Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Spanning for multiple VLAN's on XG7100

    Official Netgate® Hardware
    2
    5
    800
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mael
      last edited by

      I'm setting up Security Onion to monitor traffic on my network and needed some advice on the best way to get traffic from the various VLAN's to my monitoring port on the Security Onion VM. Here's an overview of my setup:

      Physical Cabling

      Cable Modem --> WAN (igc0) on XG7100 / LAN (ix1) ---> Unifi Switch Port 10

      VLAN's
      LAN - This is my trusted network segment. Certain hosts on this network can access the other VLAN's
      GUEST - This supports my wireless guests. This VLAN can only talk to the internet.
      IOT - IoT devices live here and this VLAN can only talk to the internet.
      CAMERA - This is where my security cameras live. This VLAN cannot talk to the internet or other VLANs

      Security Onion is running on a VM hosted on ESXi. I've created a new virtual switch running in promiscuous mode and assigned an open port from the host. I created a port mirror on the switch for port 10 and cabled that into the open port on the host assigned to the virtual switch.

      With this setup I'm able to sniff all the traffic in and out of the LAN VLAN, but I can't see any traffic originating form the other VLAN's.

      I'm trying to figure out the best approach to capturing the traffic from the other VLAN's and was hoping to do that with a spanning bridge on the XG7100. The bridge would include the GUEST, IOT and CAMERA VLANs as members and I would assign a newly created MIRROR VLAN tied to ETH7 as the span port for the bridge. ETH7 would then be cabled into another open port on the ESXi host and that port would be assigned to the same virtual switch as the port coming from the switch used to mirror port 10 LAN traffic.

      I have a couple of questions:

      1 - Will the approach work based on what I've posted above?
      2 - Do I need to create firewall rules to permit all traffic from the GUEST, IOT and CAMERA VLAN to access the new MIRROR VLAN? I'm guessing the answer is yes, but wanted to confirm.
      3 - By creating the bridge with the the three isolated VLANs will I need to create additional firewall rules to prevent traffic from one isolated VLAN from being able to access another isolated VLAN?

      1 Reply Last reply Reply Quote 0
      • AndyRHA
        AndyRH
        last edited by

        Maybe I am missing a step...
        Trunk all of the VLANs to the 1 port on the switch and create tagged interfaces for the guest to listen to everything.

        o||||o
        7100-1u

        M 1 Reply Last reply Reply Quote 0
        • M
          Mael @AndyRH
          last edited by

          @andyrh - Interesting approach. I'm already trunking all the VLAN's through the LAN (ix1) ---> Unifi Switch Port 10 connection. Let me see what happens when I add additional tagged monitoring interfaces to the VM (one per VLAN).

          1 Reply Last reply Reply Quote 0
          • M
            Mael
            last edited by

            It turns out the solution was pretty simple. I was able to route all VLAN traffic to the single monitoring interface on the VM by switching the VLAN for the monitoring interface from none to All (4095) on the ESXi virtual switch.

            1 Reply Last reply Reply Quote 0
            • AndyRHA
              AndyRH
              last edited by

              Much better than pushing it through the FW. Glad my wrong idea helped.

              o||||o
              7100-1u

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.