Oddity -- SNMP on vlan1 shows bandwith, ports not plugged in

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
elyograg
DD-WRT User


Joined: 11 Jul 2021
Posts: 56

PostPosted: Sun Aug 28, 2022 20:45    Post subject: Oddity -- SNMP on vlan1 shows bandwith, ports not plugged in Reply with quote
I was investigating an alert from zabbix monitoring my dd-wrt router using the "Linux SNMP" template.

Here is the discussion I started on the zabbix forum with full details:

https://www.zabbix.com/forum/zabbix-suggestions-and-feedback/450530-high-bandwith-usage-triggered-but-the-alert-does-not-include-average-values

Summary: Zabbix alerted that it saw high bandwith usage on vlan1. Graph of traffic on vlan1 shows nearly 1Gbps usage at the time both inbound and outbound. When I check the switch config, it shows vlan1 assigned to switchports 5 and 6. There is nothing plugged into those ports, so I would expect the bandwidth graph to show no traffic. Zabbix shows the same traffic spike on br0, which includes vlan1, but I do not see the spike on any other interface besides vlan1 and br0, so I am really confused about where that traffic went.

Info mentioned in the FAQ:

Firmware: DD-WRT v3.0-r48996 std (05/30/22)
Netgear r9000
Gateway mode

Back in early June I did try a firmware release later than the one I am running, but had a DNS issue with it. I upgraded from a release dated sometime in April. With the June release that was current at the time, when a host would do a DNS lookup for a certain name, DD-WRT was returning its own IP address rather than consulting my LAN's DNS server. DD-WRT does not have any config (like static DHCP) for that name. Picked the 5/30 release at random to try a downgrade, it fixed the DNS issue. I have not tried anything newer yet.

The advice in the FAQ about upgrading, resetting to defaults, and reconfiguring manually will involve a fair amount of work that I will need to do in the middle of the night when my family is not using the Internet. I will try it, but I am not sure exactly when that can happen.


Last edited by elyograg on Mon Aug 29, 2022 22:40; edited 1 time in total
Sponsor
elyograg
DD-WRT User


Joined: 11 Jul 2021
Posts: 56

PostPosted: Sun Aug 28, 2022 21:13    Post subject: Reply with quote
Something else confusing: vlan0 does not show up in the output of "ip a" (on an ssh login to the router) but it is seen in the switch config screenshot I included.

If I have something internal that is connecting to the wan-side address for some high-bandwidth operation and vlan1 represents the inside network, that would explain the spike. But that would mean that the switchport display in the web UI is not showing the true config -- it shows port 1 as a member of vlan0, but via ssh, Linux does not show vlan0 configured.
elyograg
DD-WRT User


Joined: 11 Jul 2021
Posts: 56

PostPosted: Sun Aug 28, 2022 21:15    Post subject: Reply with quote
Code:
root@orthanc:~# brctl show
bridge name   bridge id      STP enabled   interfaces
br0      8000.449160b89209   no      eth0
                     vlan1
                     wlan0
root@orthanc:~# ip a | grep vlan
9: vlan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP qlen 1000
10: vlan2@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 73.131.246.74/22 brd 73.131.247.255 scope global vlan2
elyograg
DD-WRT User


Joined: 11 Jul 2021
Posts: 56

PostPosted: Sun Aug 28, 2022 21:44    Post subject: Reply with quote
I did figure out by looking at librenms graphs for my switches which machine created the traffic. It is an rsync backup job that was mistakenly configured to use a name that resolves to the dd-wrt WAN address. That has been fixed so it should go directly to the server instead of routing via dd-wrt.

Which I think means that dd-wrt is using vlan1 for the inside network, but the switch config is showing the port as a member of vlan0, not vlan1. I can't find any evidence of vlan0 via ssh. Which I think means the UI is wrong, but I do not know for sure.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14102
Location: Texas, USA

PostPosted: Mon Aug 29, 2022 3:00    Post subject: Reply with quote
Yes, the switch config tab webUI page is wrong. WAN is VLAN2 and LAN is VLAN1. This is a known issue and it's best to leave those settings alone.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum