Sudden problem with lag0 vlan unable to communicate
-
I'm not sure when this issue started. I am using netgate hardware (XG-7100) and have a system connected to port 3 (configured as lag0.33 VLAN 33 interface). The system is configured with IP 10.10.33.2. I am able to ping the interface from other VLANs, but I cannot ping 10.10.33.2. I tried logging in to pfsense and am unable to ping 10.10.33.2. Instead I get a ping sendto permission denied error:
PING 10.10.33.2 (10.10.33.2): 56 data bytes ping: sendto: Permission deniedI have another system connected to port 1 as lag0.31, VLAN 31, and it is working fine. I have interface ix1 configured with VLANS going to a switch for the rest of my network. I recently changed that switch out, and everything on that switch is communicating fine, including with the lag0.31 interface.
I have been trying to figure out where/how to troubleshoot this issue. I even tried to delete the lag0.33 interface and add it back, but nothing changed. I also tried to add an allow any any rule to eliminate firewall issues, but it was the same result. Even as root on the pfsense system, I can't ping the interface and a pcap of the interface with promiscuous mode is showing arp traffic if I try to ping a non existent IP on the same subnet from a VLAN on ix1, so I know the packets are at least getting to the interface. I'm at a loss on where else to check.
The only other differences were an upgrade recently to the latest pfsense 23.09 and suricata 7.0.2. I also tried to disable the suricata instance monitoring that interface. What else could possibly cause this issue?
-
For anyone that needs it, I was finally able to get this working again by loading a new firmware image to pfsense and reloading the config. Once it was all back up again, the interfaces were working. No idea what caused it or why, I was never able to track that down, but at least it's functioning properly.