Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Add Interface Not Available for New VLAN

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 3 Posters 592 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      java007md
      last edited by

      Looking for suggestions on troubleshooting this situation.

      I added a new VLAN - 111, assigned it to an interface - pve, and enabled it. This is for use with proxmox vm's and container. I setup DHCP and DNS, both of which are working.

      When I went into the snort gui to add the new interface - there is no add button showing, just delete. As the screen captures hopefully show, I was able to add the other VLAN interfaces in the past.

      I have tried disabling the pve interface, applying changes, restarting snort, restarting the pfsense server, and the add button is still missing.

      I am overlooking something simple? Has anyone else experience this and resolved the problem, or does anyone ideas for next steps?

      Updated_Interface_assignments_Screenshot_20240104_145608.png

      pve_interface_enabled_Screenshot_20240104_143951.png

      snort_interfaces_no_add_button_Screenshot_20240104_143508.png

      Thanks for any suggestions or pointers.

      NogBadTheBadN 1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @java007md
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by bmeeks

          How far back in the past did you add the other VLAN interfaces? Like several Snort versions back, or very recently?

          I don't right away know of any reason for the 111 VLAN to not be showing up.

          I count 4 VLANs and the physical LAN2 interface assigned to igb3.

          In terms of Snort inspection, it will see the traffic on the 111 VLAN because by default it places the interface in promiscuous mode, and since it's running on the physical parent (igb3), then it is going to see all the traffic from all the VLANs defined on that physical interface. In fact, the argument could be made that running the Snort instances on each VLAN defined on igb3 is unnecessary because of the promiscuous mode instance on the igb3 physical interface (via LAN2).

          J 1 Reply Last reply Reply Quote 1
          • J
            java007md @bmeeks
            last edited by java007md

            @bmeeks I has been quite some time since the other VLAN's were setup and certainly at least a major version or two ago.

            Interesting point regarding the VLAN's on igb3 being seen via promiscuous mode. Perhaps I should drop the VLAN's on igb3 off the snort interface list altogether.

            It's not clear what happened to cause the problem, but I was able to "fix" the problem, by adding yet another VLAN (99), associating that with igb3, and low and behold the pve VLAN (111) was available to add within the snort gui - but the newly added VLAN 99 interface is not showing up! Probably something was corrupted over time. I will see how this works, and perhaps look at removing the VLAN's on igb3 within snort to streamline the configuration.

            Thanks for the reply and suggestions.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.