Inter VLAN pinging causes duplicate responses

  • Hi Guys,

    i have the following setup in my network: A pfSense Firewall, based on a Futro S900 Thin Client, which is connected to a 24-port switch made by Allied Telesis, this switch is connected to a 8-port switch by Microsens.
    I have separated my LAN into 2 tag-based VLANs, one VLAN with ID 1 as a management VLAN, a second VLAN with ID 10 as a general purpose VLAN. Both connections between the switches and the firewall are trunked, speak: tagged, all other ports on both switches are set to untagged.
    Both switches have a management IP which is located in VLAN 1.
    The firewall rules between both VLANS are currently set to "allow any", i plan to fine-tune it after i have fixed this particular problem:

    A host which is placed in VLAN 1 can ping the Allied Telesis Switch which is directly connected to the firewall without problems, and the other switch, too.
    But a host which is placed in VLAN 10 and pinging the AT switch gets duplicate packets in response. Pinging the other switch gets no duplicate responses.

    So at first i thought it was an issue of the AT switch, since the other switch is pingable without duplicates. The fact that the firewall pinging the AT switch getting duplicate responses, and pinging the other switch is fine seemed to harden this fact.

    But then i changed the pfSense box to a Fortinet Fortigate 60C, with the exact same setup, and the duplicate pings were all gone. It was fine in both situations, so when a host from VLAN 10 pings into VLAN 1 to the AT switch, there were no duplicates, and the Fortigate pinging into VLAN1 to the AT switch caused no duplicates as well. Needless to say the ping to the second switch was fine at every time.

    So i think there are some problems with using the pfSense firewall and the AT switch all together. I have double checked the ARP cache of the pfSense firewall, there were no duplicate entries. The firewall installation is quite new, i didn't change anything but the VLAN settings. Creation of the VLANs was straightforward as well. Creating the VLANs, assigning an Interface, enabling the interface, and creating the firewall rule.

    I have honestly no idea what could cause these duplicate responses, and so i'm hoping for your help. I am quite new to pfSense, so i hope you have any ideas.

    The hardware of my pfSense box in detail is as following:

    • Fujitsu Futro S900 Thin Client
    • A second PCI ethernet card which is connected via a PCI riser (like Fujitsu suggests)
    • 60GB mSATA SSD
    • 8GB RAM

    Any input or suggestions are welcome.

Log in to reply