Netgate 8200 MAX VLAN & Switch Configuration Issue
-
LAN IP : 192.168.12.0/24
VLAN IP: 172.25.26.0/24And/Or run a package capture on the trunk port (or mirror it if the switch allows) to check if the VLAN traffic passes through it.
- how to check this packet capture?
Thank you.
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
how to check this packet capture?
If the switch allows port mirroring then mirror trunk port 25 to some other port, connect a client to that port and run Wireshard or tcpdump on that client. Then check the captures packages for VLAN tagged traffic (see https://www.cyberly.org/en/how-do-you-use-wireshark-to-capture-traffic-on-a-vlan/index.html for example).
-
-
I already checked with Wireshark, and there are no VLAN 27 tags being sent.
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
I already checked with Wireshark, and there are no VLAN 27 tags being sent.
Are the other VLAN tags (31, 32, 33, 34) sent? Did you upgrade from 24.11 and if yes can revert to that version to see if that is an issue of 25.7 only?
I'm not sure how support works with Netgate. Either see if @stephenw10 (a Netgate employee) does know of some quirks with VLANs and the 8200. I'd be surprised since it's a very basic feature (which I use on almost every pfSense installation I got, but I don't own a 8200) but you never know. Or open a ticket with Netgate.
-
-
@smsigroupit just a remark: I'm still baffled that on the switch it allows not tagged VLAN 1 traffic on ports that have PVID set to 27. That really should not happen.
-
Update:
I already tried reverting to version 24.11, but the issue still persists.Thank you.
-
I also tested by changing the interface to igc1 for both LAN and VLAN, but the problem remains.
Thank you!
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
I also tested by changing the interface to igc1 for both LAN and VLAN, but the problem remains.
Have you got another switch you can try?
-
@patient0 said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
I also tested by changing the interface to igc1 for both LAN and VLAN, but the problem remains.
Have you got another switch you can try?
I will test the setup using another switch and provide an update afterward.
Thank you!
-
I already tested the setup using another switch, but the issue still persists.
-
@smsigroupit on another note: you have setup all the necessary firewall rules (one allow all rules at least) on the VLAN interfaces, I assume?
-
you have setup all the necessary firewall rules (one allow all rules at least) on the VLAN interfaces, I assume?
- Yes
When I disable Suricata, the VLAN works correctly. Which Suricata configuration could be interfering with VLAN functionality?
-
Suricata Config;
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
When I disable Suricata, the VLAN works correctly. Which Suricata configuration could be interfering with VLAN functionality?
I never used Suricata, someone else has to chime in. A search in the forum for 'suricata vlan' could be a start.
For example Important Info: Inline IPS Mode with Suricata and VLANs, post 4 talks about having to disable hardware features onix0to make it work with VLANs. -
Thank you!
-
@smsigroupit although I'm not using it myself, it be interesting to see if
ifconfig ix1 -vlanhwcsum -vlanhwfilter -vlanhwtagdoes work for you as mentioned the thread. -
Yes, I tested it and it is working.
ifconfig ix1 -vlanhwcsum -vlanhwfilter -vlanhwtag
I also added these cron jobs:
Job 1 - Set VLAN flags on ix1
Minute: @reboot
User: root
Command:
/bin/sh -c 'sleep 25 && /sbin/ifconfig ix1 -vlanhwcsum -vlanhwfilter -vlanhwtag'Job 2 - Restart Suricata after VLAN flags
Minute: @reboot
User: root
Command:
/bin/sh -c 'sleep 45 && /usr/sbin/service suricata restart'Thank you.
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
Yes, I tested it and it is working.
Excellent news.
I also added these cron jobs:
If you like to use something that survives a reinstall, have a look at the 'Shellcmd' package (documentation: Executing Commands at Boot).
