Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to reassign network port

    General pfSense Questions
    5
    61
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SteveITS Rebel Alliance @michmoor
      last edited by

      @michmoor You change only the description and the change is not saved? How about adding a dummy rule or separator, or other change? Wondering if your config isn’t saving.

      The brute force way would be to edit the config file and restore.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      M 2 Replies Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @SteveITS
        last edited by

        @steveits said in Unable to reassign network port:

        You change only the description and the change is not saved?

        Yep its not saving. Its really strange. There is something going on in the backend when these changes are done because when i check the system log there is a lot of activity. Its as though all interfaces do a soft restart. Connectivity on the LAN is never lost but modifications to vlan descriptions are never changed. I am on the 22.05 release.

        be32ae76-c890-414f-8cee-17cc804d33dd-image.png

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        1 Reply Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @SteveITS
          last edited by michmoor

          @steveits So took your advice and modified the config.xml. Ran the command

          rm /tmp/config.cache

          Afterward i see that the vlan description has changed. When i attempt to modify the vlan description through the GUI the changes do not stick. This is the only area throughout the pfsense configuration where i noticed there is a difficulty in having modifications changed. Something about Interfaces /Interface Assignments or Interfaces / VLANs

          edit:
          Every vlan description change causes the below issue.

          0b1d6eec-5342-47c3-9693-8cf9b7b6a104-image.png

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Sounds like you may be trying to apply something that's invalid. What change exactly are you trying to save.

            M 1 Reply Last reply Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @stephenw10
              last edited by

              @stephenw10 Hey Stephen,
              I got a redmine tracking this
              https://redmine.pfsense.org/issues/13933

              Something more is going on here. Im following the recipe on adding a LAGG. Thats how this all started. Anything that has to do with the interfaces [reassignment, vlans] does not save in the config. The only way to have my changes applied is by editing the config.xml directly.

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              M 1 Reply Last reply Reply Quote 1
              • M
                michmoor LAYER 8 Rebel Alliance @michmoor
                last edited by

                Unfortunately, the Redmine got rejected. That said, taking snippets of the config.xml can anyone spot an issue? This is easily reproducible issue on my side. Change a vlan tag description, network outage happens.

                	<vlans>
		<vlan>
			<if>lagg0</if>
			<tag>14</tag>
			<pcp></pcp>
			<descr><![CDATA[Internet_Of_Things]]></descr>
			<vlanif>lagg0.14</vlanif>
		</vlan>
		<vlan>
			<if>lagg0</if>
			<tag>11</tag>
			<pcp></pcp>
			<descr><![CDATA[Guest]]></descr>
			<vlanif>lagg0.11</vlanif>
		</vlan>
		<vlan>
			<if>lagg0</if>
			<tag>15</tag>
			<pcp></pcp>
			<descr><![CDATA[DMZ]]></descr>
			<vlanif>lagg0.15</vlanif>
		</vlan>
		<vlan>
			<if>lagg0</if>
			<tag>17</tag>
			<pcp></pcp>
			<descr><![CDATA[WORK]]></descr>
			<vlanif>lagg0.17</vlanif>
		</vlan>
		<vlan>
			<if>lagg0</if>
			<tag>3</tag>
			<pcp></pcp>
			<descr><![CDATA[Storage]]></descr>
			<vlanif>lagg0.3</vlanif>
		</vlan>
		<vlan>
			<if>lagg0</if>
			<tag>23</tag>
			<pcp></pcp>
			<descr><![CDATA[KidsZone]]></descr>
			<vlanif>lagg0.23</vlanif>
		</vlan>
	</vlans>

