Netgate SG-1000 microFirewall

Author Topic: switch management IP on two interfaces - arp problem  (Read 4911 times)

0 Members and 1 Guest are viewing this topic.

Offline netmagi

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +0/-0
    • View Profile
switch management IP on two interfaces - arp problem
« on: November 04, 2008, 08:12:12 am »
So I have a Dell Powerconnect managed switch assigned the IP address of 192.168.0.5.  This switch is separated into 2 vlans using the web management page.  The OPT1 interface is plugged into the first VLAN on the switch, and the LAN interface is plugged into the second vlan on the switch.   Unfortunately, this means the switch's management IP of 192.168.0.5 is accessible from either interface, and not just the LAN interface.

I get the following error in the system log, over and over again:

kernel: arp: 192.168.0.5 is on fxp2 but got reply from 00:30:ab:0e:de:a2 on fxp0

It doesn't appear to be causing any problems, but I would like to eliminate if possible.

-Rich

Offline geewhz01

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +0/-0
    • View Profile
Re: switch management IP on two interfaces - arp problem
« Reply #1 on: November 04, 2008, 08:26:39 am »
I fixed this on my 5324 by changing the pvid for the port.  By doing this the machines that are in a vlan other than my administration vlan can't get to the switch management interface.  You may not be able to change this from the web interface but you can from the console.  Basically make the pvid for your lan port be the same as the vlan number it is in and do the same for the wan.

Offline Perry

  • Hero Member
  • *****
  • Posts: 1152
  • Karma: +1/-0
    • View Profile
Re: switch management IP on two interfaces - arp problem
« Reply #2 on: November 04, 2008, 09:05:25 am »
I like to give my vlan switches there own subnet and not loose a port on the switch. Access are then granted with normal firewall rules.

Quote
kernel: arp: 192.168.0.5 is on fxp2 but got reply from 00:30:ab:0e:de:a2 on fxp0
System -> Advanced, "This will suppress ARP messages when interfaces share the same physical network"
Some info on arp network"http://freebsdhowtos.com/102.html
/Perry
doc.pfsense.org

Offline Fitopy

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: switch management IP on two interfaces - arp problem
« Reply #3 on: February 23, 2009, 08:32:13 am »
hi I have the same problem and i think it is messing around some services running on my dmz. I'm having those same errors but in my case i have a pfsense server with 3 interfaces: lan , wan and dmz atached to 3 differents switches. Then i have this other server(a linux box running suse) with only 2 interfaces atached to LAN and DMZ along with the pfsense box. I receive a lot off this messages . The problem is that my pfsense box is the default GW and when client on LAN tryies to comunicate with services running on the linux server but on the "DMZ" side is when i receive those messages. Pfsense knows linux server IS on DMZ (by destination's ip) but receives replies on LAN side. How can i solve this?. I'm thinking this should not be a pfsense issue, but before i put the pfsense I had a linux box running as a gateway , router and proxy, and didn't have this problems, since I installed pfsense I'm having users reporting problems when trying to communicate with services on the DMZ side of my linux box, they can connect but connection is lost after a while. Then they reconnect fine but the connections drop again.

Tks for your help and sorry for the long post.

Running Pfsense 1.2.2
Fito
Asuncion-Paraguay