Questions regarding VLANs

deanfourie

So i've just trunked 2 vlans through to pfSense, and I had everything setup and working perfectly but after a reboot everything broke.

I connected via serial and I could see that it looked like all the Interface configuration had reset. I did some testing and it seems that if I added igb1 (my LAN interface and trunk parent interface) as a Interface Assignment, everything just broke.

So, is the general practice here to not assign the parent or physical interface if you are trunking on it? It's a real pain as I am sure one day I will go ahead and assign it completely forgetting that I can not assign it.

Thanks

stephenw10

I would recommend not assigning a VLAN parent interface if possible but not because it would break the config in some way. If you have parent (untagged) interface assigned then any traffic from VLANs that is incorrectly untagged somewhere can end up on that interface with unexpected results. If it's unassigned that is just dropped. So it makes the network less vulnerable to VLAN misconfiguration on a switch or a cable incorrectly connected.
But that should and does work fine with correctly configured VLANs. So something else has happened in your case to make the config invalid.

Did you show an alert that the config had rolled back?

Or a ZFS BE rolled back?

Steve

deanfourie

@stephenw10 said in Questions regarding VLANs:

I would recommend not assigning a VLAN parent interface if possible but not because it would break the config in some way. If you have parent (untagged) interface assigned then any traffic from VLANs that is incorrectly untagged somewhere can end up on that interface with unexpected results. If it's unassigned that is just dropped. So it makes the network less vulnerable to VLAN misconfiguration on a switch or a cable incorrectly connected.
But that should and does work fine with correctly configured VLANs. So something else has happened in your case to make the config invalid.

Did you show an alert that the config had rolled back?

Or a ZFS BE rolled back?

Steve

I just rebooted again and it boots straight into the Interface configuration wizard, wont continue until interfaces are configured again.

Bob.Dig

@deanfourie Are you still running virtually?

stephenw10

It should show above that wizard which interface is in the config but not present on the system. That's the only reason it should end up there.

deanfourie

@Bob-Dig no I am running on a physical appliance

deanfourie

@stephenw10 yes it is it displays only the 4 physical interfaces. Igb1 2 3 and 0.

Does not show any vlans however the vlans are available to choose from when assigning the interfaces.

It’s so strange, I tried to replicate last night on a vm, but I cannot.

stephenw10

Ok but it would usually specifically show which interface it thinks is missing. VLANs don't count, they are not in the interface check process along with other sub-interface types.

deanfourie

@stephenw10 oh ok, then no interfaces are missing. It shows all available interfaces. There are 4 physical and it shows igb1, igb2, igb3 and igb0

stephenw10

You should only ever end up at the interface assign prompt if there is an interface in the config that isn't present in the system. And when that happens it should list the missing intrerfaces.

For example if I break it deliberately:

Warning: Configuration references interfaces that do not exist: em0

Network interface mismatch -- Running interface assignment option.

Valid interfaces are:

igc0    00:08:a2:12:e2:cc (down) Intel(R) Ethernet Controller I226-V
igc1    00:08:a2:12:e2:cd (down) Intel(R) Ethernet Controller I226-V
igc2    00:08:a2:12:e2:ce (down) Intel(R) Ethernet Controller I226-V
igc3    00:08:a2:12:e2:cf   (up) Intel(R) Ethernet Controller I226-V
ix0     00:08:a2:12:e2:ca (down) Intel(R) X553 N (SFP+)
ix1     00:08:a2:12:e2:cb   (up) Intel(R) X553 N (SFP+)
ix2     00:08:a2:12:e2:c9   (up) Intel(R) X553 (1GbE)
ix3     00:08:a2:12:e2:c8   (up) Intel(R) X553 (1GbE)

Do VLANs need to be set up first?
If VLANs will not be used, or only for optional interfaces, it is typical to
say no here and use the webConfigurator to configure VLANs later, if required.

Should VLANs be set up now [y|n]? 

Do you not see that?

deanfourie

@stephenw10 Ok yes I just did another reboot and here what I get.

Welcome to Netgate pfSense Plus 23.09.1-RELEASE...

Checking dump device /dev/gpt/swap1 for crash dumps ... no crash dumps on /dev/gpt/swap1.
...ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg /usr/local/lib/ipsec /usr/local/lib/perl5/5.34/mach/CORE
32-bit compatibility ldconfig path:
done.
3368
>>> Removing vital flag from php82...done.
External config loader 1.0 is now starting... ada0p1 ada0p2 ada0p3 ada0p4
Launching the init system...Updating CPU Microcode...
CPU: Intel(R) Atom(TM) Processor E3930 @ 1.30GHz (1286.40-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x506c9  Family=0x6  Model=0x5c  Stepping=9
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x4ff8ebb7<SSE3,PCLMULQDQ,DTES64,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,RDRAND>
  AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
  AMD Features2=0x101<LAHF,Prefetch>
  Structured Extended Features=0x2294e283<FSGSBASE,TSCADJ,SMEP,ERMS,NFPUSG,MPX,PQE,RDSEED,SMAP,CLFLUSHOPT,PROCTRACE,SHA>
  Structured Extended Features3=0x2c000400<MD_CLEAR,IBPB,STIBP,ARCH_CAP>
  XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
  IA32_ARCH_CAPS=0xc79<RDCL_NO,SKIP_L1DFL_VME,SSB_NO,MDS_NO>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
  TSC: P-state invariant, performance statistics
Done.
 done.
Initializing................... done.
Starting device manager (devd)...ichsmb0: <Intel Broxton SMBus controller> port 0xf040-0xf05f mem 0x91412000-0x914120ff at device 31.1 on pci0
pcib0: no PRT entry for 0.31.INTA
ichsmb0: can't get IRQ
device_attach: ichsmb0 attach returned 6
done.
Loading configuration....done.
Updating configuration...done.
Warning: Configuration references interfaces that do not exist: tailscale0

Network interface mismatch -- Running interface assignment option.

Valid interfaces are:

igb0    7c:5a:1c:d8:55:4f (down) Intel(R) I211 (Copper)
igb1    7c:5a:1c:d8:55:4c (down) Intel(R) I211 (Copper)
igb2    7c:5a:1c:d8:55:4d (down) Intel(R) I211 (Copper)
igb3    7c:5a:1c:d8:55:4e (down) Intel(R) I211 (Copper)

Do VLANs need to be set up first?
If VLANs will not be used, or only for optional interfaces, it is typical to
say no here and use the webConfigurator to configure VLANs later, if required.

Should VLANs be set up now [y|n]? igb1: link state changed to UP
igb2: link state changed to UP
2024-10-05T13:45:52.208007+13:00 - php-fpm 405 - - /rc.linkup: Ignoring link event during boot sequence.
2024-10-05T13:45:52.733778+13:00 - php-fpm 405 - - /rc.linkup: Ignoring link event during boot sequence.

deanfourie

Ah damn, so its the tailscale0 interface messing things up? Not sure how I missed this.

I assume this is because Tailscale has not yet started, and therefor has not yet created the interface.

Is there a way around this?

stephenw10

Aha. Yes that's because tailscale isn't present at that point but you have assigned it as an interface. But tailscale should never be assigned.

You should unassign it.
https://redmine.pfsense.org/issues/14780