no devices connected but still traffic on vlan ?
-
no device on this VLAN is connected ;)
any ideas why i can
see this
but see nothing here ...
br NP
-
Run a packet capture on it, see what's there.
At 60bps though it's probably just something ARPing or maybe some STP traffic.
Steve
-
@stephenw10 said in no devices connected but still traffic on vlan ?:
packet capture
oh yeah
thanks for the hint !done that ... its a mini "managed" 8p switch
doin this ...
seems kind of that there is VLAN1 "the default" turned on on this interface
wohaaa sounds fun gonna look into this !
br & thanks NP
-
Ah fun. Yes a I have a TP-Link switch that does that, leaks broadcast traffic between VLANs.
No way to disable VLAN1 on all ports on that device.
I no longer use it for anything but an unmanaged switch.Steve
-
tplink switch? 105e or 108e, yeah they do not allow you to remove vlan 1. There was a firmware "fix" for v3 of the hardware. And it even can be installed on the v2.
But yeah @stephenw10 has the best idea for these switches, don't use it for anything but a dumb switch. Mine has better use - its sitting on my self as a dust collector ;)
Prob wouldn't of been a big deal if they would of came back and said - oh shit, yeah that is not right - upgrade to firmware xyz to fix it.. But took about a year of them saying it was by design that you couldn't remove vlan 1 before they actually fixed it.. And they never back ported it.. Only reason figured out you could actually install the v3 firmware on the v2 is someone here posted you could.
So I would prob just stay clear of their entry level switches for sure.. Other than dumb switch with an IP on it ;)
And their AP do the same sort of nonsense..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 25.07 | Lab VMs 2.8, 25.07 -
I used mine to create a data tap. Since it doesn't use VLAN tags, it's fine
-
@johnpoz said in no devices connected but still traffic on vlan ?:
tplink switch? 105e or 108e
yeah here this one is a 108e version 5
hmmm thought the tech-troopers removed vlan1
but maye not on the uplink ;)
gonna checkfor low budget projects still solid hardware ...
;)NP
-
@noplan said in no devices connected but still traffic on vlan ?:
for low budget projects still solid hardware ...
Not if you can not remove vlan 1 - if not then its POS!! even if was free ;) if the goal is to do vlans..
if your on v5, I would sure hope you can remove vlan 1 - or they are back to be clueless to how vlans work ;)
There is nothing actually wrong with using the default vlan ID, the problem is that they would not let you remove it from ports that you didn't want to have anything to do with the default vlan.
So broadcasts would go to every port from vlan 1 ports.
-
Yeah if you have the v5 you should be able to remove vlan1 if you have the current firmware.
Mine is v1 (16 port) so I'm SoL.
Steve
-
yeah v5
to remove VLAN1
1st Step
2nd Step
then VLAN 1 is removed from the port
easy cheeeeeeesyyyy ;) as long as the firmware lets u do this ;)
and now the only thing i ve to do is to figure out
how or better what they were thinking when tey configured the uplinks on that switchwhy would they tag VLAN-1 on the uplink port ...
oh boy ... this will be fun
-
-
@noplan said in no devices connected but still traffic on vlan ?:
why would they tag VLAN-1 on the uplink port ...
Because like I said they don't actually have a clue to how vlans are suppose to work ;)
Why would you trust a company to do anything correctly that wouldn't allow you to remove vlan 1 from a port? If you were assigning the port to a different vlan?
-
I m crawlin through a lousy lazzy sloppy documentation
With a kind a daisy chain uplink connected switches terminating in 1 port of pfsense
As far as I can see this through
They got some untouched switches somewhere
That are on vlan 1 and r uplinking to this sweet daisy chain of tp LinksOh yeah fun... On a remote day!!
-
Mmm, VLAN1 should never be tagged outside a switch IMO. But that is just an opinion, technically vlan 1 is just as valid as any other tag.
It's really only because of misbehaving switches and bad documentation that VLAN 1 needs to be avoided. It still amazes me how many times we see people who think that tagged VLAN1 is the same as untagged.Steve
-
Yep it doesn't matter if it's tag 1777 or 1
As long as all of the switches know how to deal with it.The more and more we do this kind of work the more we find that kind of configs
Off topic a couple of days we fond a pfsBox
With Lan rule 1st line allow any2any then followed by 90 other rules ;) sweet? -
Was it labelled 'test - must delete' ?
Bonus points if it was on an interface group covering all the other interfaces including WAN!
I've seen things man!
Steve
-
Yeah you can tag vlan 1 if your equipment supports such a thing.. Its not a common or recommended thing to do... but sure you might have need to do such a thing at some point.
But vlan 1 wouldn't and shouldn't also be untagged - which couldn't happen. There should either be no untagged or native vlans on that port, or it needs to be something other than 1 if your going to tag 1, etc.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 25.07 | Lab VMs 2.8, 25.07 -
@stephenw10 said in no devices connected but still traffic on vlan ?:
Mmm, VLAN1 should never be tagged outside a switch IMO. But that is just an opinion, technically vlan 1 is just as valid as any other tag.
It's really only because of misbehaving switches and bad documentation that VLAN 1 needs to be avoided. It still amazes me how many times we see people who think that tagged VLAN1 is the same as untagged.I have noticed something curious with my Cisco SG 200-08 switch. When using port mirroring, it appears to use VLAN 1 tags on outgoing data from the switch port, but not incoming. It really had me confused, until I figured out where the VLAN tag was coming from. I assume that's an artifact of the port mirroring.
-
none of this equipment here needs or requires a VLAN1
this is
afaikwhat i see here, they use VLAN to seperate offices / teams whatever
with tPLink switches (from 8 tp 16 port and from v1 - v5)what i see here is that the whole "original" LAN (LAN interface on the pfsBox) leads to ports on the switches as tagged / untagged with VLAN1 (sometimes default setting sometimes confiurated as VLAN1)
so what i m guessing is that these folkes done some things with their equipment and were pretty lazzy as long as it worked and tagged vlan1 all around to get access to the gui of a TPLINK :)
gonna figure this out tomorrow after a nice chat with these hardware / network folks on site ;)
i ll keep u posted when i killed the broadcast caused by VLAN1 on that interface
brNP -
@noplan said in no devices connected but still traffic on vlan ?:
what i see here is that the whole "original" LAN (LAN interface on the pfsBox) leads to ports on the switches as tagged / untagged with VLAN1 (sometimes default setting sometimes confiurated as VLAN1)
Mmm, that sounds exactly like the work of someone who didn't understand the difference between tagged vlan1 and untagged.
