For the drop code, was there any more information that was part of it? Or is that the full drop that you were able to copy?
Do you have the VLAN network assigned under one of the interfaces as the parent interface? Or are you using a route to inform the firewall of the vlan network behind the firewall interfaces?
If the firewall doesn't understand the ethertype, it won't handle it. I have no idea what ethertype 0x32 is but 01:00:0c:cc:cc:cd is Cisco PVST. This traffic doesn't need to traverse the firewall, so you don't need to worry about the firewall dropping it.
On an unrelated note, who was president the last time you updated your firewall? 😁
As @Arkwright mentioned the ether type here is not IP and depending on how the capture is set up - this traffic drop is not something to be concerned about (looks like with either type blank - should be at least IP if troubleshooting ip related traffic). You should try and narrow down the traffic in the packet capture, like having the destination IP, ether type as IP and ip type as TCP,UDP
Usually when using the packet capture, i use the following template:
Monitor filter tab:
Ether: IP
IP Type: ICMP,TCP,UDP (you can remove the ones not needed)
Destination: The destination ip you are trying to ping/access
Enable - Enable Bidirectional Address and Port Matching
All other check boxes, leave unticked
Display filter:
Leave fields blank and check all checkboxes at the bottom
Advanced monitor filter:
Check all boxes except - Restore original ports on SSL decrypted traffic.
The above template I have might be different on the Gen5 device, as those have been EOL for some time now :P
Could you explain what issues you are facing with the vlan traffic?
Answers
Hey @DADAWG
For the drop code, was there any more information that was part of it? Or is that the full drop that you were able to copy?
Do you have the VLAN network assigned under one of the interfaces as the parent interface? Or are you using a route to inform the firewall of the vlan network behind the firewall interfaces?
Maybe Layer 3 switch Cisco 3750, but a vpn connection and the lAN port connect out.
If the firewall doesn't understand the ethertype, it won't handle it. I have no idea what ethertype 0x32 is but 01:00:0c:cc:cc:cd is Cisco PVST. This traffic doesn't need to traverse the firewall, so you don't need to worry about the firewall dropping it.
On an unrelated note, who was president the last time you updated your firewall? 😁
As @Arkwright mentioned the ether type here is not IP and depending on how the capture is set up - this traffic drop is not something to be concerned about (looks like with either type blank - should be at least IP if troubleshooting ip related traffic). You should try and narrow down the traffic in the packet capture, like having the destination IP, ether type as IP and ip type as TCP,UDP
Usually when using the packet capture, i use the following template:
Monitor filter tab:
Ether: IP
IP Type: ICMP,TCP,UDP (you can remove the ones not needed)
Destination: The destination ip you are trying to ping/access
Enable - Enable Bidirectional Address and Port Matching
All other check boxes, leave unticked
Display filter:
Leave fields blank and check all checkboxes at the bottom
Advanced monitor filter:
Check all boxes except - Restore original ports on SSL decrypted traffic.
The above template I have might be different on the Gen5 device, as those have been EOL for some time now :P
Could you explain what issues you are facing with the vlan traffic?