Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New to networking; can't get traffic over VLAN

    L2/Switching/VLANs
    2
    7
    591
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      david_g17
      last edited by

      I'm using this for the hardware: https://www.amazon.com/gp/product/B0742P83HY

      I have setup the WAN & LAN ports and they are working correctly. I have a Samsung SmartThings hub that I want to put in "Opt2" on a separate VLAN.

      physical interfaces:
      alt text

      Configuration of em3.2 VLAN:
      alt text

      All interfaces:
      alt text

      When I click "SmartThings" in the previous list of interfaces:
      alt text

      Firewall rules:
      alt text

      Looking at the traffic:
      alt text

      Any help is greatly appreciated!

      1 Reply Last reply Reply Quote 0
      • D
        david_g17
        last edited by david_g17

        Forgot to add screenshot of the DHCP settings for the VLAN:
        alt text

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by Derelict

          Great. What about the switch configuration? Is it configured to tag VLAN 2 on the port connected to em3 with your smart things connected to untagged VLAN 2 ports?

          Hint: If you tcpdump on interface em3 instead of em3.2 you will capture all traffic on all VLANs with the VLAN tag still intact.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          D 1 Reply Last reply Reply Quote 0
          • D
            david_g17 @Derelict
            last edited by david_g17

            @derelict said in New to networking; can't get traffic over VLAN:

            Great. What about the switch configuration? Is it configured to tag VLAN 2 on the port connected to em3 with your smart things connected to untagged VLAN 2 ports?

            Hint: If you tcpdump on interface em3 instead of em3.2 you will capture all traffic on all VLANs with the VLAN tag still intact.

            Sorry if these are basic questions...

            I have a patch cable running directly from the physical em3 port to the smartThings hub. How can I determine if smartThings device is connected to an untagged VLAN2 port?

            All of the traffic I get on em3 looks like dhcp requests which are never answered, and I don't see any tagging notation:

            [2.4.4-RELEASE][admin@pfsense]/root:  tcpdump -vvi em3
tcpdump: listening on em3, link-type EN10MB (Ethernet), capture size 262144 bytes
12:24:53.708208 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x887abe09, secs 10792, Flags [none] (0x0000)
          Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a
            Requested-IP Option 50, length 4: 192.168.5.100
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 7:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP
            Vendor-Class Option 60, length 12: "udhcp 1.22.1"
            Hostname Option 12, length 19: "st-24FD5B000003E27F"
12:24:56.758030 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x887abe09, secs 10795, Flags [none] (0x0000)
          Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a
            Requested-IP Option 50, length 4: 192.168.5.100
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 7:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP
            Vendor-Class Option 60, length 12: "udhcp 1.22.1"
            Hostname Option 12, length 19: "st-24FD5B000003E27F"
12:24:59.807881 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x887abe09, secs 10798, Flags [none] (0x0000)
          Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a
            Requested-IP Option 50, length 4: 192.168.5.100
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 7:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP
            Vendor-Class Option 60, length 12: "udhcp 1.22.1"
            Hostname Option 12, length 19: "st-24FD5B000003E27F"
12:25:12.897332 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x266c0478, secs 10812, Flags [none] (0x0000)
          Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a
            Requested-IP Option 50, length 4: 192.168.5.100
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 7:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP
            Vendor-Class Option 60, length 12: "udhcp 1.22.1"
            Hostname Option 12, length 19: "st-24FD5B000003E27F"
12:25:15.947140 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x266c0478, secs 10815, Flags [none] (0x0000)
          Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a
            Requested-IP Option 50, length 4: 192.168.5.100
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 7:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP
            Vendor-Class Option 60, length 12: "udhcp 1.22.1"
            Hostname Option 12, length 19: "st-24FD5B000003E27F"
12:25:19.008280 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x266c0478, secs 10818, Flags [none] (0x0000)
          Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a
            Requested-IP Option 50, length 4: 192.168.5.100
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 7:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP
            Vendor-Class Option 60, length 12: "udhcp 1.22.1"
            Hostname Option 12, length 19: "st-24FD5B000003E27F"
12:25:32.096335 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x2d18226b, secs 10831, Flags [none] (0x0000)
          Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a
            Requested-IP Option 50, length 4: 192.168.5.100
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 7:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP
            Vendor-Class Option 60, length 12: "udhcp 1.22.1"
            Hostname Option 12, length 19: "st-24FD5B000003E27F"
12:25:35.156282 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x2d18226b, secs 10834, Flags [none] (0x0000)
          Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a
            Requested-IP Option 50, length 4: 192.168.5.100
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 7:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP
            Vendor-Class Option 60, length 12: "udhcp 1.22.1"
            Hostname Option 12, length 19: "st-24FD5B000003E27F"
12:25:38.206179 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 335)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 24:fd:5b:03:e2:7a (oui Unknown), length 307, xid 0x2d18226b, secs 10837, Flags [none] (0x0000)
          Client-Ethernet-Address 24:fd:5b:03:e2:7a (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 24:fd:5b:03:e2:7a
            Requested-IP Option 50, length 4: 192.168.5.100
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 7:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP
            Vendor-Class Option 60, length 12: "udhcp 1.22.1"
            Hostname Option 12, length 19: "st-24FD5B000003E27F"


code
            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Looks like it is arriving untagged then. A tagged port such as em3.2 (em3 traffic tagged with VLAN 2) needs to be connected to something else that knows how to tag on VLAN 2, like a switch. Sorry I don't know anything about the device you are trying to connect or how it is configured.

              Wht VLAN 2? If it's the only thing on em3 just assign SMARTTHINGS to em3 without the VLAN (the untagged interface). Are you planning on putting more VLANs on em3? Then you'll probably need a managed switch.

              Basic VLAN information:

              https://searchnetworking.techtarget.com/definition/virtual-LAN

              https://en.wikipedia.org/wiki/Virtual_LAN

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              D 1 Reply Last reply Reply Quote 0
              • D
                david_g17 @Derelict
                last edited by

                @derelict said in New to networking; can't get traffic over VLAN:

                Looks like it is arriving untagged then. A tagged port such as em3.2 (em3 traffic tagged with VLAN 2) needs to be connected to something else that knows how to tag on VLAN 2, like a switch. Sorry I don't know anything about the device you are trying to connect or how it is configured.

                Wht VLAN 2? If it's the only thing on em3 just assign SMARTTHINGS to em3 without the VLAN (the untagged interface). Are you planning on putting more VLANs on em3? Then you'll probably need a managed switch.

                Basic VLAN information:

                https://searchnetworking.techtarget.com/definition/virtual-LAN

                https://en.wikipedia.org/wiki/Virtual_LAN

                Thanks! I guess I don't need a VLAN since my smartthings hub will be the only thing running on em3. I can limit its access to my LAN with just firewall rules, right?

                I guess the only reason I was trying to setup a VLAN is b/c "VLANs make things more secure" ~facepalm~

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Yes. The rules are the same whether they are on em3 or em3.2

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post