In order for pfSense to see the VLANs on its VLAN interfaces on mvneta1, the VLANs must also be tagged on switch port 5, which is the "trunk" link to pfSense on the SoC. [image: 1528682160262-sg-3100-switch.png]

@ivor Well, it's now up to 80% memory usage, blocking on WAN but alerting on LAN. 4GB would have been a trivial cost improvement over 2GB stock. Also, sort fails to start after a reboot. I have to stop the LAN interface and manually start the WAN, let it stabilize, then manually restart the LAN scanning.

Lesson learned for next time you buy any hardware I guess. If your wanting to play with non standard stuff check with the maker of said hardware that your nonstand thing is supported. Even if very common. Sorry wish I could say oh click this, or set that - maybe there is but from what I have been reading about the marvel no not really.

No there isn't a header or unpopulated through-holes/pads for serial. I believe the only viable option would be a PCIe serial card in an m.2 form factor. I attempted to do the same on the SG 2440 which has mini PCIe, but the only product didn't appear to have FreeBSD support so I gave up. Yes, you can add a cellular modem. Unfortunately, most of them don't support NDIS and get crap speeds unless they are connected directly to a machine running Windows. As for a guide, there don't appear to be many so you will have to do some googling and hope for the best. Personally, I'm waiting for generic android tether support. Granted this will probably result in a double nat (or worse) but it will be easy to setup once implemented. https://www.netgate.com/docs/pfsense/solutions/sg-2220/index.html

@ilgtech75 --- Correction it looks like I’d have to disjoin port 9 OR port 10 from Lagg0 and add it to LAGG1 along with 4 of the ethX ports to create the second lagg so that it was connected to the actual PFSENSE… Would this be the correct approach?

I have reached out to support, thanks for the advice everyone.

@ivor said in SG-4860 RED LED's after update to 2.4.0; won't boot: Please submit a ticket to so our support can have a look https://customercare.netgate.com/ Thanks!

@atteast If you're running WAN with IPv6 and/or have Bogons enabled to block on WAN, the next Bogon List Update (bogonsv6) will probably too large and crash those 200.000 entries. For a clean reload of rules etc. the table needs a size of double the count of entries and with bogonsv6 we are already near/around 100k entries. So that's why you can see the GIT commit to change the default from 200k to 400k in future releases :) But yeah, that's not device specific, all our devices/customers ran into that issue in early May. edit: my bad, I read 200k, not 2M as you wrote. That of course is more then enough :)

I have a sg4860 and do not have a gig internet to test with... It doesn't even break a sweat in handling my 500/50 connection. I always see 500+ down.. Your bios is bit dated - I would update that. mine Vendor: coreboot Version: ADI_RCCVE-01.00.00.17-nodebug Release Date: Mon Sep 18 2017 You could try to disable PTI, I don't think it's hit would be that drastic.. But you could try turn it off. How exactly are you testing your speed? [image: 7344347157.png] My buddy has sg4860 as well, and he see's 900's on his ATT fiber connection without any issues.

Hi Please raise a ticket at go.netgate.com so we can help troubleshoot this with you. Thank you, -James

Have gone through those steps to disable IPv6, no change in speeds. And correct, this is just a direct connection to my ISP, no VPN connections.

Yup :)

Several posts with each restricted to a very specific issue is fine IMO. Often easier to diagnose issues like that. Long rambling posts encompassing numerous issues can be hard to follow but do sometimes allow a better overall picture of the issues. If you're not using those 10GbE ports for anything else eight now I'd pick up a direct attach cable and use that to the switch. Assuming they are physically local. Better total throughput in almost any situation. Only drawback there is no failover if that one connection does fail but there are multiple other single points of failure so it's not really an increased risk. Steve

Thank you I received a new message form netgate support since i created this topic. I will send the unit to Austin for replacement.

@stephenw10: What firewall rules do you have on OPT1? That's pretty much the only thing that might prevent it. Steve Yes that was the issue.  Can access GUI from OPT1 now.  Next step is figuring out how to assign a vlan to physical ports on the box.

Hi, i have the exatly same problem at the moment. I'm switching from a homebuilt (not by me) machine with 2 interfaces (WAN and LAN) to a brand new XG-7100. I tried to restore, but i can only choose between ix0, ix1, ix2, ix3 and ovpns1, none of these are my ETH ports. Is it enough to replace the data in the interfaces section, in the backup file, with the data from the interfaces section from the new firewall? Here are the sections from backup files: Old firewall: <interfaces>- <wan><enable><if>em0</if> <blockpriv><blockbogons>- <alias-address><alias-subnet>32</alias-subnet> <spoofmac><ipaddr>dhcp</ipaddr> <dhcphostname><dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced><adv_dhcp_config_file_override><adv_dhcp_config_file_override_path><ipaddrv6>dhcp6</ipaddrv6> <dhcp6-duid><dhcp6-ia-pd-len>0</dhcp6-ia-pd-len></dhcp6-duid></adv_dhcp_config_file_override_path></adv_dhcp_config_file_override></adv_dhcp_config_advanced></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></dhcphostname></spoofmac></alias-address></blockbogons></blockpriv></enable></wan> <lan><enable><if>em1</if> <ipaddr>192.168.200.1</ipaddr> <subnet>24</subnet> <spoofmac></spoofmac></enable></lan></interfaces> New firewall: (XG-7100) <interfaces>- <wan><enable><if>lagg0.4090</if> <ipaddr>dhcp</ipaddr> <ipaddrv6>dhcp6</ipaddrv6> <gateway><blockpriv>on</blockpriv> <blockbogons>on</blockbogons> <media><mediaopt><dhcp6-duid><dhcp6-ia-pd-len>0</dhcp6-ia-pd-len></dhcp6-duid></mediaopt></media></gateway></enable></wan> <lan><enable><if>lagg0.4091</if> <ipaddr>192.168.200.1</ipaddr> <subnet>24</subnet> <ipaddrv6>track6</ipaddrv6> <subnetv6>64</subnetv6> <media><mediaopt><track6-interface>wan</track6-interface> <track6-prefix-id>0</track6-prefix-id></mediaopt></media></enable></lan> <opt1><if>ix0</if> -</opt1> <opt2><if>ix1</if> -</opt2></interfaces>

If it hangs at: iPXE (http://ipxe.org) 06:00.1 C200 PCI2.10 PnP PMM 7F67E150 7F5DE150 C200 Press ESC for boot menu. Booting from Hard Disk... harddrive_index=0 / Then you probably have a console speed set in the config you imported that isn't 115200bps. You can check the config file directly or try some likely suspects like 9600 or 38400. Steve

Using dynamic VLANs will require all of those VLANs to be tagged and configured to pfSense. But if that is the case it is likely just a matter of getting the correct RADIUS Reply Attributes from the RADIUS server to the AP and/or Controller software. (not sure what is actually talking to the RADIUS server on the UBNT gear)

On an SG-8860 you need the image with ADI in the name to get the correct console output if you restore it. No menu at the console can be a symptom of filesystem damage where the /etc/ttys file affected. You can try booting to single user mode and manually running fsck a number of times but unless you have good reason not to I recommend re-installing. If you bought that device from us please open a support ticket and we can help you with that: https://go.netgate.com Steve