@winksaville said in Netgate 1100 with LAN + OPT switch only partially working:

Therefore I'd expect those two ports to always be operational, no matter which port is occupied when.

Well, yeah.

This guid https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/configuring-the-switch-ports.html - for me - should do what you want :

By default, LAN and OPT are two separated interfaces.
You want them to be 'switched' :

The final blue note now applies :

Unlike software bridging, traffic between ports 1 and 2 will never leave the switch chip so it will perform at switching speed. The firewall cannot filter traffic between the two ports as pfSense® Plus software will never see it, as with any other (external) switch.

What happens when you connect you alternate a device / cable to these two devices : I don't know.

Btw : what did you saw in the DHCP server log ?
Does the device get the same IP assigned upon connect to each of these ports ?
There should only be on interface listed under DHCP-server tab : the 'LAN' as you only have now just one network.
This network is set to 192.168.1.1/24, right ?

A last resort :
Boot to default.
Do what the guide says.
Now reboot.

Yes, port VLAN mode is more like an unmanaged switch, everything is passed to everything. Though it can be configured as multiple separate switches. Unlikely you'd every do that with only 4 ports.
802.1Q mode is like most managed switches and ports can be configured as trunk (tagged) or access (untagged) within that.

Steve

Yes, just back it up from the gui in Diag > Backup/Restore. That's why the config is all stored in on xml file.

The issue has been resolved VERY quickly by a competent member of the Netgate TAC support team. Many thanks at this point!

SteveITS was right about the hardware changes.

The problem was that I bought the 7100 box from a German distributor and ordered an additional 4x1GBe PCIe card. This card was installed by the distributor, so the NDI changed. The distributor did not re-register the box with the new NDI before shipping it to me.
Since this was the first software update for this box, the problem surfaced now.

Thanks again for the help on this forum and to the TAC support team!

BR, Ulli.

@rcoleman-netgate said in New Netgate 6100 device no TAC Lite:

@defenderllc Nothing should happen - the update checks send the serial number as well. But if it does -- open a ticket.

Thanks man. I won’t ask for this again if I end up buying an 8200 when they come back in stock. I’d like the extra cores and RAM.

@roci yeah any AP would work.. even some old wifi router being used as just an AP, turn off its dhcp server and connect it the network via one of its lan interfaces.

What I would suggest if your in the market for an AP, is get something your sure you can do vlans with - even if your not doing anything with vlans today, you never know what tomorrow will bring.

There are many people around here that use the unifi AP.. and while I am very happy with mine - they work great, and have had no issues with them.

When it comes time to move to AX or beyond that - not sure if will stick with them.. Not a fan that their AX models only have a 1 gig interface.. Unless you get the 6 enterprise model which isn't all that cheap.

And getting frustrated with lack of tls 1.3 in their controller software, and failure to update the ssh version on their AP that still old version from 2020 still.. This has fallen behind in cipher support, etc. None of these things are show stoppers, still very happy with the AP I have and their performance and features for the price I paid, etc. But little things are starting to add up that might me to look else where when it comes to updating my current AP.. Which is still a way down the road..

That looks like an eMMC failure. You should open a ticket with us if you have not already:
https://www.netgate.com/tac-support-request

Steve

The solution and what made this work in the end was me finding a misconfiguration in the SG-2100 switch. I had sadly missed to add the vlan I needed to use to the port I was connected to, therefore not seeing the tags. //

@sjcjonker said in Netgate 4100 - Fatal trap 12: page fault while in kernel mode:

At least I can decommission the Raspberry-PI doing console logging.

Wait 👍

A syslogger is always a nice thing to have. I'm using one : my NAS.
When things go downhill, chances are great that logging accelerates.
And when you finally take a look at the "what when who where" you'll notice that the interesting events were just rotated into /dev/null

@viragomann said in Problems with Proxmox/vlan-tagging/SG-2100 Switch config:

@furom said in Problems with Proxmox/vlan-tagging/SG-2100 Switch config:

I tried a laptop in a switch port for the same VLAN I set for the VM, and although it per definition is getting it untagged,

The switch port, which is connected to Proxmox is a trunk with tagged VLANs as I understood so far.
If so and you connect a device to it, you have to configure its NIC for VLAN.

Can you post your interface settings of pfSense, please?
Status > Interfaces

Which interface did you run the packet capture?

I got it working (!) while composing the answer to you! Thanks a lot!! It turned out to be a misconfiguration on the 2100-switch after all, I had not added the vlan to the port I am using... Having done that it now works as it is supposed to. This feels really great, and I am sorry for all the trouble, but very grateful for such a great forum and to all that has tried (and) helped!

Thanks !

@steveits six of one, half dozen of the other. Redmine allows for interaction and feedback though.

Yup it should appear on a connected device even when not powered. For example in Linux:

[71844.486050] usb 1-4.3: new full-speed USB device number 17 using xhci_hcd [71844.587198] usb 1-4.3: New USB device found, idVendor=067b, idProduct=2303, bcdDevice= 4.00 [71844.587212] usb 1-4.3: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [71844.587218] usb 1-4.3: Product: USB-Serial Controller D [71844.587222] usb 1-4.3: Manufacturer: Prolific Technology Inc. [71844.654783] usbcore: registered new interface driver pl2303 [71844.654791] usbserial: USB Serial support registered for pl2303 [71844.654803] pl2303 1-4.3:1.0: pl2303 converter detected [71844.656068] usb 1-4.3: pl2303 converter now attached to ttyUSB0

Steve

It was in the thread title. 😉

That's also fine as long as you have not installed to eMMC at any time.

The only problem you might face is that if you install as ZFS with the default pool name (pfSense) to both eMMC and m.2 you can end up mounting root from the wrong drive.

Steve

I can confirm I have seen this issue where even after it has been updated the led continues to flash for an update. The pkg clean pkg update pkg upgrade fixed the issue for me

@mvikman I'll try in the office next week - they have all the tools, no point in my buying anything ;-)
In the mean-time, I found a shorter cable in my own stash.

I will update this thread once I have more parts.

Thanks everybody so far!

It doesn't abort, it just hangs, even if you exit the download client and reload, It just sits there at 92-99 %.

It will complete if you switch your internet source away from the SG-2100, even a cell phone's hot spot completes the download in just a few seconds.

PaulDG

@jonathanlee said in SG2100 wan speed:

It should handle this

Mmmm... it's not going to do 964 Mbps from the Internet. Some of the tests are run without NAT, without firewall, etc. At some point Netgate used to have the test info, and it may still be somewhere but I don't know it offhand.

Usually I estimate about halfway between the "firewall" speeds on the product page:

IPERF3 Traffic: 964 Mbps IMIX Traffic: 249 Mbps

I haven't maxed out a 2100 yet. I just did a rather unscientific test using a speed test from my eero (bridged through pfSense; my PC isn't wired) that got around 65-70% CPU usage at 430 Mbps down mid-day. That's without Suricata/Snort.

We had a client with an older 2440 model I think it was that hit 95-100% CPU usage, with Suricata enabled, around 350 Mbps as I recall.