Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ARP reports bogons

    Scheduled Pinned Locked Moved General pfSense Questions
    91 Posts 5 Posters 16.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator @deanfourie
      last edited by

      @deanfourie said in ARP reports bogons:

      response is 192.168.1.1 is at 0.0.0.0

      That makes no sense. You might possibly see 0.0.0.0 is at (MAC address) aa:bb:cc:dd:ee:ff. But you shouldn't since nothing should be using that IP.
      Or you might see 'who has <gateway IP> tell 0.0.0.0'. But the response would be <gateway IP> is at <MAC address>.

      The only way clients get a gateway is via DHCP.

      DHCP is failing here and from everything you've said it seems most likely the cause is something in the AP.

      Steve

      1 Reply Last reply Reply Quote 0
      • D
        deanfourie
        last edited by

        I did do some testing during these periods.
        I was not able to ping anything Local or remote (internet). I checked my IP settings I still had a current lease, and all IP settings were correct.

        Internet and ALL LAN access just abruptly stops.

        Now to me, if my local ARP table was being updated to point say the gateway, or all devices to 0.0.0.0, then this is the exact behavior I would expect to see.

        Isn't this exactly what ARP spoofing does? Can send traffic anywhere with ARP

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @deanfourie
          last edited by

          @deanfourie said in ARP reports bogons:

          I was not able to ping anything Local or remote (internet).

          so you could not ping pfsense IP? 192.168.1.1? Did you look in this devices arp table? What did it show for this IP? Nothing?

          Is this device wired or wireless?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          stephenw10S 1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator @johnpoz
            last edited by

            You don't by chance have any wireless repeaters in play?

            1 Reply Last reply Reply Quote 0
            • D
              deanfourie
              last edited by deanfourie

              No, I cannot ping ANYTHING including pfSense.

              No wireless repeaters at all.

              I didn't check the ARP table to be fair, I have very short windows to test as it's so intermittent. I will do this next time.

              I am only assuming it's ARP related because it is behaving like it is ARP related.

              On top of that, arpwatch is reporting that there is a bogon at 0.0.0.0 on all the host MACs which now further leads me to think that's it's ARP related.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @deanfourie
                last edited by

                @deanfourie said in ARP reports bogons:

                arpwatch is reporting that there is a bogon at 0.0.0.0 on all the host MACs

                Again this a PROBE!! you posted your pcap - that is not anything reporting that its IP is 0.0.0.0 at that mac, that is a arp probe can completely normal to see.. Or it a gratuitous arp..

                From your pcap

                arpprobe.jpg

                You would prob have found your problem already if you were not so obsessed with what arpwatch is reporting..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                D 1 Reply Last reply Reply Quote 0
                • D
                  deanfourie @johnpoz
                  last edited by

                  @johnpoz haha ok ok.

                  This time ill grab another capture and also check the ARP table and report back!

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @deanfourie
                    last edited by johnpoz

                    @deanfourie so all your devices are wireless? You have no wired devices at all, other then pfsense? And you pfsense is a VM, and your AP plugs into what.

                    A drawing of your network and what is plugged into what could be helpful in figuring out what is going on..

                    Can your device ping each other normally? It is quite possible on a AP to be able to do L2 isolation where clients can not actually talk to each other anyway.

                    You don't have a switch, and things plugged into this switch? A drawing of what is plugged into what, and what can not ping what when this happens would be very helpful in pinning down the central point that could fail and cause your problem.. If everything is wireless and you can not ping through the wireless to your pfsense that is wired, that would scream the AP, if there is switch and devices on the switch can talk to each other - again that screams AP. If wireless devices can ping each other, but can not ping stuff on the switch then that says switch, etc.

                    When you said your lease was fine, then its life was within the 1st 50% of your total lease time.. How long is your lease set for exactly? I believe it defaults to 2 hours, I adjusted mine to 4 days.. Because I have no need for a short lease in my setup..

                    Also a look at your arp table before when everything is working and when it fails would be helpful.. Normally clients have a very short lifetime on arp..

                    Windows is really short, like 30 seconds with a random .5 or 1.5 multiplier etc. so your looking at like a 45 second arp cache max, or like 15 seconds min.

                    You can adjust that..

                    $ netsh interface ipv4 show interface 16

Interface Local Parameters
----------------------------------------------
IfLuid                             : ethernet_32769
IfIndex                            : 16
State                              : connected
Metric                             : 20
Link MTU                           : 1500 bytes
Reachable Time                     : 19500 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms

                    Look in your arp table are they all showing dynamic, or stale? if your seeing stale and you talk to that IP a lot, then something really wrong with arp.

                    To rule out a just an arp issue, you could set a static arp for the device, can you ping it then when you have this problem, or does it still not ping?

