My NICs need promiscious mode on to see CARP. How do I set that on permanently?
-
After an upgrade to pfSense 2.3.4 CARP went bad. Using Diagnostics > Packet Capture it turns out the second system now can only see the first system's CARP announcements if the Promiscuous Mode box there is checked. How do I get my systems set so that promiscuous mode is on? I don't see an option for that in the Interface config screen. I'm sure there's some CLI FreeBSD way to do that. What would that be, in the pfSense variant, and how would I make sure it sticks between boots?
Thanks!
Here's the difference, on identical hardware, between the NIC settings first with pfSense 2.3.3-RELEASE-p1:
[2.3.3-RELEASE][root@c01-net-fw01.eis.local]/root: ifconfig | grep PROM
igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
igb2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
igb3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
bge0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
pflog0: flags=100 <promisc>metric 0 mtu 33160
lagg1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
lagg1_vlan19: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500Then with pfSense 2.3.4:
[2.3.4-RELEASE][root@c01-net-fw02.eis.local]/etc: ifconfig | grep PROM
igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
bge0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
pflog0: flags=100 <promisc>metric 0 mtu 33160
lagg1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500The other interfaces are all there in 2.3.4, just without the PROMISC flag set. That's what I need to fix.</up,broadcast,running,promisc,simplex,multicast></promisc></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></promisc></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast></up,broadcast,running,promisc,simplex,multicast>
-
Why should promisc have to be enabled? Not making any sense.. Is this on some sort of virtual distributed switch?
