× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

RAXE 500 VLAN tag group bridge setup to allow traffic monitoring with Suricata

kscheer
Follower
Follower
‎2024-04-28 05:55 PM
‎2024-04-28 05:55 PM

RAXE 500 VLAN tag group bridge setup to allow traffic monitoring with Suricata

I want to monitor the traffic on all of my RAXE 500 connected devices, both wired and wireless, using Suricata on a hardwired dedicated Ubuntu PC.  I am using firmware V1.2.13.100_2.0.54.  

 

 I think the best way to do this would be to create a VLAN tag group bridge.  I enabled VLAN/Bridge in advanced settings, following the direction in the manual:  

To add a VLAN tag group and enable the bridge:
1. Launch a web browser from a computer or mobile device that is connected to the router network.
2. Enter http://www.routerlogin.net. A login window opens.
3. Enter the router admin user name and password.
The user name is admin. The password is the one that you specified the first time that you logged in. The user name and password are case-sensitive.
The BASIC Home page displays.
4. SelectADVANCED>AdvancedSetup>VLAN/BridgeSettings. The VLAN/Bridge Settings page displays.

5. SelecttheEnableVLAN/BridgeSetupcheckbox. The page expands.
6. SelecttheByVLANtaggroupradiobutton. The page expands.
7. ClicktheAddbutton.
The Add VLAN Rule page displays.
8. SpecifythefollowingsettingsfortheVLANtaggroup:
• Name. Enter a name for the VLAN tag group. The name can be up to 10 characters.
• VLAN ID. Enter a value from 1 to 4094.
• Priority. Enter a value from 0 to 7.
9. Select the check box for a  wired Ethernet port or wireless network.
If your device is connected to an Ethernet port on the router, select the wired Ethernet port check box that corresponds to the Ethernet port on the router to which the device is connected. If your device is connected to your router’s WiFi network, select the WiFi check box that corresponds to the router’s WiFi network to which the device is connected.
You must select at least one Ethernet port or wireless network. You can select more than one port.
10. Click the Add button.
The VLAN tag group is added.
11. Click the Apply button. Your settings are saved.

 

I named the group, set the VLAN ID to 4000 and set the priority to 2.  I tried to select all of the ports, but a message appeared saying  I had to leave at least one port unchecked.  So, I unchecked the 6G wireless one.  Then I applied the changes and the router went into a reboot as expected.  Unfortunately, it seemed to get stuck in reboot. I had waited 40 minutes.  I ultimately had to do a factory reset to get functional again.

 

Any insight into why reboot got stuck?  Why did I need to leave at least one port unselected a being part of the VLAN tag group bridge?  Should I have picked a different port to make this work?  Was the router CPU overwhelmed by this config?   Might it work to attempt to add the ports to the VLAN tag group gradually, rebooting after each addition?  Will my planned setup actually let me monitor all traffic with Suricata as I intend?  Anyone out there that has successfully set up Suricata to monitor all traffic on the RAXE 500 router?

 

Message 1 of 1
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 0 replies
  • ‎2024-04-28 05:55 PM
  • 279 views
  • 0 kudos
  • 1 in conversation
Announcements

Orbi WiFi 7