- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-11-2018 04:17 AM
hello have getting a lot of 802.1q tag not configured and invalid interface message in global counters. I'm trying to find the cause, I have configured subinterfaces I see traffic in rx.pcap with properly tag, all traffic is dropped, I see as destination mac addres of the fisical interface when I have configured subinterfaces, could someone help me with this issue please?
Regards
07-11-2018 09:41 AM
these errors mean the firewall is receiving packets with a 802.1q tag it has no subinterface for
if you finetune your switch trunk to only include the vlan tags that are configured on the firewall, these messages will stop
I think the incorrectly tagged packets are discarded before they arrive at the RX stage, because there is no interface to rx them
here are a couple articles that may help (since i'm not sure if you have layer 2 or 3)
https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Layer-2-Interfaces/ta-p/68229
07-13-2018 12:27 AM
Hello,
Reaper, thank you very much for your answer, I would like to understand this. I thougth that all packet that arrive to the fw were in RX stage, then when we get errors as invalid interace and 802.1q tag not configured this packets don't appears in rx stage, this is correct?
there is other counters that show you error in packets that don't arrive at RX stage?
I reviewed the configuration done, is an L3 interface and I don't find nothing weird.
as I explain before I see traffic tagged correctly in RX stage, but all this traffic is dropped, If this traffic is droped in a policy, this traffic must appear in fw stage, this is correct?
I don't know how to find the cause this traffic is dropped....
07-13-2018 12:34 AM
oh, your original statement seemed to state you were not seeing any of the discarded tagged packets, please disregard my previous statement and provide screenshots so I can ascertain what is actually going on 🙂
how is your L3 interface and, more importantly, the tagged subinterfaces configured and which .1q tags are showing up in the discarded packets
07-13-2018 01:13 AM
hello reaper thank you again for your help of course I will show you information I got:
here you can see the tag I see in rx.pcap
and you can see subinterface configured has the correct tag
07-13-2018 03:53 AM
interesting
is the interface showing in > show interface all as well ? are you sure you are receiving the packet on that physical interface ?
07-13-2018 04:22 AM
hello, yes in >show interface all I see the subinterface
I have traffic logs showing inbound interface eth1/7.1701 and outbound interface the same. but this traffic is not the same that I have been analising in pcac because was generated in other moment.
But if I have traffic logs I should have fw.pacap, this is correct?
07-13-2018 05:29 AM
yes, if there are traffic logs there should be fw stage logs unless the traffic is offloaded (offloaded packets cannot be captured)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!