SLACC Bleedthrough on VLANs
-
Where a managed switch comes in handy is when you want devices to be on a specific VLAN, without having to configure them for it.
And when the underlying OS doesn't support VLANs properly…Windows 10 anyone?!
Yeah, well that's from Microsoft. ;)
I haven't tried on Windows, but Linux doesn't have a problem being configured for VLANs.
-
Here - I turned on managed RA on my dmz interface vlan 600.. Did a simple capture and there you go you can see its tag with vlan 600.. Now if doing the packet capture via the gui. It might not be capturing that - you need the "-e" which we could prob put in as a feature request for the packet capture.. But when you do a packet capture on a specific interface that is a specific vlan it will only show you traffic on that vlan. But will not list in the packet capture you download.
But you can see the RA, clearly marked with the tag I have on that interface
Try with it set to unimagaged on the vlans and managed on the native interface with DHCPv6 enabled. Even when I disable VLAN support on the NIC in multiple windows 10 boxes it still gets IPs via SLAAC.
-
You have a fundamental misunderstanding about how pfSense/FreeBSD works.
There is absolutely nothing - nothing- in radvd that has anything to do with VLANs.
Look at /var/etc/radvd.conf
It is assigned interfaces. You will see interfaces such as igb0 (untagged) and igb0_vlan100 (tagged 100).
radvd has zero responsibility for tagging or untagging traffic. It is all handled by FreeBSD.
Your assertions are ludicrous and your design is flawed. You might be getting cross-"vlan" traffic from somewhere but it is not coming from pfSense.
Always willing to look at comprehensive bug reports, duplicate it in the lab and verify and even open a redmine bug myself if warranted but this is just stupid.
Post packet captures that validate your claims. Please be thorough. State exactly where the captures were taken and exactly what the circumstances and testing methodology was.
-
^ that clearly is not needed derelict, I already posted the RA coming out of pfsense with the vlan tag on it.. See my tcpdump.
"Try with it set to unimagaged on the vlans and managed on the native interface with DHCPv6 enabled."
Has ZERO to do with anything!!
And as a side note - how do you know I don't have that currently setup that way ;)
Simple enough for you to show that pfsense is not putting tags on traffic.. simple tcpdump is all that is needed you will either see the tags or you wont..
Per what Derelict stated about the conf and the interfaces in it.. You can see clearly that assigned to the vlan interface or not.