                    So for example on your device that you said could not ping pfsense. If you set a static arp, and then the problem happens again, and you can still not ping your issue is just more than arp, and arp issues is just a symptom of a bigger networking issue.

                    Set a static arp on your device, and pfsense for your devices IP.. When it happens again if they can not talk even with static arp setup, then you have a just general complete loss of connectivity problem - and not just something dropping arp, etc.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    D 1 Reply Last reply Reply Quote 0
                    • D
                      deanfourie @johnpoz
                      last edited by

                      @johnpoz not all wireless, some are wired.

                      I don't think its client isolation from the AP as when everything is working, there is no client isolation, and everything works perfectly.

                      I'll do some testing as well with the wired clients and see if they are experiencing the same behavior. I'm never on a wired device as it always just happens so late.

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @deanfourie
                        last edited by johnpoz

                        @deanfourie see my edit about looking at the arp cache, etc. windows devices have a really short default arp cache.. you could try setting static arp entries to see if that removes those devices from the problem or not, etc..

                        And again - a drawing even if on a napkin with crayon and then you snap a picture on your phone to post would all give us a clear understanding of how everything is connected, and once we know devices that are effected and devices that are not - we can pinpoint the problem.

                        But unless all your devices were loosing their lease, this is has nothing to do with pfsense - when you say devices can not ping each other. Pfsense is not part of the conversation, devices on the same network pfsense is not involved in their conversations.. So if device A can not pings device B that is on the same network as A - and they have IPs - then pfsense has nothing to do with this issue.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        D 1 Reply Last reply Reply Quote 0
                        • D
                          deanfourie @johnpoz
                          last edited by

                          @johnpoz

                          diagram.png

                          D 1 Reply Last reply Reply Quote 0
                          • D
                            deanfourie @deanfourie
                            last edited by

                            @deanfourie just caught this in my packet CAP.

                            22:06:09.298158 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 340

                            johnpozJ 1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator @deanfourie
                              last edited by johnpoz

                              @deanfourie yeah that is a dhcp discover..

                              So you only run dhcp on vlan 11, 10 and 12 are all set static on the devices.

                              And your saying all your devices loose connectivity..

                              Where is the routing happening at your main switch there, because you show only a transit network that /27 from pfsense to your main switch? Its black not red for trunk?

                              /27 when you have all of rfc1918 to use seems a bit tight. What are these other vlans IP ranges?

                              But looks like green your iot vlan is same as your transit?

                              Curious why you don't just use /24 everywhere and match up your vlan id with your 3rd octet..

                              like 172.16.10/24 vlan 10, 172.16.11/24 vlan 11, 172.16.12/24 vlan 12, etc.

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              D 2 Replies Last reply Reply Quote 0
                              • D
                                deanfourie @johnpoz
                                last edited by

                                @johnpoz One thing I also noticed is that it doesn't appear that the DHCP leases are renewing.

                                I see the lease end time of say 20:30 and at 21:30, the lease still shows a end time for the same date of 20:30, which I take it that client did not renew its lease.

                                Instead of displaying and up to date lease of say 8 hours from the time of the old lease end time.

                                johnpozJ 1 Reply Last reply Reply Quote 0
                                • D
                                  deanfourie @johnpoz
                                  last edited by deanfourie

                                  @johnpoz no sorry,

                                  VLAN 10, DHCP handed out by pfSense for LAN
                                  VLAN 11, DHCP handed out by OpenWRT (no internet).

                                  Sorry it was a bit rushed. The pfSense has multiple NICs and thus routing not needed between VLANs.

                                  1 NIC is assigned via Hyper-V to the Home Assistant VM - doent not touch the LAN or pfSense, that is the VLAN 11. The Home Assistant VM has 2 NICS assigned - 1 for vlan 10 for LAN access, and one for VLAN11, IOT access.

                                  pfSense VM has 2 NICS assigned, one for WAN and one for LAN. Each NIC is plugged into the appropriate switchport as untagged, so just a switchport access mode as there is independent NICS for each VLAN.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    This feels like some layer2 issue. Like maybe something is creating a loop and it gets blocked temporarily.

                                    And/or you have VLANs leaking broadcast traffic and that's why you only see this when clients cannot renew their lease and have to broadcast for a new dhcp server. But pfSense can't respond.

                                    1 Reply Last reply Reply Quote 0
                                    • johnpozJ
                                      johnpoz LAYER 8 Global Moderator @deanfourie
                                      last edited by

                                      @deanfourie said in ARP reports bogons:

                                      Instead of displaying and up to date lease of say 8 hours from the time of the old lease end time

                                      which I asked you awhile back if that was happening.

                                      The Home Assistant VM has 2 NICS assigned - 1 for vlan 10 for LAN access, and one for VLAN11, IOT access.

