Hi all,
I'm attempting to configure dual SPAN ports to my Security Onion VM. However, when I attempt to assign vmbr3 as another interface, vmbr2's MAC shows as duplicate, so I cannot capture the intended traffic. As you can see, eth2 and eth1 share a common MAC address.
Steps taken to validate/troubleshoot
Please let me know if any additional info is required.
Interface assignment:
Proxmox eno4/vmbr3 config
Proxmox eno3/vmbr2 config
Security Onion network interface assignment
Security Onion nic assignement
ProxMox /etc/network/interfaces config
I'm attempting to configure dual SPAN ports to my Security Onion VM. However, when I attempt to assign vmbr3 as another interface, vmbr2's MAC shows as duplicate, so I cannot capture the intended traffic. As you can see, eth2 and eth1 share a common MAC address.
Steps taken to validate/troubleshoot
- If I remove vmbr3, then eth2 is removed as well. If I reboot the VM, the MAC is persistent.
- If I disconnect vmbr3, eth2 shows disconnected in Security Onion
- If I run tcpdump on the proxmox interface eno4, I can see my host pinging an internal VM. If I run tcpdump on Security Onions eth2 inteface, I see no traffic. I assume its because its incorrectly being assigned the wrong nic.
Please let me know if any additional info is required.
Interface assignment:
- vmbr1 assigned to Security Onion management
- vmbr2 assigned to North-South span traffic out of the gateway
- vmbr3 assigned to East-West span traffic to my server
Proxmox eno4/vmbr3 config
Proxmox eno3/vmbr2 config
Security Onion network interface assignment
Security Onion nic assignement
Markdown (GitHub flavored):
lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr oup default qlen 1000
link/ether 7e:31:c2:3e:9f:0b brd ff:ff:ff:ff:ff:ff
inet 192.168.10.32/24 brd 192.168.10.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,NOARP,PROMISC,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast m aster bond0 state UP group default qlen 1000
link/ether 3a:6a:d3:94:9f:85 brd ff:ff:ff:ff:ff:ff
4: eth2: <NO-CARRIER,BROADCAST,NOARP,PROMISC,SLAVE,UP> mtu 1500 qdisc pfifo_fast master bond0 state DOWN group default qlen 1000
link/ether 3a:6a:d3:94:9f:85 brd ff:ff:ff:ff:ff:ff
5: bond0: <BROADCAST,MULTICAST,PROMISC,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueuProxMox /etc/network/interfaces config
Markdown (GitHub flavored):
auto vmbr0
iface vmbr0 inet static
address 192.168.10.30/24
gateway 192.168.10.1
bridge-ports eno1
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet manual
bridge-ports eno2
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 10-50
auto vmbr2
iface vmbr2 inet manual
bridge-ports eno3
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 10-50
bridge_ageing 0
auto vmbr3
iface vmbr3 inet manual
bridge-ports eno4
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 10-50
bridge_ageing 0