I recently discovered Pi Alert (and the various forks of it) and it seems like something that might be useful on my homelab.

I’ve decided to use this version, and have tried the others as well, but I can’t seem to get it to discover things outside of the VLAN that it is installed on.

It is running on a Proxmox VM using a trunk’d interface that has several VLANs available to it. If I SSH into the VM hosting Pi Alert, I am able to ping the devices on the other VLANs without issues, so I know ICMP detection should be working.

Here is the config section. I am using SCAN_SUBNETS = [ '192.168.1.0/24 --interface=ens18', '192.168.2.0/24 --interface=ens18' ] To test 2 of my VLANs, and as mentioned, they are on the same interface, however this does not seem to be working.

Anyone have any suggestions?

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    8 months ago

    Most vlans have different network address ranges. So broadcast and discovery packets on one range won’t go over to the other. Well you can connect to them directly with IP addresses, whatever discovery mechanism they’re using isn’t going across the network boundary.

  • MystikIncarnate@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    I didn’t have to read far into the documentation of pi alert to find your issue. Scans and detection is done using ARP scans. ARP or address resolution protocol operates on layer 2. VLANs span layer 3 boundaries, so: layer 2 traffic does not traverse VLANs.

    Additional scanning (by pi alert) is complimentary to the ARP scan. Which to me reads like ARP scans always need to work.

    The easy solution is to use a trunk port into the system, and set up multiple VLAN sub interfaces on the NIC in the OS to handle each VLAN. Alternatively, give the VM multiple NICs, one for each VLAN you wish to scan.

    The bottom line is that the pi alert system needs to have a direct network link into each network that it is trying to monitor.

  • Onno (VK6FLAB)
    link
    fedilink
    arrow-up
    3
    arrow-down
    2
    ·
    8 months ago

    AFAIK the whole point of a VLAN is that the rest of the network outside your own VLAN is invisible. The only place where other traffic is visible is on the router itself.

    • root@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      Right. Most of my VLANs are set up that way; they’re silos. The VLAN that this is running on is the “management” VLAN that can see the other ones