No incoming packages on bridge of vlan tagged interfaces

a_wein

Hi,

I have some strange issues with my setup and hope for some good hints:

My setup is using a bridge using VLAN tagged interfaces.
DHCP is working but ICMP and other packages seem to be unable to enter the tagged interface member of the bridge.

I can see ICMP request/reply messages on the full interface (using tcpdump) but it looks like they are unable to enter the tagged interface.
tcpdump of the tagged interface will show outgoing packages only.

The firewall view does not show any blocked packages. The package counters don't show blocked packages as well.

• I'm on 2.3.1p5
• The firewall allows any traffic for IPv4+IPv6
• I enabled filtering on the bridge instead of the interface:

net.link.bridge.pfil_member 0	 
net.link.bridge.pfil_bridge 1

Thanks!

jahonix

Search in Redmine, there was an issue with bridged IFs and VLANs. I was under the impression it was sorted out already.

a_wein

@jahonix:

Search in Redmine, there was an issue with bridged IFs and VLANs. I was under the impression it was sorted out already.

I was able to find just one very old issue that matches more or less: https://redmine.pfsense.org/issues/2613
But it sounds like it was related to something else.

I just recognized ping is working fine between clients directly connected to two different ports - but I'm unable to catch the untagged traffic using tcpdump. Monitoring the tagged interfaces nor the bridge shows any traffic (using the port works and shows the tagged traffic). Is that expected behavior?

Guest

My setup is using a bridge using VLAN tagged interfaces.
DHCP is working but ICMP and other packages seem to be unable to enter the tagged interface member of the bridge.

I could be wrong with this, but is a bridge not a Layer2 construct and ICMP is Layer3 based traffic?

cmb

There are no issues with bridging VLANs.

tcpdump on the tagged interface only showing egress traffic suggests the port isn't configured to tag that VLAN so the switch isn't sending anything to it with that tag.

jahonix

@cmb:

There are no issues with bridging VLANs.

I'm sorry!
In the past there was something with LAGG and VLANs, right? Or did I mix that up as well?

cmb

@jahonix:

In the past there was something with LAGG and VLANs, right? Or did I mix that up as well?

Not with bridging that I can think of offhand. Some of the more esoteric combinations like that have no doubt had an issue at some point in the past 12 years. I'm not aware of any in 2.2.x or 2.3.x though.