                                      Multihome - yeah that is never good idea, unless its a isolated storage network or backup network, etc.

                                      Your drawing shows none of this detail - and from what is drawing looks like you have a transit network only "black" connecting pfsense to your main switch. And then all these vlans are downstream, etc.

                                      @deanfourie said in ARP reports bogons:

                                      pfSense VM has 2 NICS assigned, one for WAN and one for LAN.

                                      And where are these other vlans setup then. If pfsense is not aware of them? And what are their actual ip ranges - the only IP range you show is that /30

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                                      D 1 Reply Last reply Reply Quote 0
                                      • D
                                        deanfourie @johnpoz
                                        last edited by

                                        @johnpoz pfSense does not need to know about my VLANs because all the tagging is at switching level.

                                        There is no inter VLAN routing, none of the VLANs need to talk to each other, and only 1 of the VLANs has internet access, the LAN.

                                        So, the server has 4 NICS.

                                        1 for WAN
                                        1 for VLAN10 (LAN)
                                        1 for VLAN11
                                        1 for VLAN12

                                        If I have a VM that needs to be on any particular VLAN, I just assign that interface to the VM. If I want that VM to have internet access, I will assign it the LAN interface and so on, if I want that VM to have access to VLAN11, I will assign that interface or virtual switch to that particular VM.

                                        Think of the VLANs only from the first switch onwards. Nothing is VLAN related before the cisco switch, anything further down is trunked and then the appropriate devices have their required switchports in that VLAN, untagged.

                                        The wireless AP is a TRUNK because it is carrying all 3 VLANs.

                                        Does that make more sense?

                                        D johnpozJ 2 Replies Last reply Reply Quote 0
                                        • D
                                          deanfourie @deanfourie
                                          last edited by

