Listing Devices Downstream From a Port
-
I can I see a list of all devices that are downstream from a particular physical port that's on the firewall? I'm interested in both IPs and MAC addresses.
-
@lonnie the arp table would show you what interface pfsense is seeing a specific mac/ip combo
-
@johnpoz Thanks.
I'm sure what you're saying it typically true, but in my case I have bridged ports together, and the ARP table shows the bridge-name as the interface for multiple ports.
I'm working remotely, and am trying to determine which physical port (of a bridge) a device is downstream of.
-
@lonnie ah so you want to know which port in the bridge is seeing the device - hmm.. I'm not bridge on pfsense sort of guy. While they have their use cases sure - have never had need for any of the use cases that make any sense where would set it up.
hmmmm?? Have to think about this for a bit - might have to setup a bridge to test with.
-
You can see that from ifconfig like:
[22.05-RELEASE][root@5100-2.stevew.lan]/root: ifconfig -vv bridge0 addr 00:1e:33:a8:6d:7d Vlan1 ix1 1191 flags=0<> 60:38:e0:b4:a3:b0 Vlan1 ix3 1135 flags=0<>Steve
-
@johnpoz Yeah, I hear you. The only reason I used a bridge, is because I only needed one additional port for a single subnet. I have a dumb switch I could have used instead, but I was trying to eliminate powering another device. I thought I'd be able to make a couple of ports act like a switch instead of acting like separate logical ports. I may remove the bridge ultimately, but right now I'm (here remotely) trying to figure out what things are downstream from the physical ports.
-
@stephenw10 Did you do that by SSHing into pfSense? I know which parent-interfaces make up the bridge. I'm trying to get a list of all devices that are physically downstream from each physical port that makes up the bridge.
-
Yes but you could also do it from Diag > Command Prompt. And it looks like add the
vflags for more verbose output doesn't help here.
-
@stephenw10 Do you know a command that can list all IPs and MAC addresses that are downstream from a particular physical port?
-
@lonnie I know you've heard this already, but it's probably still the ARP table, since it's got all of those items you're looking for. And, you can even isolate, with a dropdown menu, the particular interface (physical port) you're looking for.
-
@akuma1x Once you bridge ports together, the interface listed under Diagnostics > ARP Table does not indicate the physical port's interface any longer. Instead, the interface becomes the bridge name for multiple physical ports.
For example, by default, the 6100 will label the two right-most port's interfaces LAN3 and LAN4. But, since I've bridged those two ports together, naming the bridge SWITCHY, the ARP Table shows SWITCHY as the interface anytime a device is downstream from either LAN3 or LAN4. It provides me no way to distinguish which physical port, on the 6100, that a client is downstream from. The ARP Table has no entries for LAN3 or LAN4. Instead, it only shows SWITCHY as the interface, which is ambiguous from a physical perspective.
So my question is: How can I determine (working remotely) the physical port that's upstream from a device, when multiple ports are a member of a bridge?
-
There's no single command. The switch doesn't care about IP addresses it only knows about MAC addresses. You would need to combine that with the ARP table (
arp -a) to see what IP those MACs are currently using. -
@lonnie said in Listing Devices Downstream From a Port:
So my question is: How can I determine (working remotely) the physical port that's upstream from a device, when multiple ports are a member of a bridge?
I know I'm beating a dead horse, but this would be a good reason to NOT use a bridge setup in your network. Do you plan on doing this kind of exercise often? If so, a network switch attached to your physical ports, I'm pretty sure, will accomplish what you're looking to do.
-
@akuma1x I compare it to the whisky bourbon saying
All bourbons are whiskies, but not all whiskies are bourbon ;)
Just like all switches are bridges, but not all bridges are switches ;)
While they might similar they are not the same - if you want a switch, use a switch.. While you might be able to use a bridge for some functions of a switch - it is not a switch.. So don't try and use it as such.
-
@akuma1x I was trying to avoid powering another device. All I needed was one additional port to be in the same subnet. However, pfSense bridging (I've learned) isn't exactly transparent. So, I basically concluded what you're telling me in another thread.
Yet, all of that is beside the point. When working remotely, it would be very nice to see what devices are downstream from a physical port. Bridging hides this. Yet bridging doesn't automatically allow communication between ports on the same subnet (like a real switch would). Having the ability to do what I'm asking would have been nice for remote diagnostics.
Instead, what I had to do (working remotely), is remove the bridge entirely, just so I could see which devices were physically downstream from each port.
-
Were you not able to see it from the learned MACs in the bridge?
-
@stephenw10 No sir. I couldn't determine the physical port that devices were downstream from. The closest I came, was the ARP Table, but it only indicated the bridge-name as the interface (which is ambiguous physically). Only after removing the bridge, and configuring each port's own interface individually, was I able to determine the exact physical port the devices were connected to.
In this circumstance, it was difficult to remotely obtain a physical topology of the network.
Due to the inefficiencies mentioned in the documentation, and this issue I've had with topology discovery, I've decided to avoid internal bridging going forward.
-
Did the ifconfig output just not show the interfaces then? What the bridge learns is which MAC addresses are connected to which bridge members. Hard to see how it could not show that.
