I did quite a lot of testing on this recently and there is no significant difference between LAN and OPT for throughput to/from WAN. However I use OPT as my main connection here just because I also have it connected to an external switch and it makes changing VLANs on that link a lot easier. You may have no VLANs now but if you have a 1G connection and a number of devices using it you'll probably want to start segregating them at some point. Steve

It probably would work with a 1G NIC in the 7100 but that's not something I've ever tried and I can't test it. 1G NICs are not expensive though it you have the expansion card fitting kit. But more expensive that just using the media converter you have and know works. Steve

Thanks. I figured it out. I wasn't expecting the discrete NIC's. I am all set now.

Oh, they have one for the 5100 as well. It's 1.37U tall which is just a little odd, but otherwise seems slick.

Netgate responded super fast. Provided ver.21.05.1 firmware and clean instructions to reinstall it on the 3100. Whole process was took 15min. I'm back in business

If you are using ix0/ix1 the VLANs work exactly like any other pfSense install. Can you show us how you have them configured? Steve

Yup, I would say the same. Any firewall will handle it, even the 1100, but if you want to use VPNs, filtering, traffic shaping etc and have that many clients I'd go for the 5100. Or the 6100 now. Steve

@andyrh said in New 7100 setup: I moved the WAN by changing the parent interface for the default WAN VLAN. The VLAN on WAN, 4090 by default, only applies to the internal switch. So simply moving the VLAN parent to ix0 or igb3 would only work if VLAN 4090 is defined correctly on the external switch they are connected to. If that's not the case the new WAN interface would be directly ix0 or igb3 without a VLAN. Steve

Yes, it's because you are running the Factory Edition. On that particular hardware you can re-install as CE if you really wanted to but I would not recommend it: https://nyifiles.netgate.com/mirror/downloads/pfSense-CE-memstick-ADI-2.5.2-RELEASE-amd64.img.gz Steve

If it's still flashing all three blue LEDs then it has not booted completely. If it's still flashing orange then it's still seeing an available update so I'd say it didn't complete the upgrade for some reason. I would re-install 21.05.1 clean from there and restore the config. If it didn't complete the upgrade you can never be sure what state it's in otherwise. Check the routing tables: netstat -rn Make sure you have a default route and it's the right one. Steve

@trevorftard Look at Interfaces > Switches > Ports [image: 1629867187056-screenshot-2021-08-25-at-05.51.11-resized.png]

Hello, looks like I had to reinstall the OS. Opened a ticket with negate support and they were able to guide me through the procedure. Thank you

@gertjan Thank you. Did the reinstall and now i can login via SSH.

@cyberminion The SG2100: the default configuration all the ports labelled LAN are on the switch. If you don't do anything all the ports are on the LAN segment. The WAN is a distinct device; default mode is like a good old WRT54G: WAN goes to the Internet, all the LAN ports in the back are switched together. If you want to create a LAN and OPT1 (your original picture) you have to do explicit configuration to create VLANs and Tagging for the different ports on the Switch itself. Unit with separate NICs. Hard to say, it may depend on how the separate NIC devices are connected. Easy to see them connected to an unmanaged switch, if there is no explicit configuration, I think again you wind up with the $5 unmanaged switch from the store. I'm currently behind a SG2440 that has distinct NICs for WAN, LAN/OPT1/OPT2 and I am not going to break my configuration to test the theory :) ( wife would get annoyed at me ) Sometimes the switch devices let you have pullup/pulldown resistors on pins to force a configuration after power on. I don't have the Netgate schematics or the datasheets so can't say if anything like this is being done, but most switch devices I've used default to unmanaged mode after a power cycle. If you have the serial console cable if it breaks you should be able to get to a shell and poke around. If I'm recalling correctly, basically look for a 0 byte config.xml and then look for a backup of config.xml that is non-zero length and simply copy that over to fix it.

Yes, rebooting is a good idea before an upgrade to be sure it will return from that. You should not need to power cycle it normally though. This was a bug in the driver that could put the hardware into a condition it could not recover from. That should have been fixed in 21.05 though. The only time I would expect to need a power cycle is after updating uboot/coreboot. Steve

Ah, good to hear.

@stephenw10 Thanks, this is exactly my case. I'll update that come next maintenance period. <interfaces> <wan> <enable></enable> <if>igb0</if> <blockpriv></blockpriv> <blockbogons></blockbogons> <switchif>switch0.port1</switchif> ...

@jchonig said in Netgate SG-3100 LEDs: @renegade Are you using lockf in your cron script? That's supposed to prevent it from consuming resources. I'm pretty sure the root problem is a kernel bug causing the sysctl and gpioctl commands to hang. I need to find the time to do some debugging. This worked for me for about 18 hours but now the system is completely locked up with the same error so lockf doesn’t appear to do the trick. Edit: Here is the command I was using (just for reference)- /usr/bin/lockf /var/run/gw_leds.lock /root/gw_leds -b WAN_DHCP -A 0,0,16 -C 0,0,16

Good news for Snort users on the SG-3100! The Netgate team has pulled the latest Snort fix for the Signal 10 problem into the pfSense+ 21.05.1 branch: https://redmine.pfsense.org/issues/12157#change-55832. So you should see an updated Snort package show up soon.