                                          @deanfourie

                                          Also, not sure if related but here is a dump from my AP kernel

                                          [    0.000000] Linux version 5.4.188 (builder@buildhost) (gcc version 8.4.0 (OpenWrt GCC 8.4.0 r16554-1d4dea6d4f)) #0 Sat Apr 16 12:59:34 2022
[    0.000000] printk: bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 00019750 (MIPS 74Kc)
[    0.000000] MIPS: machine is Ubiquiti UniFi AC LR
[    0.000000] SoC: Qualcomm Atheros QCA956X ver 1 rev 0
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[    0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.000000] Zone ranges:
[    0.000000]   Normal   [mem 0x0000000000000000-0x0000000007ffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x0000000000000000-0x0000000007ffffff]
[    0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x0000000007ffffff]
[    0.000000] On node 0 totalpages: 32768
[    0.000000]   Normal zone: 288 pages used for memmap
[    0.000000]   Normal zone: 0 pages reserved
[    0.000000]   Normal zone: 32768 pages, LIFO batch:7
[    0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[    0.000000] pcpu-alloc: [0] 0 
[    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 32480
[    0.000000] Kernel command line: console=ttyS0,115200n8 rootfstype=squashfs,jffs2
[    0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes, linear)
[    0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes, linear)
[    0.000000] Writing ErrCtl register=00000000
[    0.000000] Readback ErrCtl register=00000000
[    0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[    0.000000] Memory: 122184K/131072K available (5259K kernel code, 192K rwdata, 688K rodata, 1212K init, 205K bss, 8888K reserved, 0K cma-reserved)
[    0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] NR_IRQS: 51
[    0.000000] random: get_random_bytes called from 0x80661a28 with crng_init=0
[    0.000000] CPU clock: 775.000 MHz
[    0.000000] clocksource: MIPS: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 4932285024 ns
[    0.000006] sched_clock: 32 bits at 387MHz, resolution 2ns, wraps every 5541893118ns
[    0.008226] Calibrating delay loop... 385.02 BogoMIPS (lpj=770048)
[    0.046712] pid_max: default: 32768 minimum: 301
[    0.051714] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes, linear)
[    0.059432] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes, linear)
[    0.071433] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[    0.081742] futex hash table entries: 256 (order: -1, 3072 bytes, linear)
[    0.089020] pinctrl core: initialized pinctrl subsystem
[    0.096871] NET: Registered protocol family 16
[    0.127233] clocksource: Switched to clocksource MIPS
[    0.133483] thermal_sys: Registered thermal governor 'step_wise'
[    0.133809] NET: Registered protocol family 2
[    0.144917] IP idents hash table entries: 2048 (order: 2, 16384 bytes, linear)
[    0.153242] tcp_listen_portaddr_hash hash table entries: 512 (order: 0, 4096 bytes, linear)
[    0.162125] TCP established hash table entries: 1024 (order: 0, 4096 bytes, linear)
[    0.170219] TCP bind hash table entries: 1024 (order: 0, 4096 bytes, linear)
[    0.177667] TCP: Hash tables configured (established 1024 bind 1024)
[    0.184498] UDP hash table entries: 256 (order: 0, 4096 bytes, linear)
[    0.191437] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes, linear)
[    0.199049] NET: Registered protocol family 1
[    0.203698] PCI: CLS 0 bytes, default 32
[    0.211446] workingset: timestamp_bits=14 max_order=15 bucket_order=1
[    0.224490] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.230677] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.253985] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251)
[    0.265157] pinctrl-single 1804002c.pinmux: 544 pins, size 68
[    0.272209] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled
[    0.281082] printk: console [ttyS0] disabled
[    0.285669] 18020000.uart: ttyS0 at MMIO 0x18020000 (irq = 9, base_baud = 1562500) is a 16550A
[    0.294776] printk: console [ttyS0] enabled
[    0.303842] printk: bootconsole [early0] disabled
[    0.323388] spi-nor spi0.0: mx25l12805d (16384 Kbytes)
[    0.328773] 7 fixed-partitions partitions found on MTD device spi0.0
[    0.335347] Creating 7 MTD partitions on "spi0.0":
[    0.340316] 0x000000000000-0x000000060000 : "u-boot"
[    0.346321] 0x000000060000-0x000000070000 : "u-boot-env"
[    0.352688] 0x000000070000-0x000000800000 : "firmware"
[    0.362083] 2 uimage-fw partitions found on MTD device firmware
[    0.368250] Creating 2 MTD partitions on "firmware":
[    0.373388] 0x000000000000-0x000000200000 : "kernel"
[    0.379384] 0x000000200000-0x000000790000 : "rootfs"
[    0.385329] mtd: device 4 (rootfs) set to be root filesystem
[    0.392899] 1 squashfs-split partitions found on MTD device rootfs
[    0.399345] 0x000000570000-0x000000790000 : "rootfs_data"
[    0.405771] 0x000000800000-0x000000f90000 : "kernel1"
[    0.411910] 0x000000f90000-0x000000fb0000 : "bs"
[    0.417561] 0x000000fb0000-0x000000ff0000 : "cfg"
[    0.423377] 0x000000ff0000-0x000001000000 : "art"
[    1.085535] ag71xx 19000000.eth: connected to PHY at mdio.0:04 [uid=004dd074, driver=Atheros 8031 ethernet]
[    1.096194] eth0: Atheros AG71xx at 0xb9000000, irq 4, mode: sgmii
[    1.102922] i2c /dev entries driver
[    1.108526] NET: Registered protocol family 10
[    1.118309] Segment Routing with IPv6
[    1.122255] NET: Registered protocol family 17
[    1.126934] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[    1.140334] 8021q: 802.1Q VLAN Support v1.8
[    1.145492] PCI host bridge /ahb/pcie-controller@18250000 ranges:
[    1.151855]  MEM 0x0000000012000000..0x0000000013ffffff
[    1.157258]   IO 0x0000000000000000..0x0000000000000000
[    1.162815] PCI host bridge to bus 0000:00
[    1.167070] random: fast init done
[    1.170604] pci_bus 0000:00: root bus resource [mem 0x12000000-0x13ffffff]
[    1.177710] pci_bus 0000:00: root bus resource [io  0x0000]
[    1.183471] pci_bus 0000:00: root bus resource [??? 0x00000000 flags 0x0]
[    1.190486] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
[    1.198712] pci 0000:00:00.0: [168c:003c] type 00 class 0x028000
[    1.204976] pci 0000:00:00.0: reg 0x10: [mem 0x00000000-0x001fffff 64bit]
[    1.212039] pci 0000:00:00.0: reg 0x30: [mem 0x00000000-0x0000ffff pref]
[    1.219034] pci 0000:00:00.0: supports D1
[    1.223184] pci 0000:00:00.0: PME# supported from D0 D1 D3hot
[    1.229993] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00
[    1.236877] pci 0000:00:00.0: BAR 0: assigned [mem 0x12000000-0x121fffff 64bit]
[    1.244459] pci 0000:00:00.0: BAR 6: assigned [mem 0x12200000-0x1220ffff pref]
[    1.252844] hctosys: unable to open rtc device (rtc0)
[    1.263620] VFS: Mounted root (squashfs filesystem) readonly on device 31:4.
[    1.277583] Freeing unused kernel memory: 1212K
[    1.282285] This architecture does not have kernel memory protection.
[    1.288937] Run /sbin/init as init process
[    1.872360] init: Console is alive
[    1.876149] init: - watchdog -
[    2.875804] kmodloader: loading kernel modules from /etc/modules-boot.d/*
[    2.911613] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
[    2.929838] init: - preinit -
[    4.262778] random: jshn: uninitialized urandom read (4 bytes read)
[    4.374294] random: jshn: uninitialized urandom read (4 bytes read)
[    4.406940] random: jshn: uninitialized urandom read (4 bytes read)
[    8.644672] eth0: link up (1000Mbps/Full duplex)
[    8.650199] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[    8.870054] jffs2: notice: (543) jffs2_build_xattr_subsystem: complete building xattr subsystem, 123 of xdatum (13 unchecked, 109 orphan) and 147 of xref (58 dead, 71 orphan) found.
[    8.888431] mount_root: switching to jffs2 overlay
[    8.897635] overlayfs: upper fs does not support tmpfile.
[    8.908728] urandom-seed: Seeding with /etc/urandom.seed
[    8.950032] eth0: link down
[    8.964570] procd: - early -
[    8.967699] procd: - watchdog -
[    9.591354] procd: - watchdog -
[    9.595696] procd: - ubus -
[    9.701912] urandom_read: 5 callbacks suppressed
[    9.701919] random: ubusd: uninitialized urandom read (4 bytes read)
[    9.754750] random: ubusd: uninitialized urandom read (4 bytes read)
[    9.767661] procd: - init -
[   10.600083] kmodloader: loading kernel modules from /etc/modules.d/*
[   10.665776] Loading modules backported from Linux version v5.10.110-0-g3238bffaf992
[   10.673742] Backport generated by backports.git v5.10.110-1-0-g1fbde860
[   10.734273] xt_time: kernel timezone is -0000
[   10.958405] PPP generic driver version 2.4.2
[   10.971983] NET: Registered protocol family 24
[   11.017494] urngd: v1.0.2 started.
[   11.046285] ath10k 5.10 driver, optimized for CT firmware, probing pci device: 0x3c.
[   11.072081] ath10k_pci 0000:00:00.0: enabling device (0000 -> 0002)
[   11.078731] ath10k_pci 0000:00:00.0: pci irq legacy oper_irq_mode 1 irq_mode 0 reset_mode 0
[   11.220429] crng init done
[   14.401546] ath10k_pci 0000:00:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043222ff sub 0000:0000
[   14.411128] ath10k_pci 0000:00:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0
[   14.423361] ath10k_pci 0000:00:00.0: firmware ver 10.1-ct-8x-__fW-022-ecad3248 api 2 features wmi-10.x,has-wmi-mgmt-tx,mfp,txstatus-noack,wmi-10.x-CT,ratemask-CT,txrate-CT,get-temp-CT,tx-rc-CT,cust-stats-CT,retry-gt2-CT,txrate2-CT,beacon-cb-CT,wmi-block-ack-CT crc32 3e4cf97f
[   14.837945] ath10k_pci 0000:00:00.0: board_file api 1 bmi_id N/A crc32 bebc7c08
[   15.786715] ath10k_pci 0000:00:00.0: 10.1 wmi init: vdevs: 16  peers: 127  tid: 256
[   15.804653] ath10k_pci 0000:00:00.0: wmi print 'P 128 V 8 T 410'
