Upgrade to 2.1.4 - vlan problem

muscou

I upgraded to 2.1.4 and my vlan configuration stopped working.  It might not be related to the upgrade and due to the fact that I rebooted the router or something else in my network but at this point in time, I really don't know where the problem is and what should I look at next.

I haved multiple vlan on one interface and this used to work prior to the upgrade.  I set my switch to mirror the port  connected to pfsense and when I ping from pfsense another device on one of the vlan, I see the outgoing packet from pfsense and the reply from the device but the ping is not successful.  I see no sign of the packet being dropped by the firewall and I don't see the packet when doing a capture on the interface

Two device on the same vlan but on different switch can sucessfully ping each other so I really doubt its a switch issue at this time.

Where should I look on pfsense to try to figure this out.  Thanks for your help

To recap :

1 - from pfsense  ping menu :

Ping output:

PING 192.168.35.2 (192.168.35.2): 56 data bytes

–- 192.168.35.2 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

2 - from pfsense packet capture using promiscuous mode
22:32:40.905355 ARP, Request who-has 192.168.35.2 tell 192.168.35.1, length 28
22:32:41.906252 ARP, Request who-has 192.168.35.2 tell 192.168.35.1, length 28
22:32:42.907355 ARP, Request who-has 192.168.35.2 tell 192.168.35.1, length 28

3 - from the switch on the port connected to pfsense ( only showing one pair of request/reply)
:
No.    Time        Source                Destination          Protocol Length Info
  3735 3602.321865 10:fe:ed:03:d5:f0    Broadcast            ARP      64    Who has 192.168.35.2?  Tell 192.168.35.1

Frame 3735: 64 bytes on wire (512 bits), 64 bytes captured (512 bits)
    Arrival Time: Jul 20, 2014 22:32:43.244718000 EDT
    Epoch Time: 1405909963.244718000 seconds

Yosef Nesirat

i am facing the same problem.

my interface is configured as follow:

fxp0_vlan5: flags=88a43 <up,broadcast,running,allmulti,simplex,multicast,staticarp>metric 0 mtu 1500
options=103 <rxcsum,txcsum,tso4>ether 00:1a:8c:11:26:5e
inet6 fe80::21a:8cff:fe11:264c%fxp0_vlan5 prefixlen 64 scopeid 0x9
inet 172.16.10.1 netmask 0xffffff00 broadcast 172.16.10.255
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 5 vlanpcp: 0 parent interface: fxp0

with DHCP server on vlan5

whe i dump on the pfsense i can see just the arp request :
13:38:05.663406 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
13:38:06.663421 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
13:38:07.680790 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
13:38:08.679397 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
13:38:09.603455 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 346: vlan 5, p 0, ethertype IPv4, 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:18:8b:a6:5c:36, length 300
13:38:09.679329 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
13:38:10.696802 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
13:38:11.695387 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
13:38:12.695393 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
13:38:13.713639 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42
13:38:14.711378 00:18:8b:a6:5c:36 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 5, p 0, ethertype ARP, Request who-has 172.16.10.1 tell 172.16.10.50, length 42

any patches or solution to this problem?

thanks in advance</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,tso4></up,broadcast,running,allmulti,simplex,multicast,staticarp>

heper

afaik, there are no known vlan issues with 2.1.4 … i have a couple of systems running without issues.

perhaps it is specific to a certain driver, or something got mixed up during the upgrade? (need more info about your setup)
perhaps it is a firewall rule, that is behaving differently after the upgrade?
perhaps it is ...... ?

are you absolutely certain the trunk port is setup correctly?
You could  test this by connecting a client directly to pfsense (remove the switch). Set a static vlan-id on the client. (this is possible on all major OS)

Yosef Nesirat

Hi ,

Thanks for your answer.

i had a sohpos asg 110/120 . i installed now on the same HW pfSense.

here are some information about network devices:

[2.1.4-RELEASE][root@c02506ccd392]/root(5): dmesg | grep pci
pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
pci0: <acpi pci="" bus="">on pcib0
pcib1: <pci-pci bridge="">at device 1.0 on pci0
pci1: <pci bus="">on pcib1
vgapci0: <vga-compatible display="">mem 0xf4000000-0xf7ffffff,0xfb000000-0xfbffffff irq 16 at device 0.0 on pci1
fxp0: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xff00-0xff3f mem 0xfdfff000-0xfdffffff,0xfdf80000-0xfdf9ffff irq 16 at device 9.0 on pci0
fxp1: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfe00-0xfe3f mem 0xfdffe000-0xfdffefff,0xfdfc0000-0xfdfdffff irq 16 at device 10.0 on pci0
fxp2: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfd00-0xfd3f mem 0xfdffd000-0xfdffdfff,0xfdf60000-0xfdf7ffff irq 17 at device 11.0 on pci0
fxp3: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfc00-0xfc3f mem 0xfdffc000-0xfdffcfff,0xfdfa0000-0xfdfbffff irq 17 at device 12.0 on pci0
atapci0: <via 6420="" sata150="" controller="">port 0xfb00-0xfb07,0xfa00-0xfa03,0xf900-0xf907,0xf800-0xf803,0xf700-0xf70f,0xf000-0xf0ff irq 20 at device 15.0 on pci0
atapci0: [ITHREAD]
ata2: <ata channel="">at channel 0 on atapci0
ata3: <ata channel="">at channel 1 on atapci0
uhci0: <via 83c572="" usb="" controller="">port 0xf600-0xf61f irq 21 at device 16.0 on pci0
uhci1: <via 83c572="" usb="" controller="">port 0xf500-0xf51f irq 21 at device 16.1 on pci0
uhci2: <via 83c572="" usb="" controller="">port 0xf400-0xf41f irq 21 at device 16.2 on pci0
uhci3: <via 83c572="" usb="" controller="">port 0xf300-0xf31f irq 21 at device 16.3 on pci0
ehci0: <via vt6202="" usb="" 2.0="" controller="">mem 0xfdffb000-0xfdffb0ff irq 21 at device 16.4 on pci0
isab0: <pci-isa bridge="">at device 17.0 on pci0

the trunk port is configured correctly and i can see also the traffic on the pfsense.

I can see just requests packets and when i dump on fxp0_vlan5 (Valn 5  interface) i can see that the pfsense didn't answer this traffic at all.

the firewall rules are set correctly and i am not seeing any blocks.

• i have done test with the client as you suggest before i post my question .
  in this case i have the same issue.

perhaps i miss some configuration.

could you please send me your sysctl -a output ?</pci-isa></via></via></via></via></via></ata></ata></via></intel></intel></intel></intel></vga-compatible></pci></pci-pci></acpi></acpi>