i am struggling around with an issue where i get duplicate ping responses when i ping from a host in a VLAN which is not 1 to a host in VLAN 1.
I have checked the pings with tcpdump and noticed that the host in VLAN B just sends one response, but this response seems to get replicated in LEDE, so that i get one duplicate per configured VLAN. I have double-checked it with deleting one configured VLAN in LEDE, and the number of responses decreased by 1.
Furthermore, when i ping from LEDE itself to the host, i get duplicate responses as well. But when i restrict the ping to eth0.1, i only get one response - i assume that the ping client is only listening on eth0.1 - if i don't specify the interface, it listens on eth0, which is already after the duplication error.
This is the same when i use tcpdump on LEDE in parallel to the ping. Explicitly dumping eth0.1 returns only one response. But when i listen on eth0 in general, i get the duplicates.
Has anyone an idea why this happens? The hardware is a TP-Link WDR3600. I will be happy if someone comes up with a firewall rule to restrict a ping to exactly one response.
It was because of debugging this issue. You're right, i don't need it.
Another interesting fact i just discovered: As you can see, port 2 is my general uplink port to a switch which is connected there (and which was the first device i discovered the duplicate answers with). I changed the vlan with VID 12 to not include port 2 tagged, but port 3 tagged. Port 3 is physically disconnected. The result was: I have one less duplicate.
I also noted that the duplicates only appear when i ping this particular uplink switch. I connected a second switch to this switch, and configured a trunked connection as well between the first switch and the second switch. Both switches return exactly one response per ICMP request, but only the first switch's response is duplicated.
As you may have noted, i mentioned replicated ARP replies but forgot to mention them in my opening post. This was a phenomenon i discovered when tcpdumping the ping issue. Whenever the LEDE router spawned an ARP request for the switch's management IP, and got a response from the switch, it replicated the response, also as much as it has VLANs configured and sent the ARP reply from the switch into other VLANs. This response is not showing up in the ARP caches of the computers in the other VLANs, maybe because they didn't request it, or because each VLAN has its own /24 IPv4 subnet.
Update: There are no more duplicates when i create more VLANs. But, if i change the VLAN ID of any VLAN which causes duplicates (the duplicates decrease when i disconnect this interface), the duplicates persist.
I have enabled a firewall rule which drops all ICMP traffic from VLAN 1. However, the firewall isn't dropping anything, and each ICMP request is forwarded.
YOU ASSUME??? How could it listen on other VLANs??? Do you have this device connected to multiple ports on different VLANs??? (Perhaps you're using the term 'client' differently here).