Beyond the switch config detailed here you only need to create the VLAN interfaces on mvneta1 and apply firewall rules as required.
Are you seeing any particular problem?
@bkseitz 2.5.2 is the numbering used for Community Edition (CE). Since you have a Netgate appliance, you are being migrated to pfSense Plus which is currently at 21.05. Plus is the same as CE with a few minor additions.
I swapped cables, swapped the firewall for a white box pfSense, swapped the firewall with a UniFi USG, placed a switch in between the firewall and the ISP, and the interface was still flapping. The ISP is a WISP. They supposedly swapped out the radio on top of the roof, but it was still flapping. I wanted them to replace the cable and the PoE injector, but they didn't. We ended up hard setting the speed/duplex to 100 FDX and the connection is better, but still not perfect. The customer is going to be changing ISPs.
EDIT: Managed to solve this via Support. Needed to reinstall PFSense via the 'run recovery' command. Hit a snag with one of my USB drives, but the 'reset usb' command (x3) , as well as a different drive fixed the issue.
Go here and create a ticket: https://go.netgate.com/. You can use the Sign-Up link under "Your Tickets" to create an account if you don't already have one. There is no charge for providing a Netgate appliance image. You will need to have, and provide, the Netgate ID and Serial Number of your appliance, though.
@jimp It's a netgate (Super Micro C2758), probably 4-5 years old? We are ordering a new (7100?) pair to replace these, but I was hoping to check which hardware fault it might be.
I can't reproduce any problem like that here, where I could easily reproduce the error before.
If you haven't yet, after you have updated miniupnpd manually as described above, reboot the router to ensure the correct copy is the only one being used.
It's also possible there is a lot of local traffic hitting UPnP/NAT-PMP and it's just busy at the time you noticed it.
The putty interface can be confusing at times. It's all too easy to think you're opening a serial connection when in fact it's just showing you the serial settings and the session is still set as SSH.
It probably is fixed by https://redmine.pfsense.org/issues/11748 which means it would be OK on the latest version of pfSense Plus on the 3100. Is it running 21.05 or something older?
@gertjan I have not tried this as the eMMC is not even supposed to be in-use. I'll have to schedule time for a reboot + check. Even though the log is being spammed with errors, the SG-5100 is working and many people need the VPN gateway to work remotely
Yes, I saw the miniupnpd errors in my logs... but every time I try to paste them into this ticket, it is refused claiming its spam. Hence my GRRR comment up the chain :)
I've applied the fixed in the upnp-broken ticket and will see how it goes.
I did find an preorder ad since posting this that clarifies there are 8 independent and flexible WAN/LAN ports. Just my OCD goes crazy when I see it labeled all WAN LOL.
Too bad not available until September because I may need to order another SG-5100 soon, since it is the same price seems like a much better device.
Is SG-5100 still going to be around or is SG-6100 the replacement?
