PfSense VLAN + switch tagging trunk questions
-
Sorry, my mistake. I haven't had my morning beer yet.
So, you have VLANs enabled on that switch. Is that traffic coming from the switch where you're monitoring or is it being received by it? With managed switches, you can test at each end and then see what happens. So, if you see those tagged frames coming in, are they being sent out on the appropriate port? I see STUN packets. That implies VoIP or perhaps games? Where is that port you're monitoring in relation to your Internet connection. Hopefully, you're not trying to send VLAN frames out to the Internet.
-
Yup vlan 4 is my IOT vlan and vlan 6 is VOIP, the screen shot was just to show @jwhitewick01 what to set as a column rule.
I did a capture on my pfsense parent interface.
-
Then why is VLAN4 showing a STUN packet? That should be on VLAN6. Is that packet incoming to pfSense? Or outgoing? I also see a router advertisement on there. I assume that MAC address matches the pfSense port and you don't another router out on VLAN5. And that 172.16.6.1 is pfSense on VLAN6. There is at least some communication between 172.16.6.2 and .1 Is that .2 on the correct VLAN?
-
The STUN packet would appear to be from my Apple-TV.
I don't normally resolve hostnames.
The capture was done on my pfSense interface hence the RA.
Ah they do use STUN.
https://support.apple.com/en-us/HT202944
-
Whoever it it, it's a STUN packet on a VLAN that's supposed to be IoT, You'd normally only see STUN with VoIP or some games. Also, the VLAN IDs on pfSense don't appear to match up with those on the switch. They must be the same everywhere. So, if you have IoT on VLAN4 in pfSense, then it must also be VLAN4 on the switch trunk port.
-
The VLAN IDs are correct both end as I said previously "vlan 4 is my IOT vlan and vlan 6 is VOIP"
The STUN packets on vlan 4 are from 2 x Apple-TVs.
I'd see STUN packets on vlan 4 (IOT) and vlan 6 (VOIP).
-
@NogBadTheBad said in PfSense VLAN + switch tagging trunk questions:
The VLAN IDs are correct both end
Then what's this?
Port 48 goes to my pfsense firewall
Untagged vlan 1 by default on port 48
Vlan 11 tagged on port 48
Vlan 12 tagged on port 48
Vlan 13 tagged on port 48Those certainly don't look like 4, 5 & 6 to me.
-
@JKnott said in PfSense VLAN + switch tagging trunk questions:
@NogBadTheBad said in PfSense VLAN + switch tagging trunk questions:
The VLAN IDs are correct both end
Then what's this?
Port 48 goes to my pfsense firewall
Untagged vlan 1 by default on port 48
Vlan 11 tagged on port 48
Vlan 12 tagged on port 48
Vlan 13 tagged on port 48Those certainly don't look like 4, 5 & 6 to me.
LOL I'm not @jwhitewick01 !
-
That's what happens when someone takes over anohter's thread.
Your trunk 4, for example, where is it supposed to go? Does it get there so that you can see those STUN packets arriving where they're supposed to? I don't know what you have and haven't seen much in useful info to help with whatever your problem is?
Scrolling back, the first post I see from you is in response to my suggestion that the OP use Wireshark. Why did you post a capture there? All you seem to be doing at that point is creating confusion.
Also, I don't know about others here, but I don't sit around watching a thread all day. I'm at my desk, with the forum open. I see when there's a new post in some thread and then read it, so I'm not paying close attention to what happened earlier. When you posted in the thread with only the capture and no other comment, what was I supposed to assume?
-
To show the @jwhitewick01 how to set a column up in wireshark.
-
Well that went off the rails
Let's wait to hear from jwhitewick01.
-
@stephenw10 I will have to wait for this tuesday coming to go on site in order to test.