New to networking; can't get traffic over VLAN
-
I'm using this for the hardware: https://www.amazon.com/gp/product/B0742P83HY
I have setup the WAN & LAN ports and they are working correctly. I have a Samsung SmartThings hub that I want to put in "Opt2" on a separate VLAN.
physical interfaces:
Configuration of em3.2 VLAN:
All interfaces:
When I click "SmartThings" in the previous list of interfaces:
Firewall rules:
Looking at the traffic:
Any help is greatly appreciated!
-
Forgot to add screenshot of the DHCP settings for the VLAN:
-
Great. What about the switch configuration? Is it configured to tag VLAN 2 on the port connected to em3 with your smart things connected to untagged VLAN 2 ports?
Hint: If you tcpdump on interface em3 instead of em3.2 you will capture all traffic on all VLANs with the VLAN tag still intact.
-
@derelict said in New to networking; can't get traffic over VLAN:
Great. What about the switch configuration? Is it configured to tag VLAN 2 on the port connected to em3 with your smart things connected to untagged VLAN 2 ports?
Hint: If you tcpdump on interface em3 instead of em3.2 you will capture all traffic on all VLANs with the VLAN tag still intact.
Sorry if these are basic questions...
I have a patch cable running directly from the physical em3 port to the smartThings hub. How can I determine if smartThings device is connected to an untagged VLAN2 port?
All of the traffic I get on em3 looks like dhcp requests which are never answered, and I don't see any tagging notation:
[2.4.4-RELEASE][admin@pfsense]/root: tcpdump -vvi em3 tcpdump: listening on em3, link-type EN10MB (Ethernet), capture size 262144 bytes 12:24:53.708208 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x887abe09, secs 10792, Flags [none] (0x0000) Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a Requested-IP Option 50, length 4: 192.168.5.100 MSZ Option 57, length 2: 576 Parameter-Request Option 55, length 7: Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname Domain-Name, BR, NTP Vendor-Class Option 60, length 12: "udhcp 1.22.1" Hostname Option 12, length 19: "st-24FD5B000003E27F" 12:24:56.758030 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x887abe09, secs 10795, Flags [none] (0x0000) Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a Requested-IP Option 50, length 4: 192.168.5.100 MSZ Option 57, length 2: 576 Parameter-Request Option 55, length 7: Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname Domain-Name, BR, NTP Vendor-Class Option 60, length 12: "udhcp 1.22.1" Hostname Option 12, length 19: "st-24FD5B000003E27F" 12:24:59.807881 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x887abe09, secs 10798, Flags [none] (0x0000) Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a Requested-IP Option 50, length 4: 192.168.5.100 MSZ Option 57, length 2: 576 Parameter-Request Option 55, length 7: Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname Domain-Name, BR, NTP Vendor-Class Option 60, length 12: "udhcp 1.22.1" Hostname Option 12, length 19: "st-24FD5B000003E27F" 12:25:12.897332 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x266c0478, secs 10812, Flags [none] (0x0000) Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a Requested-IP Option 50, length 4: 192.168.5.100 MSZ Option 57, length 2: 576 Parameter-Request Option 55, length 7: Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname Domain-Name, BR, NTP Vendor-Class Option 60, length 12: "udhcp 1.22.1" Hostname Option 12, length 19: "st-24FD5B000003E27F" 12:25:15.947140 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x266c0478, secs 10815, Flags [none] (0x0000) Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a Requested-IP Option 50, length 4: 192.168.5.100 MSZ Option 57, length 2: 576 Parameter-Request Option 55, length 7: Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname Domain-Name, BR, NTP Vendor-Class Option 60, length 12: "udhcp 1.22.1" Hostname Option 12, length 19: "st-24FD5B000003E27F" 12:25:19.008280 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x266c0478, secs 10818, Flags [none] (0x0000) Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a Requested-IP Option 50, length 4: 192.168.5.100 MSZ Option 57, length 2: 576 Parameter-Request Option 55, length 7: Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname Domain-Name, BR, NTP Vendor-Class Option 60, length 12: "udhcp 1.22.1" Hostname Option 12, length 19: "st-24FD5B000003E27F" 12:25:32.096335 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x2d18226b, secs 10831, Flags [none] (0x0000) Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a Requested-IP Option 50, length 4: 192.168.5.100 MSZ Option 57, length 2: 576 Parameter-Request Option 55, length 7: Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname Domain-Name, BR, NTP Vendor-Class Option 60, length 12: "udhcp 1.22.1" Hostname Option 12, length 19: "st-24FD5B000003E27F" 12:25:35.156282 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x2d18226b, secs 10834, Flags [none] (0x0000) Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a Requested-IP Option 50, length 4: 192.168.5.100 MSZ Option 57, length 2: 576 Parameter-Request Option 55, length 7: Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname Domain-Name, BR, NTP Vendor-Class Option 60, length 12: "udhcp 1.22.1" Hostname Option 12, length 19: "st-24FD5B000003E27F" 12:25:38.206179 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x2d18226b, secs 10837, Flags [none] (0x0000) Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a Requested-IP Option 50, length 4: 192.168.5.100 MSZ Option 57, length 2: 576 Parameter-Request Option 55, length 7: Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname Domain-Name, BR, NTP Vendor-Class Option 60, length 12: "udhcp 1.22.1" Hostname Option 12, length 19: "st-24FD5B000003E27F" code
-
Looks like it is arriving untagged then. A tagged port such as em3.2 (em3 traffic tagged with VLAN 2) needs to be connected to something else that knows how to tag on VLAN 2, like a switch. Sorry I don't know anything about the device you are trying to connect or how it is configured.
Wht VLAN 2? If it's the only thing on em3 just assign SMARTTHINGS to em3 without the VLAN (the untagged interface). Are you planning on putting more VLANs on em3? Then you'll probably need a managed switch.
Basic VLAN information:
https://searchnetworking.techtarget.com/definition/virtual-LAN
https://en.wikipedia.org/wiki/Virtual_LAN
-
@derelict said in New to networking; can't get traffic over VLAN:
Looks like it is arriving untagged then. A tagged port such as em3.2 (em3 traffic tagged with VLAN 2) needs to be connected to something else that knows how to tag on VLAN 2, like a switch. Sorry I don't know anything about the device you are trying to connect or how it is configured.
Wht VLAN 2? If it's the only thing on em3 just assign SMARTTHINGS to em3 without the VLAN (the untagged interface). Are you planning on putting more VLANs on em3? Then you'll probably need a managed switch.
Basic VLAN information:
https://searchnetworking.techtarget.com/definition/virtual-LAN
https://en.wikipedia.org/wiki/Virtual_LAN
Thanks! I guess I don't need a VLAN since my smartthings hub will be the only thing running on em3. I can limit its access to my LAN with just firewall rules, right?
I guess the only reason I was trying to setup a VLAN is b/c "VLANs make things more secure" ~facepalm~
-
Yes. The rules are the same whether they are on em3 or em3.2