bnxt NICs not passing VLAN traffic

stephenw10

OK, so Broadcom NICs. Less common but I'd expect them to work.

Ok first thing I would do is run a packet capture on bnxt0 directly to be sure tagged traffic is arriving and/or leaving.

There are a bunch of VLAN specific hardware off-loading options there. So if you see tagged traffic missing in the pcap the next thing I would do is start disabling those.

Steve

fealiaga

Thank you very much, today I made a tcpdump to the door and at the time of doing it the arp tables were completed but at the end of that process the vlan fell again. after that I created a bridge on the pfsense trunk interface and the arp tables were populated again

without the bridge configuration the tables cannot be complete and the traffic does not leave the pfsense

stephenw10

Hmm, well obviously you should not need to do that!
It is probably putting the NIC in promiscuous mode. You should be able to see that in the ifconfig output. Doing so allows it to see all traffic on the wire.
This looks like an offload option getting on the way. There are quite a lot of things you can set:
https://www.freebsd.org/cgi/man.cgi?query=bnxt#SYSCTL_VARIABLES

Steve

fealiaga

Sorry but i am new in this, can you tell me how a can config the promiscuous mode

stephenw10

I would expect to be able to do it with:

ifconfig bnxt0 promisc

I don't have any of those NICs to test with though.

fealiaga

thank you very much remove the bridge (vlans disabled) and enable promiscuous mode on the interface and they got back up

stephenw10

Ah here we go!
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236983

Seems like it may be still partially broken in 12 stable then.

You shouldn't need to enable promiscuous mode. But you probably do need to disable VLAN GW Filtering.

Steve

fealiaga

Maybe it is the best way to configure it, but the promiscuous mode works, you know how to leave the configuration saved, so that it starts in promiscuous mode if the server is restarted

stephenw10

Add it as a shellcmd:
https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html#shellcmd-option

There's no way to set that in the config otherwise.

But I would try disabling VLAN_GW_Filter instead. You don't really want the NIC running in promiscuous mode unless you have to.

Steve

fealiaga

How can I disable the VLAN_GW_Filter, sorry for the basic questions and thank you very much for your help.

stephenw10

ifconfig bnxt0 -vlanhwfilter

Is what I expect. Again I can't test that.