Netgate 8200 MAX VLAN & Switch Configuration Issue
-
@smsigroupit just a remark: I'm still baffled that on the switch it allows not tagged VLAN 1 traffic on ports that have PVID set to 27. That really should not happen.
-
Update:
I already tried reverting to version 24.11, but the issue still persists.Thank you.
-
I also tested by changing the interface to igc1 for both LAN and VLAN, but the problem remains.
Thank you!
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
I also tested by changing the interface to igc1 for both LAN and VLAN, but the problem remains.
Have you got another switch you can try?
-
@patient0 said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
I also tested by changing the interface to igc1 for both LAN and VLAN, but the problem remains.
Have you got another switch you can try?
I will test the setup using another switch and provide an update afterward.
Thank you!
-
I already tested the setup using another switch, but the issue still persists.
-
@smsigroupit on another note: you have setup all the necessary firewall rules (one allow all rules at least) on the VLAN interfaces, I assume?
-
you have setup all the necessary firewall rules (one allow all rules at least) on the VLAN interfaces, I assume?
- Yes
When I disable Suricata, the VLAN works correctly. Which Suricata configuration could be interfering with VLAN functionality?
-
Suricata Config;
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
When I disable Suricata, the VLAN works correctly. Which Suricata configuration could be interfering with VLAN functionality?
I never used Suricata, someone else has to chime in. A search in the forum for 'suricata vlan' could be a start.
For example Important Info: Inline IPS Mode with Suricata and VLANs, post 4 talks about having to disable hardware features onix0to make it work with VLANs. -
Thank you!
-
@smsigroupit although I'm not using it myself, it be interesting to see if
ifconfig ix1 -vlanhwcsum -vlanhwfilter -vlanhwtagdoes work for you as mentioned the thread. -
Yes, I tested it and it is working.
ifconfig ix1 -vlanhwcsum -vlanhwfilter -vlanhwtag
I also added these cron jobs:
Job 1 - Set VLAN flags on ix1
Minute: @reboot
User: root
Command:
/bin/sh -c 'sleep 25 && /sbin/ifconfig ix1 -vlanhwcsum -vlanhwfilter -vlanhwtag'Job 2 - Restart Suricata after VLAN flags
Minute: @reboot
User: root
Command:
/bin/sh -c 'sleep 45 && /usr/sbin/service suricata restart'Thank you.
-
@smsigroupit said in Netgate 8200 MAX VLAN & Switch Configuration Issue:
Yes, I tested it and it is working.
Excellent news.
I also added these cron jobs:
If you like to use something that survives a reinstall, have a look at the 'Shellcmd' package (documentation: Executing Commands at Boot).
-
