Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

I have a NSA 3500 and having a issue with VLAN traffic, can any of you know what the error is?

Ethernet Header

 Ether Type: VLAN ID = 38, Priority = 7

 Ether Type: 0x32(0x32), Src=[24:b6:57:e6:45:16], Dst=[01:00:0c:cc:cc:cd]

Ethernet Type: Unknown


DROPPED, Drop Code: 1, Module Id: 17, (Ref.Id: _2153_kprwvJqqm) 1:1)

Category: Mid Range Firewalls


  • TonyATonyA SonicWall Employee

    Hey @DADAWG

    For the drop code, was there any more information that was part of it? Or is that the full drop that you were able to copy?

    Do you have the VLAN network assigned under one of the interfaces as the parent interface? Or are you using a route to inform the firewall of the vlan network behind the firewall interfaces?


    Maybe Layer 3 switch Cisco 3750, but a vpn connection and the lAN port connect out.

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    If the firewall doesn't understand the ethertype, it won't handle it. I have no idea what ethertype 0x32 is but 01:00:0c:cc:cc:cd is Cisco PVST. This traffic doesn't need to traverse the firewall, so you don't need to worry about the firewall dropping it.

    On an unrelated note, who was president the last time you updated your firewall? 😁

  • TonyATonyA SonicWall Employee
    edited February 2023

    As @Arkwright mentioned the ether type here is not IP and depending on how the capture is set up - this traffic drop is not something to be concerned about (looks like with either type blank - should be at least IP if troubleshooting ip related traffic). You should try and narrow down the traffic in the packet capture, like having the destination IP, ether type as IP and ip type as TCP,UDP

    Usually when using the packet capture, i use the following template:

    Monitor filter tab:

    Ether: IP

    IP Type: ICMP,TCP,UDP (you can remove the ones not needed)

    Destination: The destination ip you are trying to ping/access

    Enable - Enable Bidirectional Address and Port Matching 

    All other check boxes, leave unticked 

    Display filter:

    Leave fields blank and check all checkboxes at the bottom

    Advanced monitor filter:

    Check all boxes except - Restore original ports on SSL decrypted traffic. 

    The above template I have might be different on the Gen5 device, as those have been EOL for some time now :P

    Could you explain what issues you are facing with the vlan traffic?

Sign In or Register to comment.