[   15.811123] ath10k_pci 0000:00:00.0: wmi print 'msdu-desc: 1424  sw-crypt: 0 ct-sta: 0'
[   15.819421] ath10k_pci 0000:00:00.0: wmi print 'alloc rem: 24984 iram: 38672'
[   15.876410] ath10k_pci 0000:00:00.0: htt-ver 2.1 wmi-op 2 htt-op 2 cal file max-sta 128 raw 0 hwcrypto 1
[   15.891662] ath10k_pci 0000:00:00.0: NOTE:  Firmware DBGLOG output disabled in debug_mask: 0x10000000
[   16.002796] ath: EEPROM regdomain: 0x0
[   16.002802] ath: EEPROM indicates default country code should be used
[   16.002805] ath: doing EEPROM country->regdmn map search
[   16.002817] ath: country maps to regdmn code: 0x3a
[   16.002822] ath: Country alpha2 being used: US
[   16.002825] ath: Regpair used: 0x3a
[   16.089128] ath: EEPROM regdomain: 0x0
[   16.089135] ath: EEPROM indicates default country code should be used
[   16.089138] ath: doing EEPROM country->regdmn map search
[   16.089151] ath: country maps to regdmn code: 0x3a
[   16.089155] ath: Country alpha2 being used: US
[   16.089158] ath: Regpair used: 0x3a
[   16.100858] ieee80211 phy1: Selected rate control algorithm 'minstrel_ht'
[   16.102738] ieee80211 phy1: Atheros AR9561 Rev:0 mem=0xb8100000, irq=2
[   16.188108] kmodloader: done loading kernel modules from /etc/modules.d/*
[   28.787739] br-lan: port 1(eth0.102) entered blocking state
[   28.793556] br-lan: port 1(eth0.102) entered disabled state
[   28.799621] device eth0.102 entered promiscuous mode
[   28.804788] device eth0 entered promiscuous mode
[   28.880001] wireless-br: port 1(eth0.101) entered blocking state
[   28.886265] wireless-br: port 1(eth0.101) entered disabled state
[   28.892777] device eth0.101 entered promiscuous mode
[   31.844716] eth0: link up (1000Mbps/Full duplex)
[   32.910547] ath10k_pci 0000:00:00.0: 10.1 wmi init: vdevs: 16  peers: 127  tid: 256
[   32.928492] ath10k_pci 0000:00:00.0: wmi print 'P 128 V 8 T 410'
[   32.934960] ath10k_pci 0000:00:00.0: wmi print 'msdu-desc: 1424  sw-crypt: 0 ct-sta: 0'
[   32.943275] ath10k_pci 0000:00:00.0: wmi print 'alloc rem: 24984 iram: 38672'
[   33.015698] ath10k_pci 0000:00:00.0: pdev param 0 not supported by firmware
[   33.031259] ath10k_pci 0000:00:00.0: rts threshold -1
[   33.037649] wireless-br: port 1(eth0.101) entered blocking state
[   33.043912] wireless-br: port 1(eth0.101) entered forwarding state
[   33.050565] br-lan: port 1(eth0.102) entered blocking state
[   33.056359] br-lan: port 1(eth0.102) entered forwarding state
[   33.097438] wireless-br: port 2(wlan0) entered blocking state
[   33.103432] wireless-br: port 2(wlan0) entered disabled state
[   33.109679] device wlan0 entered promiscuous mode
[   33.302976] br-lan: port 2(wlan1) entered blocking state
[   33.308518] br-lan: port 2(wlan1) entered disabled state
[   33.314323] device wlan1 entered promiscuous mode
[   33.319447] br-lan: port 2(wlan1) entered blocking state
[   33.324975] br-lan: port 2(wlan1) entered forwarding state
[   33.534402] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   33.571604] wireless-br: port 3(wlan1-1) entered blocking state
[   33.577784] wireless-br: port 3(wlan1-1) entered disabled state
[   33.584204] device wlan1-1 entered promiscuous mode
[   33.623596] wireless-br: port 3(wlan1-1) entered blocking state
[   33.629768] wireless-br: port 3(wlan1-1) entered forwarding state
[   33.749989] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1-1: link becomes ready
[   36.466343] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   36.473212] wireless-br: port 2(wlan0) entered blocking state
[   36.479198] wireless-br: port 2(wlan0) entered forwarding state
[1756695.582421] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756695.684797] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756695.787219] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756695.889613] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756695.992008] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756696.094407] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756696.196814] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756696.299216] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756696.401618] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756696.504021] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756696.606408] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756696.708829] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756696.811217] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756696.913629] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756697.016028] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756697.118430] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756697.220834] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756697.323231] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756697.425634] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756697.528036] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756697.630427] