7100 : spoof MAC ?
-
Yes exactly, you need to assign lagg0 as an interface so you can set it's properties in the gui. Then enable the assigned interface and set the MAC there. No need to set anything else on the interface.
-
@stephenw10 great, thanks.
We maybe try that in about 1.5 hours from now. -
Hmm.
The spoofing worked. I assigned etc then we had to powercycle the box to get it online again.After that the displayed MAC was the spoofed one. Looked OK.
BUT the fiber-router (or whatever that is) didn't "see" the pfSense interface connected.
We had the admin of the provider on the phone, he ran diagnostics, we rebooted and replugged that router without getting it online.We had electrical link, but he didn't see the MAC arp-wise (I assume).
Plugging back to the original appliance (without spoofing) worked immediately.
The provider-admin asks upstream .. he is only the tech for the reseller, or so.
I wonder: could the fact that it's a LAGG be a problem? I think of stuff like LACP, STP or whatever is different from a plain access interface.
I am just wondering what's the difference from the view of that fiber-box.
I'll keep you posted. Maybe I hear something tomorrow.
-
The spoofed MAC definitely shows up for me. The upstream router shows it in its ARP table or a pcap.
The LAGG and VLAN shouldn't make any difference. None of that layer 2 stuff exists beyond the switch.
-
You talk of the internal switch?
There is no switch between the 7100 and the fiber-appliance.Thanks for clarifying. It was just a wild guess while I was listing the possible differences between plugging in the 2 7100-appliances.
-
Yes the internal switch. The upstream devices shouldn't see any of the LAGG or VLAN specific packets.
-
@stephenw10 thank you. Even more of a mystery.
I am curious what the upstream support replies.
I don't expect much ... -
Really the only significant difference would be the overhead the tagging adds meaning the path MTU might be slightly lower. But that would be identical between the two 7100s. And it wouldn't prevent connecting entirely.
-
I have a theory ... we might test that on friday or tuesday.
Maybe on appliance 2 the assigned order of the interfaces got mixed up?
I am not 100% sure if that is possible, the config.xml was restored so that should be identical.
What I think of: the local admin plugs the cable for WAN2 into ETH2 on App1 and things work (I just make up an example).
So we'd assume ETH2 on Appliance2 should also be assigned to WAN2 (and use its configured static IP etc). The admin just plugs the cable FROM App1:ETH2 TO App2:ETH2 ...
If that's not the case and for some reason WAN2 points to ETH3 on Appliance2 (because of whatever ... timings at bootup?) this would result in the logged behavior: ETH2 plugged in would show the spoofed MAC, but no configured IP.
The theory maybe lacks a bit .. but could that be the case?
-
What might be happening is the switch config is different. That doesn't get synced so it's possible you have the VLAN assigned to a different port on the secondary node. It's unlikely though if you restored a config onto the secondary from the primary when creating it.
But it's easy enough to compare the switch config on each node. -
Yes, the internal switch config on Appliance was missing the configs for the additional WAN-interfaces.
The MAC-spoofing might not be needed at all, a test with a random laptop came online on that upstream fiber gateway without problems (with some random MAC).
Now with the correct VLANs etc on the internal switch the plugging works perfectly (we can plug between the 2 appliances and connectivity is up immediately).
thanks!
-
Nice. Good result!
-
@stephenw10 said in 7100 : spoof MAC ?:
Nice. Good result!
It's an honor to hear this from you, thanks ;-)
