hello have getting a lot of 802.1q tag not configured and invalid interface message in global counters. I'm trying to find the cause, I have configured subinterfaces I see traffic in rx.pcap with properly tag, all traffic is dropped, I see as destination mac addres of the fisical interface when I have configured subinterfaces, could someone help me with this issue please?
these errors mean the firewall is receiving packets with a 802.1q tag it has no subinterface for
if you finetune your switch trunk to only include the vlan tags that are configured on the firewall, these messages will stop
I think the incorrectly tagged packets are discarded before they arrive at the RX stage, because there is no interface to rx them
here are a couple articles that may help (since i'm not sure if you have layer 2 or 3)
Reaper, thank you very much for your answer, I would like to understand this. I thougth that all packet that arrive to the fw were in RX stage, then when we get errors as invalid interace and 802.1q tag not configured this packets don't appears in rx stage, this is correct?
there is other counters that show you error in packets that don't arrive at RX stage?
I reviewed the configuration done, is an L3 interface and I don't find nothing weird.
as I explain before I see traffic tagged correctly in RX stage, but all this traffic is dropped, If this traffic is droped in a policy, this traffic must appear in fw stage, this is correct?
I don't know how to find the cause this traffic is dropped....
oh, your original statement seemed to state you were not seeing any of the discarded tagged packets, please disregard my previous statement and provide screenshots so I can ascertain what is actually going on :)
how is your L3 interface and, more importantly, the tagged subinterfaces configured and which .1q tags are showing up in the discarded packets
hello reaper thank you again for your help of course I will show you information I got:
here you can see the tag I see in rx.pcap
and you can see subinterface configured has the correct tag
is the interface showing in > show interface all as well ? are you sure you are receiving the packet on that physical interface ?
hello, yes in >show interface all I see the subinterface
I have traffic logs showing inbound interface eth1/7.1701 and outbound interface the same. but this traffic is not the same that I have been analising in pcac because was generated in other moment.
But if I have traffic logs I should have fw.pacap, this is correct?
yes, if there are traffic logs there should be fw stage logs unless the traffic is offloaded (offloaded packets cannot be captured)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!