Broadcast packets duplicated across VLAN
-
I can understand why there might be a need for more VLANs. What I don't understand is why he needs 4, based on what he's mentioned. For example, what's with the VPN on a VLAN? Where does the VLAN terminate? If other than on pfsense, that complicates routing. As discussed, the main LAN also shouldn't be on a VLAN. That leaves 2. Sure, I could put my TV on it's own VLAN, but the guest WiFi is good enough for that. Even then, the only reason the TV isn't on my main LAN is it chokes on the 63 character password I use on it. I suppose I could put my IPTV boxes on a separate VLAN, but haven't bothered.
-
@jknott said in Broadcast packets duplicated across VLAN:
what's with the VPN on a VLAN?
My take and have seen many users do this.. They create a vlan, that all devices on this vlan are routed out a vpn connection. So for example if he wants to use the vpn on his phone for "something" he just changes the ssid he is connected to. Maybe netflix doesn't work via the vpn, so when he wants to watch netflix on is phone he changes to different ssid that is not routed out the vpn.
-
I suppose I could give my dog & cat their own VLANs.
-
@jknott clearly - they should not be on the same ;) that is for sure - they would just fight ;)
-
Apologies for any confusion. John is correct that VPN is just what I'm calling my VLAN. It enables me to connect physical / wireless devices to it and that traffic then exits via OpenVPN to the internet via an AirVPN endpoint.
My 11.103 address is MacBook Pro wireless. 13.147 is my iPad. I did just have a particularly bad bout of wireless problems and observed this in the logs. I don't believe my MacBook is switching SSIDs and did previously confirm this by forgetting all SSIDs apart from the Main.
I have followed this guide pretty closely https://nguvu.org/pfsense/pfsense-baseline-setup/. Perhaps I am out of my depth - I am working through CISSP at the moment but still much different in practice than in theory. I found it easier conceptually to leave the parent interface (LAN) as just that, and have four different VLANs that I would use operationally and could easily apply firewall rules to each of the virtual interfaces without interfering with the parent interface.Things do seem quite a bit worse now since I tweaked the Unifi settings and minor changes on the switch. I'm going to try put everything back to how it was, and do more analysis specifically on what I'm seeing with these firewall logs and get another pcap. Appreciate both of your help very much so.
edit: Perhaps if there's some way of me locally tagging traffic from my MacBook on VLAN 11 I could plug directly in to the LAN on pfSense and rule out an issue with the switch.
-
I've just taken a short pcap on LAN port on pfSense. 192.168.11.103 is still my MacBook and I renewed the DHCP lease twice during the pcap pcap7.pcap
-
And here you go.. Here is arp announcement from your apple - tagged with both 11 and 13
Here is your dhcp also 1 tagged 11, other 13
So yes pfsense would see this on both of its vlan interfaces, because the traffic tagged. So either your apple is tagging this traffic, or your wifi is doing it.. But that explains why pfsense is seeing the traffic on both interfaces - because its tagged for both vlans
-
@johnpoz Understood. Problem is it's not just my Apple but also other devices (wired and wireless) including windows too. Must be something happening on the Netgear switch then I suppose, although it's a fairly standard 802.1Q setup I have got going on.
-
What wired device in that sniff? So I can look for those.
Nothing else jumped out at me..
This is ODD.. you have this unifi mac asking for who is 11.1 with 11 and 13 tagged
what is 11.9?
-
@johnpoz 192.168.11.117 in this pcap is wired in to the switch on an Untagged VLAN 11 port (wireless on this laptop is turned off) pcap8.pcap
edit: 11.9 is the IP address of the Unifi AP
-
who is this
asking for 13.100, from 13.1 in both 11 and 13..
Something for sure is all messed up..
-
@johnpoz 00:1b:21:33:9e:e9 is the MAC address of the LAN NIC (igb1) in pfSense. Therefore igb1.1, igb1.2, igb1.3, igb1.4 also share the same MAC address
-
This post is deleted! -
@johnpoz said in Broadcast packets duplicated across VLAN:
asking for 13.100, from 13.1 in both 11 and 13..
Something for sure is all messed up..In case you are interested, I contacted Netgear support and they say it's an issue with my switch:
"As I have this inquired to my senior experts, seems like the behavior of GS116ev2 Plus Switch is causing the issue for the certain VLAN. Since GS116Ev2 does not have native VLAN nor management VLAN ID, any DHCP request is being sent to all ports. As advised and to have this be corrected, Smart Pro switches are recommended."
