LADVD 1.0.4.2 problem and suggestion
-
I recently ran into a problem with the LADVD package in connection with CDP and LLDP.
My network is very simple, and the management interface of my PFSense box is on the native vlan for the interface, vlan 1, and LADVD works perfectly in my environment.
My friend's network is a bit more complex, and his management interface is not on vlan 1, although vlan 1 is trunked along with several other vlans to the PFSense box. His PFSense box has no interfaces configured on VLAN 1 at all. The GUI for LADVD cannot be configured to give a working install in his environment.
I was able to start LADVD at the command line, and point it directly at the parent interface for my friend's internal vlans (in his case, em1), and then LADVD works just fine, and the pfsense box shows up as a CDP neighbor on his Cisco switch, and the switch showing up as a CDP neighbor in LADVD status.
I suggest that the parent interfaces be made available through the LADVD gui, since all of the link layer discovery protocols it supports travel on vlan 1.
I have tried to set up a shellcmd to start LADVD with the parameters that work, but I haven't been able to test it via reboot, as the box in question is currently in production. The option of binding to parent interfaces should be presented in the GUI.
The command that works for me is "ladvd -a em1".
Maybe this well help someone else who runs into the problem.
Cheers,
Bennett -
"I suggest that the parent interfaces be made available through the LADVD gui"
Huh?? I see all my interfaces in the gui, be it they are are physical or vlan.. See attached.. So I currently have it run on just my 2 physical interfaces lan and wlan.. But in the list is also my vlans.. Just move the little arrows to see your other interfaces…
-
I see all the abstracted interface names in the GUI, and none of them will allow traffic to travel on vlan 1.
Re-read what I wrote above and note the part about the native vlan (vlan 1) not having an interface on the PFSense machine in question. The "LAN" interface on the machine in question has a vlan tag other than 1 (990). Starting ladvd at the command line, and having it attach to em1, the parent interface of the six internal vlans, allows CDP traffic to flow as it must on vlan 1. Em1 is a trunk port that carries a total of seven vlans: 1,990,991,992,993,994,995. CDP is a layer 2 protocol that is carried on vlan 1.
I tried creating an additional vlan tagged as 1, and for testing assigned it to an interface, but it does not work with ladvd.
Additionally, we do not want any layer 3 interfaces on vlan 1.
I think the main point here is that all of the link layer discovery protocols, CDP, LLDP, EDP, and NDP are all layer 2 protocols that travel on vlan 1, and that if no interface is carrying vlan 1, then ladvd needs access to the underlying layer 2 "parent" interface (in my example, em1).
Cheers,
Bennett -
Not sure where there is any requirement for vlan 1, but whatever the native vlan is.. Ie no vlan tag if understanding correctly.. For example my em2 which is native vlan 20 with other vlan on that. There is no tag on vlan 20, it is the native vlan.
Now if I do no put a IP address on that - it should still work and the interface called wlan should still be in the lavd dropdown.. I can test later.
vlan 1 does not have to be the native vlan..
-
I'd found the same problem with the ladvd package. ladvd works on hardware interfaces, not vlans.
In my setup, all the interfaces configured in pfSense are tagged vlans - I don't use the parent interfaces for untagged operation, so they are not configured in pfSense and don't appear in the ladvd drop down. Unless there is a simple tweak possible to the XML that says 'hardware interfaces only', this is really an enhancement request for the pfSense package system.
-
still a bit confused on this.. Even if you don't setup a IP on the interface, is still not going to be listed - or could be.. You then run lavd on this interface…
What your wanting is the ability to pick in the gui a physical interface that has not been configured at all?? Could you just assign it to a opt interface, not give it any layer 3 and then just use that to run lavd? Or am I still missing something??
-
There's no such feature like "find parent physical interface(s)" in the package XML. There are at least two open bugs about lagg/vlan/bridge + LADVD. Patches welcome. Don't have time for this, don't have any good way to test it either.
https://redmine.pfsense.org/issues/3962
https://redmine.pfsense.org/issues/5081 -
still a bit confused on this.. Even if you don't setup a IP on the interface, is still not going to be listed - or could be.. You then run lavd on this interface…
What your wanting is the ability to pick in the gui a physical interface that has not been configured at all?? Could you just assign it to a opt interface, not give it any layer 3 and then just use that to run lavd? Or am I still missing something??
That's a work round of sorts. However, the package should forbid you from selecting a vlan. If you do so, ladvd keeps on churning out errors to the system log.
I think the right answer is to enhance the package manager to allow drop down lists of 'configured and physical interfaces' and 'physical interfaces only'. However, this is not important enough to me to fix at the moment - working LLDP on pfSense would be nice to have, but is hardly critical in my deployment.
-
"That's a work round of sorts. However, the package should forbid you from selecting a vlan. If you do so, ladvd keeps on churning out errors to the system log."
But how is not just selecting the interface you have assigned to the physical not a solution to the OP problem? I have lavd on my em1 and em2, which I do have L3 assigned too.. But you wouldn't have to if all you want to do is use vlans on that physical interface.
That being said cdp and lldp would go out on the physical and works on whatever vlan you have as the native, be 1 or 10 or 200, etc.. To me this is untagged traffic and just the physical wire at layer 2. Only reason you set it at the switch is too isolate that to its own broadcast domain.. So switch ports that are not part of that native vlan do not see this traffic.
If lavd does not work and generates errors when you pick a vlan interface, then sure guess that should be removed.. And you should only be able to pick the actual physical be it em0, 1, etc.. or the interface you assigned to that physical be it lan, opt1, opt2 (or whatever you change the label too).
I can how it should be updated in the package - I would think a note to the package maintainer could get that fixed up.. But still not seeing how this is any sort of real issue in the big picture.
"working LLDP on pfSense would be nice to have, but is hardly critical in my deployment."
It does work…
edit: hmm that is odd why is showing same mac for the ID.. em1 and em2 ... hmmm hose should be 02 and 03 for the last number in the mac.. Oh that is the device ID.. hmm would be better if that was the actual mac of the interface - which I thought it should be..ah it shows it
sg300#sho lldp neighbors GE 3Device ID: 00:50:56:00:00:01
Port ID: em2
Capabilities: Router
System Name: pfSense.local.lan
System description: FreeBSD 10.1-RELEASE-p15 #0 c5ab052(releng/10.1)-dirty: Sat Jul 25 20:20:58 CDT 2015 root@pfs22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_
Port description: Intel(R) PRO/1000 Legacy Network Connection 1.0.6
Management Address: 192.168.9.253
Management Address: 32.1.4.112.31.17
Management Address: 00:50:56:00:00:02
Time To Live: 172