                <interfaces>
	<wan>
		<enable></enable>
		<if>ix3</if>
		<blockpriv></blockpriv>
		<blockbogons></blockbogons>
		<descr><![CDATA[WAN]]></descr>
		<alias-address></alias-address>
		<alias-subnet>32</alias-subnet>
		<spoofmac>00:e0:67:27:9d:78</spoofmac>
		<ipaddr>dhcp</ipaddr>
		<dhcphostname></dhcphostname>
		<dhcprejectfrom></dhcprejectfrom>
		<adv_dhcp_pt_timeout></adv_dhcp_pt_timeout>
		<adv_dhcp_pt_retry></adv_dhcp_pt_retry>
		<adv_dhcp_pt_select_timeout></adv_dhcp_pt_select_timeout>
		<adv_dhcp_pt_reboot></adv_dhcp_pt_reboot>
		<adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_backoff_cutoff>
		<adv_dhcp_pt_initial_interval></adv_dhcp_pt_initial_interval>
		<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
		<adv_dhcp_send_options></adv_dhcp_send_options>
		<adv_dhcp_request_options></adv_dhcp_request_options>
		<adv_dhcp_required_options></adv_dhcp_required_options>
		<adv_dhcp_option_modifiers></adv_dhcp_option_modifiers>
		<adv_dhcp_config_advanced></adv_dhcp_config_advanced>
		<adv_dhcp_config_file_override></adv_dhcp_config_file_override>
		<adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path>
	</wan>
	<lan>
		<enable></enable>
		<if>igc0</if>
		<descr><![CDATA[LAN]]></descr>
		<spoofmac></spoofmac>
		<ipaddr>192.168.50.254</ipaddr>
		<subnet>24</subnet>
		<ipaddrv6>track6</ipaddrv6>
		<track6-interface>wan</track6-interface>
		<track6-prefix-id>0</track6-prefix-id>
	</lan>
	<opt1>
		<descr><![CDATA[Sleepy_IoT_WLAN]]></descr>
		<if>lagg0.14</if>
		<spoofmac></spoofmac>
		<enable></enable>
		<ipaddr>192.168.14.254</ipaddr>
		<subnet>24</subnet>
	</opt1>
	<opt2>
		<descr><![CDATA[GuestNet_WLAN]]></descr>
		<if>lagg0.11</if>
		<enable></enable>
		<ipaddr>192.168.11.254</ipaddr>
		<subnet>24</subnet>
		<spoofmac></spoofmac>
	</opt2>
	<opt3>
		<descr><![CDATA[KIdsZone_WLAN]]></descr>
		<if>lagg0.23</if>
		<spoofmac></spoofmac>
		<enable></enable>
		<ipaddr>192.168.23.254</ipaddr>
		<subnet>24</subnet>
	</opt3>
	<opt4>
		<descr><![CDATA[DMZ]]></descr>
		<if>lagg0.15</if>
		<spoofmac></spoofmac>
		<enable></enable>
		<ipaddr>192.168.15.1</ipaddr>
		<subnet>24</subnet>
	</opt4>
	<opt5>
		<descr><![CDATA[WG_RemoteAccess]]></descr>
		<if>tun_wg1</if>
		<enable></enable>
		<spoofmac></spoofmac>
		<ipaddr>172.26.0.1</ipaddr>
		<subnet>24</subnet>
	</opt5>
	<opt6>
		<descr><![CDATA[WORK]]></descr>
		<if>lagg0.17</if>
		<enable></enable>
		<ipaddr>192.168.17.1</ipaddr>
		<subnet>29</subnet>
		<spoofmac></spoofmac>
	</opt6>
	<opt8>
		<descr><![CDATA[Kevin_WG_S2S]]></descr>
		<if>tun_wg2</if>
		<enable></enable>
		<spoofmac></spoofmac>
		<mtu>1460</mtu>
		<mss>1360</mss>
		<ipaddr>172.28.0.2</ipaddr>
		<subnet>30</subnet>
	</opt8>
	<opt9>
		<descr><![CDATA[PIA_VPN_Atlanta]]></descr>
		<if>ovpnc2</if>
		<enable></enable>
		<spoofmac></spoofmac>
	</opt9>
	<opt11>
		<descr><![CDATA[Storage]]></descr>
		<if>lagg0.3</if>
		<spoofmac></spoofmac>
		<enable></enable>
		<ipaddr>192.168.3.1</ipaddr>
		<subnet>29</subnet>
	</opt11>
	<opt12>
		<descr><![CDATA[IPsec_790CCV]]></descr>
		<if>ipsec1</if>
		<enable></enable>
		<spoofmac></spoofmac>
	</opt12>
</interfaces>

                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                Routing: Juniper, Arista, Cisco
                Switching: Juniper, Arista, Cisco
                Wireless: Unifi, Aruba IAP
                JNCIP,CCNP Enterprise

                M 1 Reply Last reply Reply Quote 0
                • M
                  michmoor LAYER 8 Rebel Alliance @michmoor
                  last edited by

                  @michmoor Going to go ahead and re-install pfsense+. Actually do the recovery option.
                  Question..this process puts a fresh copy of the pfsense software then the configuration? So if there was something in the OS that was not acting correctly it should, in theory, be gone when i go through the process?
                  In other words when i recover the config.xml im not bringing with it any issues from the previous install?

