[XMG1915] rx/tx issue between client and up-link
Freshman Member
Issue:
*Cannot ping from any direction client ←→pfsense.*no automatic ip from my pfsense dhcp.
steps:
*factory restored switch
*changed its static ip (192.168.0.11)
*turned of that cloud thingy
*used the vlan helper tool:
(port16 is up-link pfSense connected)
On port 10, i have some eth dongle confed as follows:
Ethernet adapter Ethernet 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek USB GbE Family Controller Physical Address. . . . . . . . . : 00-E0-4C-68-DC-BB DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::cd81:501c:46e4:63f8%56(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.40.40(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 939581516 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2B-D0-F7-39-C8-7F-54-67-F6-3F DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled
(my enabled dhcp server on pfsense has not worked so this is a static ipv4)
Here's the network interfaces of my pfsense (2.7.2-RELEASE):
```
em0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500options=48120bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,HWSTATS,MEXTPG>ether 52:54:00:12:34:56inet6 fe80::5054:ff:fe12:3456%em0 prefixlen 64 scopeid 0x1media: Ethernet autoselect (1000baseT <full-duplex>)status: activend6 options=21<PERFORMNUD,AUTO_LINKLOCAL>igc0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500description: WANoptions=4e000bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>ether 00:d0:b4:03:34:31inet 79.136.47.45 netmask 0xffffffc0 broadcast 79.136.47.63inet6 fe80::2d0:b4ff:fe03:3431%igc0 prefixlen 64 scopeid 0x2media: Ethernet autoselect (1000baseT <full-duplex>)status: activend6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>igc1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500description: LANoptions=4e000bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>ether 00:d0:b4:03:34:32inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255inet6 fe80::2d0:b4ff:fe03:3432%igc1 prefixlen 64 scopeid 0x3media: Ethernet autoselect (2500Base-T <full-duplex>)status: activend6 options=21<PERFORMNUD,AUTO_LINKLOCAL>enc0: flags=0 metric 0 mtu 1536options=0groups: encnd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>inet 127.0.0.1 netmask 0x0inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5groups: lond6 options=21<PERFORMNUD,AUTO_LINKLOCAL>pflog0: flags=100<PROMISC> metric 0 mtu 33152options=0groups: pflogpfsync0: flags=0 metric 0 mtu 1500options=0maxupd: 128 defer: off version: 1400syncok: 1groups: pfsyncem0.10: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500description: VL10_MGMToptions=4000003<RXCSUM,TXCSUM,MEXTPG>ether 52:54:00:12:34:56inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255inet6 fe80::5054:ff:fe12:3456%em0.10 prefixlen 64 scopeid 0x8groups: vlanvlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: em0media: Ethernet autoselect (1000baseT <full-duplex>)status: activend6 options=21<PERFORMNUD,AUTO_LINKLOCAL>em0.20: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500description: VL20_VPNoptions=4000003<RXCSUM,TXCSUM,MEXTPG>ether 52:54:00:12:34:56inet 192.168.20.1 netmask 0xffffff00 broadcast 192.168.20.255inet6 fe80::5054:ff:fe12:3456%em0.20 prefixlen 64 scopeid 0x9groups: vlanvlan: 20 vlanproto: 802.1q vlanpcp: 0 parent interface: em0media: Ethernet autoselect (1000baseT <full-duplex>)status: activend6 options=21<PERFORMNUD,AUTO_LINKLOCAL>em0.40: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500description: VL40_GUESToptions=4000003<RXCSUM,TXCSUM,MEXTPG>ether 52:54:00:12:34:56inet 192.168.40.1 netmask 0xffffff00 broadcast 192.168.40.255inet6 fe80::5054:ff:fe12:3456%em0.40 prefixlen 64 scopeid 0xagroups: vlanvlan: 40 vlanproto: 802.1q vlanpcp: 0 parent interface: em0media: Ethernet autoselect (1000baseT <full-duplex>)status: activend6 options=21<PERFORMNUD,AUTO_LINKLOCAL>ovpnc1: flags=1008043<UP,BROADCAST,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1500options=80000<LINKSTATE>inet 10.21.226.189 netmask 0xffffff00 broadcast 10.21.226.255inet6 fe80::2d0:b4ff:fe03:3431%ovpnc1 prefixlen 64 scopeid 0xbgroups: tun openvpnnd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>Opened by PID 31338
My firewall rules for this vlan:
(subnets = 192.168.40.1 - 192.168.40.254)
I have a few network-knowledable friends but i commonly get replies like "rtfm", what ever that means.
