VLAN tagging issue
Not sure if anyone else had this issue but yesterday my power went out and my vlans on my FWG no longer worked.
Little background setup I have a firewalla gold setup as my primary router and point of ingress.
Behind that I have ddwrt router configure as an ap taking 4 wireless networks with 4 separate vlans
The fwg assigns ips and rules based on the vlan Yesterday my power went out and my entire network stopped functioning.
I reset the firewall and restored my network config. Still nothing
Reset ddwrt and restored the config. Nothing
So I created an untagged network and a corresponding untaged Lan on my firewall and that network worked and assigned ips properly.
This setup had been working for months just yesterday it stopped. No changes made
I am using the firewalla beta and app beta. I'm wondering of maybe something in the beta broke vlan tagging? Maybe short term?
When I get home tonight I'll try my tagged networks again but if it doesn't work what should I look at?
Also the restore from previous box functiality kind of sucks. The only thing it restored were my networks. I lost all the rules groups device names vpn settings etc. Did I do it wrong? I followed the reset steps.
-
Make sure you configure a default interface on the port you configure the DDWRT, this is just a network with no VLAN ID. Then make sure your DDWRT port is configured to be tagged port. If anything is broken, use ping and look at DHCP and see if your devices are getting IP addresses
-
Thank you for the reply. I did purposely leave the untagged network out of my firewalla config because I don't want anything going though the network untagged and I want everything sequestered to a specific vlan easier to control rogue devices.
But like I said this config had been solid for months and all the sudden firewalla stopped responding to the tags. Since I don't have ddwrt auto updating I have to assume it was on the firewalla side.
I was not able to get a dhcp lease on any of my tagged networks (the firewalla is responsible for dealing out ips). Even setting static addresses the traffic was not being allowed to flow though the firewalla. I also added an untagged network to see if the tagged networks would fail down to it (I'm happy this did not work because it shouldn't)
It was a very strange issue that took me a little too long to figure out. I only figured it out by accident after I reset the fjrewalla and was assigned a 10.x ip for about 30 seconds while my networks were being restored. After the networks restored I was unable to get ip addresses again.
Unfortunately I did not get time tonight to troubleshoot further to see if the problem still exists but I will update when I have more information. As of right now my primary devices are flowing though an untagged network just so I could get back online. I was just kind of throwing it out there because I know you guys are updating preparing for purple and I didn't know if some code got out in the beta channel that may have been causing this. I know the risks I take being in beta but the new features for me outweigh the risks lol this is only a way over configured home network.
-
What is your switch? Have you done the relevant configuration on the switch? The most common issue we encounter is not treating the port connecting to firewalla as "tagged" port, and the other problem is more related to some of the configurations on the switch side. (PVID for example)
-
I have a Tp-link TL-SG108E with vlan support. The connection from firewalla purple comes to port1 on the switch and goes to access point (eap650) on port 4.
Vlan id:1 , vlan name: Default , member ports:1-8 , tagged ports: , untagged ports: 1-8
Vlan id:180 , vlan name: vlan180 , member ports:1-6 , tagged ports: 1-4 , untagged ports: 5-6
Vlan id:190 , vlan name: vlan190 , member ports:1-4,7-8 , tagged ports: 1-4 , untagged ports: 7-8
PVID:
Port1, port 2, port3, port4 :1
Port 5, port6: 180
Port7, port8: 190
Please sign in to leave a comment.
Comments
7 comments