Bug #4637
closed
system unreachable after deleting VLAN
Added by Adam Thompson about 9 years ago.
Updated over 2 years ago.
Affected Architecture:
amd64
Description
Scenario:
pfSense x86_64 2.2.2-RELEASE
Two-interface system: igb0, igb1.
One LACP LAGG, includes both interfaces.
Many VLANs (VIDs: 4,5,8,11,12,14,15, ...) on top of the LAG.
Two overlapping VLANs on igb0 (VIDs 4 & 5), left over from initial configuration.
CARP IPs on each of the VLANs.
Connected to (i.e. administering) the firewall on the CARP IP bound to VLAN 5.
Step:
Delete igb0_vlan4, works fine.
Delete igb0_vlan5, system is suddenly completely unreachable on VLAN 5, and I think also unreachable on all VLANs.
- Status changed from New to Not a Bug
This is the expected behaviour for overlapping networks.
When you remove the IP from NIC/VLAN (this is not specifically related to VLAN, as it can be reproduced with two NICs too) you also remove the network route, which will make your system unreachable.
Luiz,
You've misunderstood the problem, and it is definitely a bug.
I don't have the lab equipment or time to reproduce (or re-test) it today, so leave the bug closed, but please changed it to CAN'T REPRODUCE, not NOT A BUG.
To recap: when I deleted one single VLAN logical interface from a physical interface, all the other VLAN logical interfaces bound to the same physical parent device immediately and simultaneously failed. This wasn't an IP routing issue, it was an interface-management issue. Talked to Chris about it in realtime, unsure whether it was a bug in the NIC driver or a bug in the pfSense interface mgmt code.
I never had overlapping IP networks in the configuration where this occurred.
- Status changed from Not a Bug to Assigned
- Assignee set to Luiz Souza
No problem, I'll keep the bug report open and check if we can reproduce it here.
I was misguided by 'Two overlapping VLANs on igb0 (VIDs 4 & 5), left over from initial configuration.'
Ah, I see. By "overlapping", I meant that igb0 had VLANs defined directly on it, and it was part of an LACP group that also had VLANs defined on top of that, too.
(This is still just about the only way to configure a two-port device into LACP mode... I really wish that was a console option. I think it's already an ER in the system somewhere.)
This bug should be marked as Incomplete as it's no longer relevant and very old.
Kindly see my previous comment where I already asked that it be closed with "can't reproduce" as the reason/status.
- Status changed from Assigned to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by