I don't think this switch has any packet monitoring feature, but with my lacking skills i don't know how i can debug this.
Any input appriciated,
Joe
Accepted Solution
-
Hi @joelabero ,
As for the communication failure between your client and firewall, I recommend avoiding the VLAN configuration wizard as it doesn't properly account for management VLAN considerations.
Please Manually Configure the VLAN on the web GUI of the switch.
Step1: Navigate to Switching > VLAN > VLAN Setup > Static VLAN
Step2: Click the Add/Edit button
Step 3: In the configuration window:
Enter the VLAN name and VLAN ID as shown in your requirements
Select port 10 as untagged member
Select port 16 as tagged member
In addition to this, there is still one thing I want to make sure with your firewall’s VLAN’s interface. Your switch VLAN configuration appears correct based on the information provided. However, please verify that you've properly created the VLAN 40 interface by checking your switch's MAC address table.
If VLAN 40 is configured correctly, you should see two MAC table entries:
One entry from port 10 (untagged)
One entry from port 16 (tagged)
Both showing MAC addresses from devices in VLAN 40
At last, I have some concerns regarding your firewall’s Interface Configuration.
Based on your firewall interface settings, if your switch IP is configured as 192.168.0.11, the parent interface should be igc1 (LAN interface), not the em0 interface. This seems inconsistent with your current configuration and may need attention.
Please share your switch's MAC address table so we can verify the VLAN 40 interface setup. Feel free to update this post if you encounter any additional issues.
Best Regard,
Lynn
1
Zyxel Employee
All Replies
-
Hi @joelabero ,
As for the communication failure between your client and firewall, I recommend avoiding the VLAN configuration wizard as it doesn't properly account for management VLAN considerations.
Please Manually Configure the VLAN on the web GUI of the switch.
Step1: Navigate to Switching > VLAN > VLAN Setup > Static VLAN
Step2: Click the Add/Edit button
Step 3: In the configuration window:
Enter the VLAN name and VLAN ID as shown in your requirements
Select port 10 as untagged member
Select port 16 as tagged member
In addition to this, there is still one thing I want to make sure with your firewall’s VLAN’s interface. Your switch VLAN configuration appears correct based on the information provided. However, please verify that you've properly created the VLAN 40 interface by checking your switch's MAC address table.
If VLAN 40 is configured correctly, you should see two MAC table entries:
One entry from port 10 (untagged)
One entry from port 16 (tagged)
Both showing MAC addresses from devices in VLAN 40
At last, I have some concerns regarding your firewall’s Interface Configuration.
Based on your firewall interface settings, if your switch IP is configured as 192.168.0.11, the parent interface should be igc1 (LAN interface), not the em0 interface. This seems inconsistent with your current configuration and may need attention.
Please share your switch's MAC address table so we can verify the VLAN 40 interface setup. Feel free to update this post if you encounter any additional issues.
Best Regard,
Lynn
1 -
Hello @Zyxel_Lynn
Thanks a lot for taking your time looking at my case <3
Here's (above) my arp table.Based on your firewall interface settings, if your switch IP is configured as 192.168.0.11, the parent interface should be igc1 (LAN interface), not the em0 interface
I definiately think we are closing in on the issue here. This has been an question of mine - I didn't fully understand where the em0 network interface came from. (it was there from the get-go).
I'll see if i can easily change the parent interface and update this thread as i go.
Br,
Joe0 -
pciconf -lv | grep -B3 em0
vgapci0@pci0 :0:2:0: class=0x030000 rev=0x02 hdr=0x00 vendor=0x1234 device=0x1111 subvendor=0x1af4 subdevice=0x1100
class = display
subclass = VGA
em0@pci0 :0:3:0: class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x100e subvendor=0x1af4 subdevice=0x1100
ops ..0 -
I changed the parent interface of all the vlans, dhcp just worked 🤩
0
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 424 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 419 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight
