Hmm, well that sounds like the Netgear is internally untagging the VLANs from the SSIDs to it's own ports? Which implies it is somehow separating the traffic from the SSIDs at least.

Is it really not possible to have it just pass the tagged traffic?

You could use your switch to put them back on a single linked tagged but that seems like it should be unnecessary.

How many VLANs do you have? I think the ice driver includes support for hardware VLAN filtering and it has a limited number. It should switch to software filtering but fails.

Steve

It will probably work. The compatibility would all be down to the controller though the drive itself doesn't really matter.

You don't need anything like that for pfSense though. pfSense doesn't require a lot of storage or much by way of storage speed. And you can get an SSD new for less than that anyway.

Steve

What is it connected to? What state does that show for the link? How is it configured?

With a DAC cable you might have no connection options at all in pfSense. It will only connect at 10G autoselect.

Ah OK. Yup that's what I might expect.

Using fiber modules will often give you more options for connection type.

One more update on this subject. pfSense is still stable with zero up/down events since limiting to 5Gbps.

My TrueNAS box, on the other hand, started showing the same behavior (at the same 5 min intervals) after a software update. They were happening about 1x per day, but even though only one interface in the lagg would go down at any given time, I'd measure some packet loss, likely because smokeping is also on a 5 min interval. This was a change from previous observed behavior where the up/down events would occasionally happen, but not on the 5 min interval and no measured packet loss.

I picked up a Dell X710-T2L for a song on ebay (seriously, like $30 shipped) and cross-flashed it to the Intel firmware. I replaced the X540-T2. My intention was to also limit to 5Gbps but I haven't had to do that. The events just stopped and 0% loss since then. It's even more puzzling because the cabling here, while short, has multiple excursions into wall-mounted jacks with Cat6 (not Cat6a) running under the house through the crawl space. That was not the case with pfSense, which is directly cabled to the switch with Cat6a patch cables.

Don't really know what to think about this other than that 10GBase-T is a crapshoot.

I have an older ASRock Rack motherboard, and I also had my share of struggles with their BMC port sharing. On this motherboard, from what I found in my research, this virtual AMD port appears when instead of using a dedicated BMC port, you share this port for other purposes, or when you only have one cable connected to a certain port.

As far as I understand and remember, the settings for this behavior are not in the BIOS but in the BMC’s web interface. In the Configuration section, there should be several options for network, link configuration, and choosing between shared or dedicated. One of these options should disable this virtual interface, but I’m not entirely sure. The motherboard manual might provide more detailed descriptions of the BMC settings, but on my board, these settings are quite confusing, and the manual doesn’t cover all of them.

Overall, I had a similar idea—to have access to both the BIOS and everything else. But as usual, since their BMC relies on Java, which can’t be updated, it’s impossible to use their applets because the board is no longer supported. In the end, I connected a PiKVM to this board.

For anyone considering purchasing an ASRock Rack, I highly advise against it if you plan to use the board longer than its support period (typically 2-3 years), as the BMC might "turn into a pumpkin" after that.

@ojosaghae
For official hardware you get pfsense plus and TAC Lite. A side benefit of maintaining the project.

Protectli you get robust hardware (faster proc, more mem) and a fair price but you will have to purchase pfsense plus or run pfsense CE.
If I'm running a business I'm going with pfSense plus regardless of hardware. That said, factor in the cost of protectli including a license for pfsense plus.

Did it work are you now a Cisco Certified Netgate Associate ... jk. like Cisco's CCNA CCIE and CCNP certifications

@elspoon said in Protectli VP4630:

was following NetworkChuck's YouTube video to the Tee for about the first 15min... your home router SUCKS!!

At this moment, he, Chuck, is given totally non important setup information.
He didn't tell you that :
From now on, all your private ( ?!) DNS info goes to 'some' companies. Why would he advise you (us) to use these, or any other DNS server(s) ?
These DNS servers entries can be left empty.
pfSense, out of the box has a working SNS setup.
pfSense resolves !

DNS was working just fine for decades before 8.8.8.8, 1.1.1.1 etc came along.
I do not say 8.8.8.8, 1.1.1.1 etc make things worse ... but not better neither.
So, again, ask the question : why are they there, what is there ultimate goal ? 😊

@stephenw10 Thank You. Let me try the same.

Just to put some closure to this thread... It was the PCIe lane being saturated. Upgraded the hardware to a motherboard with a PCIe 3.0 x16 and this is the result:

final.jpg

@Gertjan @keyser @stephenw10

That was my expectation too. I didn't notice anything during the boot process. I was in a hurry, so I didn't look carefully at the logs.

At the moment it is not a problem, the backup was only a few hours old. I just wanted to make sure that I didn't do anything wrong at the initial setup.

Ok, thank you very much. I will give it a try tomorrow.

Can you see them in the BIOS POST output?

I would try the card in the PCIe slot only first.

Do you have a PCIe 1,2 or 4x card you can try in the slot directly?

Do you have a mPCIe card you can test dircetly? A wifi device maybe.

Steve

@stephenw10

Not to worry
Know dif between 2.5 GbE that can run over cat 5+ copper
SFP which is 1 GbE based fiber and
SFP+ which is 10GbE based fiber.

G

Performance gain will only be marginal there but saving drive writes can be significant. You must have quite large drives to run with pfBlocker?

If it's running OK, not exhausting the RAM drive, then why disable it?

@stephenw10
yeah, I do consider that. Thank you for you support and time.
I think subject is closed.

Best regards
MKo

Wanted to provide an update regarding this issue to share awareness for those who are running into the similar issue I was experiencing.

I stumbled upon this forum, https://forum.proxmox.com/threads/not-showing-correct-ram-for-vm.70219/ and I confirmed inside of the Proxmox VM configuration, I had HotPlug enabled for both Memory and CPU.

As soon as I removed this from the VM Option and reboot, it resolved my issue and now I can see the correct Memory Allocation in the PFSense Dashboard.

a312e75c-a55b-48ae-80f0-93883e14f387-image.png

9ba076be-333f-4ac2-aa09-643d53798aef-image.png

I will say that a lot of the bad rep Realtek NICs have is left over from their older 10/100M chips that were truly terrible. The 1G NICs were much better, but that's not saying much. The 2.5G 8125 seems OK from my limited testing.

Still amusing 😉 https://github.com/pfsense/FreeBSD-src/blob/devel-main/sys/dev/rl/if_rl.c#L46