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756697.732827] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756697.835226] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756697.937647] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.040037] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.142438] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.244841] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.347243] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.449652] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.552057] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.654429] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.756838] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.830488] ath10k_pci 0000:00:00.0: Cannot communicate with firmware, previous wmi cmds: 40859:439098904 36904:439098863 36904:439098860 36890:439098815, jiffies: 439099712, attempting to fake crash and restart firmware, dev-flags: 0x42
[1756698.852413] ath10k_pci 0000:00:00.0: failed to send wmi nop: -11
[1756698.858846] ath10k_pci 0000:00:00.0: could not request stats (type -268435456 ret -143 specifier 1)
[1756698.868435] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.877582] ath10k_pci 0000:00:00.0: failed to send pdev bss chan info request: -143
[1756698.903022] ath10k_pci 0000:00:00.0: failed to send pdev bss chan info request: -143
[1756698.911413] ath10k_pci 0000:00:00.0: firmware crashed! (guid bdf15939-3a8a-4e43-80f5-b62575c62b0a)
[1756698.920952] ath10k_pci 0000:00:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043222ff sub 0000:0000
[1756698.930672] ath10k_pci 0000:00:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0
[1756698.943096] ath10k_pci 0000:00:00.0: firmware ver 10.1-ct-8x-__fW-022-ecad3248 api 2 features wmi-10.x,has-wmi-mgmt-tx,mfp,txstatus-noack,wmi-10.x-CT,ratemask-CT,regdump-CT,txrate-CT,flush-all-CT,pingpong-CT,ch-regs-CT,nop-CT,set-special-CT,get-temp-CT,tx-rc-CT,cust-stats-CT,retry-gt2-CT,txrate2-CT,beacon-cb-CT,wmi-block-ack-CT crc32 3e4cf97f
[1756698.974649] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756698.982500] ath10k_pci 0000:00:00.0: board_file api 1 bmi_id N/A crc32 bebc7c08
[1756698.990254] ath10k_pci 0000:00:00.0: htt-ver 2.1 wmi-op 2 htt-op 2 cal file max-sta 128 raw 0 hwcrypto 1
[1756699.000360] ath10k_pci 0000:00:00.0: firmware register dump:
[1756699.006431] ath10k_pci 0000:00:00.0: [00]: 0x00940750 0x00400C00 0x00980000 0x009AF0DC
[1756699.014859] ath10k_pci 0000:00:00.0: [04]: 0x009AF148 0x009AF264 0x00941B6C 0x00941B20
[1756699.023251] ath10k_pci 0000:00:00.0: [08]: 0x00941B00 0x009423A4 0x009422DC 0x009422C4
[1756699.031620] ath10k_pci 0000:00:00.0: [12]: 0x00941B90 0x009423F4 0x009423D4 0x009423DC
[1756699.039997] ath10k_pci 0000:00:00.0: [16]: 0x009423E4 0x009423EC 0x00942888 0x00942520
[1756699.048377] ath10k_pci 0000:00:00.0: [20]: 0x009424FC 0x0094241C 0x00942540 0x00942498
[1756699.056743] ath10k_pci 0000:00:00.0: [24]: 0x00942450 0x0094250C 0x009424D0 0x00942750
[1756699.065159] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756699.072975] ath10k_pci 0000:00:00.0: [28]: 0x00942798 0x00942844 0x009428C4 0x00942594
[1756699.081342] ath10k_pci 0000:00:00.0: [32]: 0x0094258C 0x00942C28 0x00942F4C 0x00942F7C
[1756699.089818] ath10k_pci 0000:00:00.0: [36]: 0x00942F90 0x00942FE4 0x00942FF8 0x00943040
[1756699.098203] ath10k_pci 0000:00:00.0: [40]: 0x0094077C 0x00940790 0x00943084 0x00942F00
[1756699.106615] ath10k_pci 0000:00:00.0: [44]: 0x009AF290 0x00942A80 0x00942D40 0x00942D64
[1756699.115007] ath10k_pci 0000:00:00.0: [48]: 0x00942D78 0x00942D9C 0x00957E18 0x00957E28
[1756699.123371] ath10k_pci 0000:00:00.0: [52]: 0x00957E20 0x00940788 0x009430EC 0x00000000
[1756699.131747] ath10k_pci 0000:00:00.0: [56]: 0x00000000 0x00000000 0x00000000 0x00000000
[1756699.140214] ath10k_pci 0000:00:00.0: Copy Engine register dump:
[1756699.146544] ath10k_pci 0000:00:00.0: [00]: 0x00057400   8   8   3   3
[1756699.153399] ath10k_pci 0000:00:00.0: [01]: 0x00057800  10  10 204 205
[1756699.160250] ath10k_pci 0000:00:00.0: [02]: 0x00057c00  12  12  75  76
[1756699.167120] ath10k_pci 0000:00:00.0: [03]: 0x00058000   9   9   9   9
[1756699.173974] ath10k_pci 0000:00:00.0: [04]: 0x00058400 861 861 216 176
[1756699.180822] ath10k_pci 0000:00:00.0: [05]: 0x00058800   0   0 223 224
[1756699.187673] ath10k_pci 0000:00:00.0: [06]: 0x00058c00  29  29  29  29
[1756699.194522] ath10k_pci 0000:00:00.0: [07]: 0x00059000   0   0   0   0
[1756699.201522] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756699.209447] ath10k_pci 0000:00:00.0: debug log header, dbuf: 0x411ac0  dropped: 0
[1756699.217480] ath10k_pci 0000:00:00.0: [0] next: 0x411aa8 buf: 0x40fefc sz: 1500 len: 64 count: 4 free: 0
[1756699.227450] ath10k_pci 0000:00:00.0: ath10k_pci ATH10K_DBG_BUFFER:
[1756699.234032] ath10k: [0000]: 5B8A3803 204CFC0B 0A000000 0B000000 6F8A3803 204CFC0B 0A000000 0B000000
