For ease of reading the config and understanding what's happening I would create a VLAN 4091 interface on ix1 and then bridge that with the existing VLAN 4091 on lagg0.
That does mea you need to handle the vlan in the external switch but I would take that just to keep LAN the same throughout.

Then I would re-assign LAN as the bridge and move the filtering onto it so you only have to filter in one place.

However if there's any way you can avoid bridging VLANs I would do that.

Steve

@stephenw10 said in 6100 ix0 and ix1 unable to negotiate with SFP 1G ports?:

I would consider it best practice to not combine tagged and untagged traffic on the same interface if possible. That's for a number of reasons including that applying a setting to the parent can break tagged traffic on it in some cases, though it should not. More often it opens a possibility for traffic to escape a VLAN if something connected to it incorrectly untagging traffic. If that interface will accept and route untagged traffic it can end up being passed incorrectly.
However that isn't the case here because you don't need to add an IP address to the parent NIC or put any firewall rules on it.

Steve

Thank you again! :)

@rvd said in Does SG-1100 limit my internet speed?:

BTW - Is there a reason there's no longer a 3100? Will be there a replacement for it in the future?

Supply chain issues -- our supplier had trouble getting components in the device.

It's replacement is the Netgate 4100.

I installed the horizontal fan. With a closed door, the core temperature dropped to 51 and 47 degrees, but I have seem lower temperatures as well. When I open the door, the temperature is around 42, so maybe there is a bit more improvement possible with increasing the power of the rack top ventilator.

@stephenw10 said in Netgate RCC-VE 8860 and 23.01 Hardware Errata:

The initial bug report that was on our internal redmine (NG 8916) which is why it was repliacted in that todo. I agree though the LED statement needs to be updated.

The Todo I pointed to, which is now closed, was created by Offstage Roller on 2/23/2023 merely as a request to clarify/clean up the already published errata text, not as a replication of a full bug entry for ongoing status, details, etc.

@jch said in SG-3100 23.01 update causes PHP error in system logs settings:

@mcury Thanks ! removing syslog tags resolved this issue.

Good to hear that

Yeah it's untested AFAIK. It's certainly not rated for a wide input voltage like that.

That will work. Or just swap the link out for a cross-over cable.

Yes, you can do that. Though I would first try a clean 23.01 install. The fact it won't factory default sounds more like it didn't complete the upgrade successfully.

Steve

@stephenw10 Thanks. That is exactly the behavior I'm seeing, just wanted to verify.

@rcoleman-netgate

I'd be exhausted, too. PHP 7.x -> PHP 8.x for an ancient PHP app is not a small job. And then FreeBSD 12.x -> FreeBSD 14 in the same swoop, with in-place upgrades where the install base is made up of eclectic hardware.

It's a miracle most of my 2.7.0-dev and 23.01 Rel upgrades worked. For those that did not.... Enjoy Q2 2023 #nosleep

@stephenw10

Hi Steve,
I can confirm that did the trick and firmware upgrade was applied.

Thanks!

The 6100 and 4100 use the i225-v Rev3 (B3) NIC chips which are not affected by that. I've never seen that sort of connection issue in any of the testing I've done.

[23.01-RELEASE][root@4100.stevew.lan]/root: pciconf -lv igc0 igc0@pci0:4:0:0: class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x15f3 subvendor=0x8086 subdevice=0x0000 vendor = 'Intel Corporation' device = 'Ethernet Controller I225-V' class = network subclass = ethernet

Steve

You should open a ticket with us, that does sound like a hardware issue.

https://www.netgate.com/tac-support-request

Steve

I think whatever went wrong with pfsense caused my ubiquity access points to crash which is why I couldn't see the SSID. Once I restored pf sense, and restarted my ubiquity devices, I could see the SSID again.

@davidylau said in Netgate 1100 can no longer update nor install apps (again):

@nguser6947 My EFI partition is 200M, so my system should be OK.

Then you should be fine, lucky you. 🤕 If you don't want to wait to install 23.01 you can reinstall from image, and restore your config, or check back in a couple weeks.

It should still be a static IPv4 address. You always want the firewall to be a static IP so you can always access it even if the dhcp server goes down.
The only interfaces you might want to be a dhcp client would be the actual WAN if it is a DHCP type.

@aaronouthier said in How to use a managed switch with VLANs with SG-1100? basket random:

@rcoleman-netgate
I think I don’t completely understand how VLAN tagging works.

In the photo above, I don’t understand what you did with the “Members” column.

My managed switch has 5 VLANs, ports 2 and 6 are untagged in VLAN1, ports 7 & 8 are untagged in VLAN 5, the rest are untagged alone in separate VLANs, and each VLAN has port 1 tagged.

I’m not clear how to interface with that in pfSense?

It sounds pretty reasonable. I will try it now.

This seems like a good time to try out my shiny new ZFS memory usage boilerplate message.

23.01 can appear to use more memory than expected if you are using ZFS for a few different reasons:

ZFS ARC (Adaptive Replacement Cache) usage is reported differently, though the behavior is similar to older versions #14011. ZFS will give up this cache memory as needed but not always fast enough for certain workloads.

To correct the memory reporting on graphs and the dashboard, install the System Patches package and then create an entry for 0d83ed084a987f3446a0cbdcf249fc5b8722726f to apply the fix.

The first boot after upgrading the ARC usage will be high from all the disk activity during the upgrade. This will gradually lower, or a reboot will make it go back to "normal".

FreeBSD default cron jobs are enabled when they shouldn't be #14016, and run at 3am causing RAM usage from ARC to jump overnight.

To correct this, install the System Patches package and then create an entry for ff715efce5e6c65b3d49dc2da7e1bdc437ecbf12 to apply the fix.

To set limits on ZFS ARC size to reduce the chance of contention for RAM, configure a tunable for vfs.zfs.arc.max to set a limit on how many bytes it can consume, e.g. 67108864 would set a 64MB limit. Also consider setting a "Free Target". Both are explained in detail on https://docs.netgate.com/pfsense/en/latest/hardware/tune-zfs.html.

A reboot is required to fully activate the changes from these patches. The ZFS ARC limit will take effect immediately but the wired memory may not be immediately freed, so a reboot is helpful for that as well.