i have a problem with an AT-GS950/24 managed switch from Allied Telesys. I have configured several VLANs, and it is reporting its management IP via ARP on all VLANs, which is resulting in duplicate pings, since a firewall where the pings are passing through if coming from another VLAN seems to duplicate the switch's response according to its VLAN config.
In detail: I have this particular switch (let's call it AT now), and a router with LEDE, acting as a firewall between the VLANs (let's call it LEDE now). The AT and the LEDE are connected with a VLAN trunk, which is basically a connection with each VLAN set to tagged.
I also have a second switch (let's call it SW now), which is connected to AT with a trunk connection as well.
Each VLAN has it's own /24 subnet mask. All inter-VLAN connections are going through the LEDE and it's firewall, where the traffic is currently set to Allow Any. The AT has set VLAN 1 as its management VLAN and a management IP from VLAN 1's subnet.
The phenomenon i am experiencing now is: A computer residing in VLAN 1 is capable of pinging the AT, and gets one response in return. A computer residing in different VLAN is capable of pinging the AT as well, but is experiencing multiple responses, caused by a duplication inside the LEDE router.
I have gathered the following facts:
- The AT is sending exactly one response
- The LEDE is duplicating the response so that it has one response for each VLAN which are then sent to VLAN 1 and the pinging computer
- LEDE pinging AT itself with no explicit interface set is resulting in duplicate responses as well
- LEDE pinging AT with interface explicitly set to eth0.1 is resulting in exactly one response
- The other switch, SW, isn't causing any duplicates at all, only one response per request, regardless which client is causing the ping
- ARP-Requests from LEDE are responsed by the AT in a correct way, but these responses are duplicated to all other VLANs as well, it seems that the LEDE is responsing to a MAC address which isn't even present in any of the VLANs.
- This is only occuring for the AT switch, which is the first hop inside my VLAN trunk/ethernet cascade.
- The network works fine besides these phenomena. The switch is switching correctly, the LEDE is firewalling correctly, all is fine, besides confusing myself quite a lot, and a red check in my Icinga instance which is not located in VLAN 1 and therefore receiving duplicate responses in the ping check as well.
I am sure that i have set up the VLANs in the LEDE correctly, according to the OpenWRT and LEDE wikis, but i am happy in getting proved wrong.
If you need additional information, please ask.