                  Firewall: NetGate,Palo Alto-VM,Juniper SRX
                  Routing: Juniper, Arista, Cisco
                  Switching: Juniper, Arista, Cisco
                  Wireless: Unifi, Aruba IAP
                  JNCIP,CCNP Enterprise

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Rebel Alliance @michmoor
                    last edited by

                    @michmoor The reinstall should reformat the drive.

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    1 Reply Last reply Reply Quote 1
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Yes, the only thing you would be bringing across is the config. Everything else will be recreated. So if you still see this it's either a bug in the code that affects all installs or something in your config specifically. Or both.

                      Steve

                      M 1 Reply Last reply Reply Quote 1
                      • M
                        michmoor LAYER 8 Rebel Alliance @stephenw10
                        last edited by

                        @stephenw10 @SteveITS Appreciate you both. I'll follow up once im done.

                        Firewall: NetGate,Palo Alto-VM,Juniper SRX
                        Routing: Juniper, Arista, Cisco
                        Switching: Juniper, Arista, Cisco
                        Wireless: Unifi, Aruba IAP
                        JNCIP,CCNP Enterprise

                        M 1 Reply Last reply Reply Quote 1
                        • M
                          michmoor LAYER 8 Rebel Alliance @michmoor
                          last edited by

                          Re-install went through without an issue. Couldnt do the recovery of the config.xml as the system stated it couldnt find it. No matter thats what 3-2-1 backup strategies are for.

                          Nevertheless, this didnt fix the issue. It is the most bizarre thing.

                          So whats my next steps? Any ideas?

                          Firewall: NetGate,Palo Alto-VM,Juniper SRX
                          Routing: Juniper, Arista, Cisco
                          Switching: Juniper, Arista, Cisco
                          Wireless: Unifi, Aruba IAP
                          JNCIP,CCNP Enterprise

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            So you restored the config and then couldn't change the descriptions? Or reconfigured it and then couldn't?

                            M 1 Reply Last reply Reply Quote 0
                            • M
                              michmoor LAYER 8 Rebel Alliance @stephenw10
                              last edited by

                              @stephenw10 Restored the configuration. Tried to change vlan description. Doesnt happen.

                              Firewall: NetGate,Palo Alto-VM,Juniper SRX
                              Routing: Juniper, Arista, Cisco
                              Switching: Juniper, Arista, Cisco
                              Wireless: Unifi, Aruba IAP
                              JNCIP,CCNP Enterprise

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Mmm, I can't reproduce this either.
                                I would have to guess something in your config is trying to apply invalid values when you change the VLAN description. The sort of thing I could imagine it being would be and MTU or link state type that it tries to apply as an inherited value to the parent. Since you are using vlans on a lagg that is a double layer of parent interfaces.

                                M 1 Reply Last reply Reply Quote 0
                                • M
                                  michmoor LAYER 8 Rebel Alliance @stephenw10
                                  last edited by michmoor

                                  @stephenw10 So its definitely something in the config or at least how the GUI works with the config.xml in the background. Took a spare 6100 and loaded my config.xml and the exact same symptoms show up. I apply a vlan description change, All interfaces bounce, and the vlan change never happens.
                                  Ive been reviewing both the <Interfaces> and <vlan? hierarchy and i couldnt tell you whats wrong. All looks good or at least nothing out of place.

                                  Strange thing is, when i make the change directly to the config.xml, no issue. vlan change goes through and no interface flaps.

