Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

invalid interface

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

invalid interface

L2 Linker

hello have getting a lot of 802.1q tag not configured and invalid interface message in global counters. I'm trying to find the cause, I have configured subinterfaces I see traffic in rx.pcap with properly tag, all traffic is dropped, I see as destination mac addres of the fisical interface when I have configured subinterfaces, could someone help me with this issue please?

Regards

8 REPLIES 8

Cyber Elite
Cyber Elite

these errors mean the firewall is receiving packets with a 802.1q tag it has no subinterface for

if you finetune your switch trunk to only include the vlan tags that are configured on the firewall, these messages will stop

 

I think the incorrectly tagged packets are discarded before they arrive at the RX stage, because there is no interface to rx them

 

 

here are a couple articles that may help (since i'm not sure if you have layer 2 or 3)

 

https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Layer-3-Subinterfaces/ta-p/67...

https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Layer-2-Interfaces/ta-p/68229

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hello,

Reaper, thank you very much for your answer, I would like to understand this. I thougth that all packet that arrive to the fw were in RX stage, then when we get errors as invalid interace and 802.1q tag not configured this packets don't appears in rx stage, this is correct?

there is other counters that show you error in packets that don't arrive at RX stage?

 

I reviewed the configuration done, is an L3 interface and I don't find nothing weird.

as I explain before I see traffic tagged correctly in RX stage, but all this traffic is dropped, If this traffic is droped in a policy, this traffic must appear in fw stage, this is correct?

I don't know how to find the cause this traffic is dropped....

oh, your original statement seemed to state you were not seeing any of the discarded tagged packets, please disregard my previous statement and provide screenshots so I can ascertain what is actually going on 🙂

 

how is your L3 interface and, more importantly, the tagged subinterfaces configured and which .1q tags are showing up in the discarded packets

 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

 

hello reaper thank you again for your help of course I will show you information I got:

here you can see the tag I see in rx.pcap

tag.JPG

and you can see subinterface configured has the correct tag

subinterface.JPG

interesting

 

is the interface showing in > show interface all as well ? are you sure you are receiving the packet on that physical interface ?

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

hello, yes in >show interface all I see the subinterface

show interface.JPG

I have traffic logs showing inbound interface eth1/7.1701 and outbound interface the same. but this traffic is not the same that I have been analising in pcac because was generated in other moment.

But if I have traffic logs I should have fw.pacap, this is correct?

yes, if there are traffic logs there should be fw stage logs unless the traffic is offloaded (offloaded packets cannot be captured)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 6604 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!