Hi there,
I have made myself the following setup:
vr0 - bridge0 - vr1 (untagged traffic).
vr0_vlan6 - vr1_vl3 (tagged traffic).
vr0 and vr1 do not have an IP configuration but the network which goes over that bridge should be 10.0.0.0/16.
vr0_vlan6 is 10.6.0.1/16 and is the gateway for 10.6.0.0/16.
vr1_vlan3 is 192.168.3.6/24 and has a gateway 192.168.3.1/24 which is an interface on a router on the other end of a point 2 point connection.
Traffic:
10.0.0.0/16 is our management network in which devices like switches and APs have their management interface.
10.6.0.0/16 is a location LAN.
192.168.3.0/24 is a distribution network to make a distribution and access layer.
on vr0 and vr1 I have made rules to only allow traffic from and to 10.0.0.0/16.
But when we monitored the traffic we noticed much more traffic on the interfaces than we expected. To our surprise a tcpdump of the interfaces bridge0, vr0 or vr1 shows ARP traffic which should be kept within vlan6. Like:
I do not understand that traffic. Most likely a lack of knowledge.. Could anyone of you explain this?
Peter
PS
In reality the setup is a bit more complex. In reality I have 3 bridges and 4 distributed networks. Left them out for sake of simplicity.
PPS
The setup was made using a pfSense box. The question is also on their forum there is no reply.
PPPS
I know I should not bridge a connection over a leased line. I will problably solve that in the near future. Started to explain why, but that is an essay on its own.
I have made myself the following setup:
vr0 - bridge0 - vr1 (untagged traffic).
vr0_vlan6 - vr1_vl3 (tagged traffic).
vr0 and vr1 do not have an IP configuration but the network which goes over that bridge should be 10.0.0.0/16.
vr0_vlan6 is 10.6.0.1/16 and is the gateway for 10.6.0.0/16.
vr1_vlan3 is 192.168.3.6/24 and has a gateway 192.168.3.1/24 which is an interface on a router on the other end of a point 2 point connection.
Traffic:
10.0.0.0/16 is our management network in which devices like switches and APs have their management interface.
10.6.0.0/16 is a location LAN.
192.168.3.0/24 is a distribution network to make a distribution and access layer.
on vr0 and vr1 I have made rules to only allow traffic from and to 10.0.0.0/16.
But when we monitored the traffic we noticed much more traffic on the interfaces than we expected. To our surprise a tcpdump of the interfaces bridge0, vr0 or vr1 shows ARP traffic which should be kept within vlan6. Like:
Code:
13:31:59.118855 ARP, Request who-has 10.6.0.12 tell 10.6.4.13, length 46
13:31:59.126889 ARP, Request who-has 10.6.0.12 tell 10.6.4.151, length 46
13:31:59.157631 ARP, Request who-has 10.6.0.12 tell 10.6.4.82, length 46
13:31:59.189747 ARP, Request who-has 10.6.0.12 tell 10.6.4.16, length 46
13:31:59.190796 ARP, Request who-has 10.6.0.12 tell 10.6.4.15, length 46
13:31:59.197579 ARP, Request who-has 10.6.0.12 tell 10.6.4.61, length 46Peter
PS
In reality the setup is a bit more complex. In reality I have 3 bridges and 4 distributed networks. Left them out for sake of simplicity.
PPS
The setup was made using a pfSense box. The question is also on their forum there is no reply.
PPPS
I know I should not bridge a connection over a leased line. I will problably solve that in the near future. Started to explain why, but that is an essay on its own.