[1756699.243569] ath10k: [0008]: 848A3803 204CFC0B 0A000000 0B000000 988A3803 204CFC0B 0A000000 0B000000
[1756699.253107] ath10k_pci 0000:00:00.0: ATH10K_END
[1756699.258043] ath10k_pci 0000:00:00.0: [1] next: 0x411ac0 buf: 0x40f90c sz: 1500 len: 0 count: 0 free: 0
[1756699.272117] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756699.361236] ath10k_pci 0000:00:00.0: removing peer, cleanup-all, deleting: peer a77b3b38 vdev: 0 addr: ae:d8:c4:e7:ab:3d 
[1756699.372814] ath10k_pci 0000:00:00.0: removing peer, cleanup-all, deleting: peer 8ca9966e vdev: 0 addr: 74:ac:b9:c5:38:cf 
[1756699.384417] ath10k_pci 0000:00:00.0: SWBA overrun on vdev 0, skipped old beacon
[1756699.495173] ieee80211 phy0: Hardware restart was requested
[1756700.436450] ath10k_pci 0000:00:00.0: 10.1 wmi init: vdevs: 16  peers: 127  tid: 256
[1756700.454677] ath10k_pci 0000:00:00.0: wmi print 'P 128 V 8 T 410'
[1756700.461343] ath10k_pci 0000:00:00.0: wmi print 'msdu-desc: 1424  sw-crypt: 0 ct-sta: 0'
[1756700.469859] ath10k_pci 0000:00:00.0: wmi print 'alloc rem: 24984 iram: 38672'
[1756700.542651] ath10k_pci 0000:00:00.0: pdev param 0 not supported by firmware
[1756700.550368] ath10k_pci 0000:00:00.0: set-coverage-class, phyclk: 88  value: 0
[1756700.558825] ath10k_pci 0000:00:00.0: rts threshold -1
[1756700.573988] ath10k_pci 0000:00:00.0: device successfully recovered
[1756743.062664] device wlan0 left promiscuous mode
[1756743.067661] wireless-br: port 2(wlan0) entered disabled state
[1756743.076396] device wlan1-1 left promiscuous mode
[1756743.081524] wireless-br: port 3(wlan1-1) entered disabled state
[1756743.537741] ath10k_pci 0000:00:00.0: mac flush null vif, drop 0 queues 0xffff
[1756748.750517] ath10k_pci 0000:00:00.0: failed to flush transmit queue (skip 0 ar-state 1 pending-tx 4): 0
[1756749.006033] device wlan1 left promiscuous mode
[1756749.010997] br-lan: port 2(wlan1) entered disabled state
[1756751.670348] ath10k_pci 0000:00:00.0: 10.1 wmi init: vdevs: 16  peers: 127  tid: 256
[1756751.688671] ath10k_pci 0000:00:00.0: wmi print 'P 128 V 8 T 410'
[1756751.695323] ath10k_pci 0000:00:00.0: wmi print 'msdu-desc: 1424  sw-crypt: 0 ct-sta: 0'
[1756751.703812] ath10k_pci 0000:00:00.0: wmi print 'alloc rem: 24984 iram: 38672'
[1756751.776440] ath10k_pci 0000:00:00.0: pdev param 0 not supported by firmware
[1756751.792165] ath10k_pci 0000:00:00.0: rts threshold -1
[1756751.816976] wireless-br: port 2(wlan0) entered blocking state
[1756751.823161] wireless-br: port 2(wlan0) entered disabled state
[1756751.829572] device wlan0 entered promiscuous mode
[1756751.997667] br-lan: port 2(wlan1) entered blocking state
[1756752.003390] br-lan: port 2(wlan1) entered disabled state
[1756752.009358] device wlan1 entered promiscuous mode
[1756752.014566] br-lan: port 2(wlan1) entered blocking state
[1756752.020270] br-lan: port 2(wlan1) entered forwarding state
[1756752.137015] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[1756752.153979] wireless-br: port 3(wlan1-1) entered blocking state
[1756752.160453] wireless-br: port 3(wlan1-1) entered disabled state
[1756752.167073] device wlan1-1 entered promiscuous mode
[1756752.190875] wireless-br: port 3(wlan1-1) entered blocking state
[1756752.197233] wireless-br: port 3(wlan1-1) entered forwarding state
[1756752.320193] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1-1: link becomes ready
[1756755.105306] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[1756755.112439] wireless-br: port 2(wlan0) entered blocking state
[1756755.118621] wireless-br: port 2(wlan0) entered forwarding state
                                          1 Reply Last reply Reply Quote 0
                                          • johnpozJ
                                            johnpoz LAYER 8 Global Moderator @deanfourie
                                            last edited by johnpoz

                                            @deanfourie said in ARP reports bogons:

                                            VLANs because all the tagging is at switching level.

                                            Huh? Not how it works, while the vlans might be untagged - then pfsense would need interfaces on those native network. But you say it only has a transit, then your doing routing at your main switch? And none of those networks at layer 2 should be able to even get to pfsense, etc. And it would be only layer 3 to pfsense over your isolated L2 transit.

                                            You still haven't stated what IP ranges these other "vlans" are using - are they all part of that /30 which they shouldn't be if that is a transit..

                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                            If you get confused: Listen to the Music Play
                                            Please don't Chat/PM me for help, unless mod related
                                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.