices also do not block. But packets from vlan99 could not be seen on vlan1. The vlan interface 192.168.99.1 (the WebUI and ssh) is still accessible althought.
tcpdump -ni re1 host 192.168.99.5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on re1, link-type EN10MB (Ethernet), capture size 65535 bytes
capability mode sandbox enabled
12:00:19.164739 IP 192.168.1.55 > 192.168.99.5: ICMP echo request, id 3685, seq 15, length 64
12:00:20.164665 IP 192.168.1.55 > 192.168.99.5: ICMP echo request, id 3685, seq 16, length 64
12:00:21.164959 IP 192.168.1.55 > 192.168.99.5: ICMP echo request, id 3685, seq 17, length 64
12:00:22.164908 IP 192.168.1.55 > 192.168.99.5: ICMP echo request, id 3685, seq 18, length 64
tcpdump -ni re1_vlan99 host 192.168.99.5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on re1_vlan99, link-type EN10MB (Ethernet), capture size 65535 bytes
capability mode sandbox enabled
12:00:10.163495 IP 192.168.1.55 > 192.168.99.5: ICMP echo request, id 3685, seq 6, length 64
12:00:10.168680 IP 192.168.99.5 > 192.168.1.55: ICMP echo reply, id 3685, seq 6, length 64
12:00:11.163511 IP 192.168.1.55 > 192.168.99.5: ICMP echo request, id 3685, seq 7, length 64
12:00:11.168393 IP 192.168.99.5 > 192.168.1.55: ICMP echo reply, id 3685, seq 7, length 64
12:00:12.163468 IP 192.168.1.55 > 192.168.99.5: ICMP echo request, id 3685, seq 8, length 64
12:00:12.168372 IP 192.168.99.5 > 192.168.1.55: ICMP echo reply, id 3685, seq 8, length 64
12:00:13.165096 IP 192.168.1.55 > 192.168.99.5: ICMP echo request, id 3685, seq 9, length 64
12:00:13.169983 IP 192.168.99.5 > 192.168.1.55: ICMP echo reply, id 3685, seq 9, length 64
12:00:14.165067 IP 192.168.1.55 > 192.168.99.5: ICMP echo request, id 3685, seq 10, length 64
12:00:14.169965 IP 192.168.99.5 > 192.168.1.55: ICMP echo reply, id 3685, seq 10, length 64
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel
I restarted the box and the devices in vlan99, still the same problem. What´s wrong?
Further information: I´m using 3x "ProCurve Switch 1800-8G" Switches connected like this:
sw01 <=Portchannel=> sw02 <-1uplink-> sw03
Best regards,
Herbert P.
Logged
pah
Newbie
Posts: 6
Karma: 0
Re: Problem with VLAN
«
Reply #1 on:
May 09, 2015, 01:45:31 pm »
Looks like the MAC doesn´t disapear on vlan1 and is only incomplete in vlan99. So it could be the vlan configuration in the clients port.
But port 4 is configured for vlan1 & vlan4:
System Configuration:
Name: sw01
S/W Version: PA.03.10
CVS Tag: $Name$
Compile Date: Nov 15 2012 11:05:53
H/W Version: R01
MAC address: 00-18-71-49-40-b0
SNMP: enabled
Trap IP: 0.0.0.0
Readcommunity: public
Trapcommunity: public
VLAN Configuration:
Port Aware PVID Ingress Filtering Frame Type
1: enabled 1 disabled All # OPNsense
2: enabled 1 disabled All # Portchannel
3: enabled 1 disabled All # Portchannel
4: enabled 1 disabled All # Client
5: enabled 1 disabled All
6: enabled 1 disabled All
7: enabled 1 disabled All
8: enabled 1 disabled All
Entries in permanent table:
1: 1,2,3,4,5,6,7,8
11: 1,4,5,6,7,8
99: 1,2,3,4
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
15.1 Legacy Series
»
Problem with VLAN