(SOLVED) Lots of Ethernet mismatch after changing pfsense

SipriusPT

Hello everyone,

I've changed my previous pfsense with two under CARP/VIP, and now I've lots of ethernet mismatch from arpwatch on system logs, with gateway IP's from two vlans, that are running on the same phisical interface of main node (I've even shutdown the secundary node for now):

ethernet mismatch 10.0.0.138 X:X:X:X:X:e5 (00:00:5e:00:01:03)
ethernet mismatch 172.31.100.254 X:X:X:X:X:e5 (00:00:5e:00:01:03)

On X:X:X:X:X:e5, I know that it is the phisical interface, by the other two, I really dont know.

I've notice that both networks are not working well when I try to ping to the other devices on other network. For example, I can ping to one virtual machine and not on other virtual machine, without firewall rules to block or reject, and both virtual machines are running on the same phisical machine through the same ethernet cable.

My question is, what Ethernet mismatch means? How can I fix it? Can this result on traffic issues like I'am having on firewall side?

netblues

@sipriuspt for starters, why are you redacting macs on a private network? It might give as a heads up

Please make a diagram of what you have done,
is this a virtual setup?

You should expect connectivity and performance issues too

SipriusPT

@netblues It was not a copy paste because from were I am writing I dont have direct connection to those units, so I shorted those two, it was not a to hide info.

There other vlans on those wired connections on lan side.

I've tested from secundary node (disabling CARP on primary) and it seems to be working, and there is nothing wront on logs, but on primary node it still continues with those ethernet mismatchs, and there are devices network reachable and others not, like that situation.

stephenw10

@sipriuspt said in (URGENT) Lots of Ethernet mismatch after changing pfsense:

172.31.100.254

What is that IP? Where is it connected?

What interface is using CARP VIP 03 (00:00:5e:00:01:03)?

What exactly was the change you did that seemed to cause this?

SipriusPT

@stephenw10

What is that IP? Where is it connected?

CARP VIP for that vlan, were 172.31.100.252 is primary node, and 172.31.100.253 is secundary node.

What interface is using CARP VIP 03 (00:00:5e:00:01:03)?

That CARP VIP, I've just check it now, and is related with that vlan 172.31.100.0/24.

What exactly was the change you did that seemed to cause this?

This is a fresh setup, that came out of a lab, with all settings replicated from a pfsense box that was working without any issues on production, so there was some aspects that was almost impossible to test under that environment, but its working almost 100% on secundary node. When I say almost I mean, I am still trying to put squid proxy with autoconfig that was working before, with the previous pfsense box.

stephenw10

@sipriuspt said in (URGENT) Lots of Ethernet mismatch after changing pfsense:

ethernet mismatch 10.0.0.138 X:X:X:X:X:e5 (00:00:5e:00:01:03)

So what is that then? Why is it using the same CARP ID?

Technically you can use the same CARP ID in different layer 2 segments but it seems like arpwatch is objecting. Or you might have something leaking packets between them.

Steve

SipriusPT

@stephenw10 So I discovered a misconfiguration in one switch (LAN A), and seems like on HA mode, arpwatch has an option to avoid reporting CARP/VRRP ethernet prefixes that was enabled.

To use CARP VIP and arpwatch together, that option needs to be check to disable those messages.

Doing this it solved the situation.

Hope this could help others since on documentation I didnt found anything.