I continue to have VLAN / IOT problems, and did some more packet capturing this morning.
The bug that I’m seeing is that my AppleTV (on the VLAN) which is serving as a homeKit hub seems to go unresponsive. This is a periodic issue (perhaps happening 1 hour out of every six?).
I was able to capture the misbehavior this morning. Here we see the AppleTV on the VLAN (10.0.64.102) trying to communicate with a MacBook Pro on the untagged lan (10.0.32.57) and being told the destination is unreachable:
| no. | time | source | dest | Protocol | length | Info |
|---|---|---|---|---|---|---|
| 51598 | 92.326615 | 10.0.64.102 | 10.0.32.57 | UDP | 58 | 3722 → 3722 Len=4 |
| — | — | — | — | — | — | — |
| 51599 | 92.326622 | 10.0.64.102 | 10.0.32.57 | UDP | 58 | 3722 → 3722 Len=4 |
| 51600 | 92.326731 | 10.0.64.102 | 10.0.32.57 | UDP | 48 | 3722 → 3722 Len=4 |
| 51601 | 92.326755 | 10.0.64.102 | 10.0.32.57 | UDP | 48 | 3722 → 3722 Len=4 |
| 51614 | 92.327307 | 10.0.32.57 | 10.0.64.102 | ICMP | 72 | Destination unreachable (Port unreachable) |
| 51615 | 92.327326 | 10.0.32.57 | 10.0.64.102 | ICMP | 72 | Destination unreachable (Port unreachable) |
| 51616 | 92.327419 | 10.0.32.57 | 10.0.64.102 | ICMP | 72 | Destination unreachable (Port unreachable) |
| 51617 | 92.327437 | 10.0.32.57 | 10.0.64.102 | ICMP | 72 | Destination unreachable (Port unreachable) |
This should not be happening, because
- On the Guest VLAN (1003), Inter-VLAN routing is ENABLED:
- There is an explicit firewall rule allowing the AppleTV to contact any client on the VLAN:
(there is another firewall rule which prevents all VLAN clients from reaching the untagged LAN, but the rule to allow the AppleTV is higher up in the list).
Additional info:
- this bug is intermittent. When it’s happening, various HomeKit devices say “unresponsive”. However, within about an hour, it all starts working again, and will remain working typically for a few hours (perhaps 4, as long as 8)?
Theory:
Given this data, I wonder if there is some sort of Firewall rule bug that’s new in 8.5.x ?