VLAN interface on WAN interface not tagging frames

NogBadTheBad

@gravyface said in VLAN interface on WAN interface not tagging frames:

I210-AT

No worries, it was worth a try

Derelict

I have certainly never heard of an igb interface not supporting VLAN tags.

Post Interfaces > Assignments and, for good measure, the output of ifconfig -vma.

gravyface

@Derelict

[2.4.4-RELEASE][root@pfSense.localdomain]/root: ifconfig -vma
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6500bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCS                                                                                                                                                             UM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        capabilities=753fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN                                                                                                                                                             _HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NET                                                                                                                                                             MAP,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:1f:29:bc:e7:9a
        hwaddr 00:0d:b9:52:3b:e8
        inet6 fe80::20d:b9ff:fe52:3be8%igb0 prefixlen 64 scopeid 0x1
        inet xx.xx.xx.220 netmask 0xfffffff8 broadcast xx.xx.xx.223
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        supported media:
                media autoselect
                media 1000baseT
                media 1000baseT mediaopt full-duplex
                media 100baseTX mediaopt full-duplex
                media 100baseTX
                media 10baseT/UTP mediaopt full-duplex
                media 10baseT/UTP
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCS                                                                                                                                                             UM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        capabilities=753fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN                                                                                                                                                             _HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NET                                                                                                                                                             MAP,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0d:b9:52:3b:e9
        hwaddr 00:0d:b9:52:3b:e9
        inet 10.171.1.1 netmask 0xffffff00 broadcast 10.171.1.255
        inet6 fe80::1:1%igb1 prefixlen 64 scopeid 0x2
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        supported media:
                media autoselect
                media 1000baseT
                media 1000baseT mediaopt full-duplex
                media 100baseTX mediaopt full-duplex
                media 100baseTX
                media 10baseT/UTP mediaopt full-duplex
                media 10baseT/UTP
igb2: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCS                                                                                                                                                             UM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        capabilities=753fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN                                                                                                                                                             _HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NET                                                                                                                                                             MAP,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0d:b9:52:3b:ea
        hwaddr 00:0d:b9:52:3b:ea
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: no carrier
        supported media:
                media autoselect
                media 1000baseT
                media 1000baseT mediaopt full-duplex
                media 100baseTX mediaopt full-duplex
                media 100baseTX
                media 10baseT/UTP mediaopt full-duplex
                media 10baseT/UTP
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: enc
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        capabilities=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
pflog0: flags=100<PROMISC> metric 0 mtu 33160
        groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
        groups: pfsync
        syncpeer: 224.0.0.240 maxupd: 128 defer: on
        syncok: 1
igb0.10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        capabilities=600703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:1f:29:bc:e7:9a
        inet6 fe80::20d:b9ff:fe52:3be8%igb0.10 prefixlen 64 scopeid 0x8
        inet 192.168.88.254 netmask 0xffffff00 broadcast 192.168.88.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        supported media:
                media autoselect
        vlan: 10 vlanpcp: 0 parent interface: igb0
        groups: vlan

interface.assignments.PNG

gravyface

Something is definitely unstable with this Microtik: I've attempted to remove the MAC address restriction from the passthrough options and it's now unresponsive.

Derelict

I have never, ever, seen an igb port (or any port) not tag in that case. I would look elsewhere for the problem.

You will not see VLAN tags capturing on LTEMGMT there. You will have to capture on WAN.

If you don't want to trust pfSense's tcpdump/packet capture, capture on a mirror port on a switch between igb0 and the mikrotik/wan.

gravyface

I think the problem may be due to the fact that parent/child interfaces share the same MAC address. I have passthrough enabled on the lte1/ether1 interfaces, which is locked to the MAC address of pfSense's WAN interface, but on the same physical interface, igb0.10 shares the same MAC. Might be throwing off the Mikrotik.

Derelict

That is 100% expected for VLANs.

gravyface

@Derelict I changed it via ifconfig and it didn't make a difference anyways.

gravyface

Wondering if I'd have better luck getting the Sierra Wireless MC7700 running on the ALIX and ditch the Microtik (which honestly feels kind of Fisher Price to me).

gravyface

@Derelict Ok, found a Microtik post on the parameters around the passthrough and it will reject traffic from a device with the same MAC as the passthrough device. As a workaround, you can create another VLAN interface on Microtik (I created VLAN 11) and did likewise on the pfSense.