SPAN from LAN to OPT only shows multicast

ForNet

Hi there!

I am attempting to SPAN all traffic from LAN to OPT, but I am currently only seeing multicast traffic from the LAN network going to the OPT interface.

I have tried extensively to solve it, and there have been brief moments where I saw all traffic from the LAN interface, but so far this coincided with breaking something else (connectivity to pfsense, the Internet, or both) at the same time.

Today I reset to factory settings to start all over again. Since then, I created a bridge with the LAN interface as only member, and specified OPT as the SPAN interface. I have a firewall rule on the OPT interface allowing all traffic.

My goal is to have a copy of all LAN traffic (which connects a wifi access point) go to OPT, which has a wire connected to a physical ethernet interface I dedicated to traffic analysis only on an ESXi server.

Would you have any idea what i am missing here?

Thanks in advance for assisting.

johnpoz

Do this on your switch, not pfsense would be my advice.

ForNet

Thanks for the advice, John.

Was hoping to do it on the SG-1100 itself, but just ordered a TL-SG105e to solve it that way.

johnpoz

@ForNet said in SPAN from LAN to OPT only shows multicast:

TL-SG105e

Yeah those switches are crap ;) If you get a older hardware model you won't even be able to actuall do vlans because every port is in vlan 1 and can not remove.

Go with another brand would my suggestion to be honest. netgear or dlink low end switch both actually do vlans correctly ;)

ForNet

I am going to use a single VLAN so I guess I should be fine. It's for a small home lab setup with one access point behind it, providing access to a few personal devices only.

johnpoz

What about tomorrow? If all you want is the span port for your 1 L2, ok.. But what about next week when you want to actually use vlans on the thing..

First thing I would do is validate what hardware it is, and can you actually remove vlan 1 from interfaces.. If your old hardware and no firmware update to allow for the removal.. Return it and get something else.

ForNet

This seems the new one:

"Supports up to 32 VLANs simultaneously (out of 4K VLAN IDs)"

https://www.tp-link.com/us/business-networking/easy-smart-switch/tl-sg105e/?utm_medium=select-local

I indeed hope that's the case, and that the older hardware you refer to is the TL-SG105, without the E in the end.

Picked this one because the 8 port version was recommended as a budget option by someone at Perched, who created RockNSM at https://www.perched.io/blog/2019/2/4/rockhome-introduction-13

johnpoz

They can state whatever they want on the box, doesn't mean that is actually what happens ;)

Search around here, there are plenty of threads going over the issues with the damn things. I even bought one to validate the issue because just though users were being "stupid" ;)

I got a v2, and you can not remove vlan 1... They came out with a firmware update for v3.. But no love for v2.. Is its pretty much a useless pos.. That I leave on my shelf if I ever need a "dumb" switch ;)

https://www.tp-link.com/us/support/download/tl-sg105e/v3/#Firmware
Published Date: 2018-01-09 Language: English File Size: 421.21 KB

Modifications and Bug Fixes:

New Features/Enhancement:

1. The port can be removed from VLAN1
2. The port of VLAN1 can choose tagged/untagged

Its on their forums as well, took them forever to even admit is was an issue.
https://community.tp-link.com/en/business/forum/topic/96245?page=1

ForNet

Hmm, I guess I'll have to find out when I receive it. It's going to take a few weeks before it's delivered and I can find out what firmware it has.

Thanks for the heads up :)

JKnott

@johnpoz said in SPAN from LAN to OPT only shows multicast:

But no love for v2.. Is its pretty much a useless pos.. That I leave on my shelf if I ever need a "dumb" switch ;)

Or use it to make a data tap, as I did with mine. It works well in that role.

johnpoz

Yeah concur if all he wants to do with is the span port then its fine... But at some point down the line he might actually want to leverage it to have real vlans ;)

Where are you that it would take few weeks? Are you in the middle of some jungle somewhere? Amazon prime is 2 days tops pretty much anywhere ;) hehe

ForNet

@johnpoz

Yeah, something like that. I'm in the desert :)

JKnott

@johnpoz said in SPAN from LAN to OPT only shows multicast:

Where are you that it would take few weeks? Are you in the middle of some jungle somewhere? Amazon prime is 2 days tops pretty much anywhere ;) hehe

Except the Amazon jungle.