                                  tail -f system.log when i change the vlan description the only things that stick out at me are the following

                                  Feb  6 18:44:56 GA-FW1 arpwatch[24336]: pcap_loop: The interface disappeared
Feb  6 18:44:56 GA-FW1 kernel: lagg0.23: promiscuous mode disabled
Feb  6 18:44:56 GA-FW1 kernel: vlan5: changing name to 'lagg0.23'

Feb  6 23:44:56 GA-FW1 php-fpm[36470]: /interfaces_vlan_edit.php: Gateway, NONE AVAILABLE

Feb  6 23:44:57 GA-FW1 php-fpm[12214]: /rc.linkup: Hotplug event detected 

Feb  6 23:49:46 GA-FW1 check_reload_status[334]: rc.newwanip starting lagg0.17
Feb  6 23:49:46 GA-FW1 check_reload_status[334]: rc.newwanip starting lagg0.3

                                  Its renewing WAN IP on my lagg facing my LAN? Something is strange.

                                  last edit

                                  Parsing the logs I dont know why newwanip is running on each interface and resyncing with OpenVPN.

                                  Feb 7 00:24:33	php-fpm	69922	/rc.newwanip: Resyncing OpenVPN instances for interface DMZ.
Feb 7 00:24:30	php-fpm	8705	/rc.newwanip: Resyncing OpenVPN instances for interface SLEEPY_IOT_WLAN.
Feb 7 00:24:26	php-fpm	36470	/rc.newwanip: Resyncing OpenVPN instances for interface KIDSZONE_WLAN.
Feb 7 00:24:24	php-fpm	27432	/rc.newwanip: Resyncing OpenVPN instances for interface STORAGE.
Feb 7 00:24:21	php-fpm	90475	/rc.newwanip: Resyncing OpenVPN instances for interface WORK.
Feb 7 00:16:46	php-fpm	69922	/interfaces.php: Resyncing OpenVPN instances for interface LAN.
Feb 6 23:57:56	php-fpm	27432	/interfaces.php: Resyncing OpenVPN instances for interface WORK.
Feb 6 23:50:04	php-fpm	36470	/rc.newwanip: Resyncing OpenVPN instances for interface DMZ.
Feb 6 23:50:02	php-fpm	69922	/rc.newwanip: Resyncing OpenVPN instances for interface SLEEPY_IOT

                                  Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                  Routing: Juniper, Arista, Cisco
                                  Switching: Juniper, Arista, Cisco
                                  Wireless: Unifi, Aruba IAP
                                  JNCIP,CCNP Enterprise

                                  stephenw10S 1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator @michmoor
                                    last edited by

                                    To be clear you are editing the Description field in Interfaces > Assignments > VLANs > Edit?

                                    Then saving that?

                                    Doing that will probably push interface options up to lagg0 and to the NICs that make up lagg0. And that in turn would mean anything else using those parents would inherit it. That's probably why you see everything reload. And somewhere there something is probably trying to set an invalid value. Though I would expect to see an error logged.

                                    Are you able to upload your config to use to examine?

                                    M 1 Reply Last reply Reply Quote 0
                                    • M
                                      michmoor LAYER 8 Rebel Alliance @stephenw10
                                      last edited by

                                      @stephenw10 I just updated my comment above adding more log messages that i find very strange.

                                      You tell me where to upload the config and you can have it. Appreciate the help on this.

                                      Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                      Routing: Juniper, Arista, Cisco
                                      Switching: Juniper, Arista, Cisco
                                      Wireless: Unifi, Aruba IAP
                                      JNCIP,CCNP Enterprise

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        You can upload it here: https://nc.netgate.com/nextcloud/s/2A3mxLXwMnFEFak

                                        Thanks

                                        M 1 Reply Last reply Reply Quote 0
                                        • M
                                          michmoor LAYER 8 Rebel Alliance @stephenw10
                                          last edited by

                                          @stephenw10 Done. Gave you the config along with my system logs during the time of the change. Just to reiterate, all this is was a vlan description change.

                                          config.xml
                                          systemlogs

                                          Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                          Routing: Juniper, Arista, Cisco
                                          Switching: Juniper, Arista, Cisco
                                          Wireless: Unifi, Aruba IAP
                                          JNCIP,CCNP Enterprise

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Great I have that.

                                            And just to be clear you're editing the description field in Interfaces > Assignments > VLANs > Edit?

                                            M 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post