Open a ticket with the Netgate support: https://go.netgate.com/

-Rico

Well theres my problem...
I was caught up in configuring the port itself I forgot to add the port to the vlan group!

Communication is now working.

As always, thank you for the help!

port6:
pvid: 130
state=8<FORWARDING>
flags=0<>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
laggroup0:
members 9,10
vlangroup1:
vlan: 130
members 7,8,9t,10t

This sounds like a "Buyer Beware" warning to me. Yes, it did say on the web store page "INCLUDED USB KEY WITH PFSENSE CE 2.4.4" but one would need to be very knowledgeable about the Netgate product family to know the differences between a "factory" version of pfSense and the CE version and that additional packages came with the factory version.

Hi John,

Thanks for your reply. I only really need it primarily as a DNS black hole which it works well with as well as redundancy for 4G failover and a secondary network for guest access. I thought I'd messed up and couldn't stop NtopNG permanently from the dashboard but got that sorted.

Not really interested in traffic monitoring at the moment but it's useful to know it's there should I need it.

Thanks again!

Best regards,

Richard

My Inet got 1000/50 to, but with limiter (codel) and no negativ ping issue, i got 600-700MBit off it.

If i drop the Limiter, i got round 800MBit but no cpu Limit reached at any time.

Cabel connections are shared and if you go for max speed you depend on the segement load. If this is to high, your ping go up in the sky.

@johnpoz
Thank you. This was so obvious but because I was only looking for DHCP server V6 I did not see it listed with a slight difference as it had something else. Thanks, it worked and I am happily using my new subnet.

No problem. Let us know if you have any problems restoring that.

Steve

Maybe your rules aren't loading?

https://redmine.pfsense.org/issues/10861

@ckcoder Thank you, two used cables gave me the same error which left me frustrated, and your reply drove me to open a package with a new cable which worked.

So, I turned on DHCP and low and behold, that worked. So I went back and put a static in and now that works. Rebooted a couple times to make sure it stayed working and it did.

Have no idea what was hung. But thanks for verifying I had everything above correct. Hopefully someone else can use it for configuring it themselves. The documentation out there is good, but not great for a more top to bottom of the type I needed...

Anyway, thanks for the help....

On Netgate's advice I rebooted the device and the CPU usage dropped back to less than 10% The only thing I can think of is that I leave the bandwidth monitor up all the time and that somehow created rogue processes. I guess I will not do that now.

I also updated the software to the latest version (2.4.5-RELEASE-p1) from 2.4.4p3 but I don't think that was the issue.

Thanks for everyone's help.

I think I figured it out.

Using VLAN probably is the best way to do it.
Only thing is that the firewall makes it confusing with the 4090 and 4091.

You can certainly try that.

Installing clean is a relatively quick and easy process if you have access to the serial console. I would probably go straight to that to be sure.

https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/connect-to-console.html

Steve

@Rico - Thanks for all your help and the link Rico!

Regards, Roy...

Don't do that, it's a terrible idea!

The interfaces need to match so you would need to create a single interface LAGG in the SG-1100 and move all your VLANs to that.

Those boxes are massively mismatched in just about every other respect. You could easily load the SG-7100 with rulesets that will kill performance on the SG-1100.

The nodes in an HA pair should be as close to identical as possible.

Steve

In general pfSense works better when it's routing between subnets so before you do this be sure you need to configure it as a transparent firewall.

A transparent firewall can be achieved simply by bridging two interfaces. You generally want to filter traffic between them so the bridge sysctls can be left at the default values filtering on the bridge member interfaces.
The biggest issue with configuring it is that if you don't have access via another interface you will almost certainly lock yourself out of the firewall during the setup, it's very easy to do. So the first thing to do here is make sure you have access to the firewall via some other interface.
What are you connecting between? Can you use the SFP interfaces?

Once you have that access simply create a bridge and add the two ports to it.
Be sure to only have an IP address on one of the interfaces (including the bridge if you assign it).
Be aware that firewall rules including system aliases like LANnet may not be valid if the LAN no longer has an IP.

Steve

@noisybloke said in SG-3100 hardware check:

Coming from domestic routers it was a shock when I learnt that it can't handle power interuptions well.

These domestic routers do not have a file system as what you would find on PC or NAS.
pfSense could be run from ROM with minimal dynamic data storage, and some NVRAM for the config, but in that case upgrading would be far more complicated, no more packages, and no more dynamic data views. It would become just another SOHO router.

Rip out the power cable of your PC : after a couple of times your PC will complain, if it still boots.

@noisybloke said in SG-3100 hardware check:

(1 noticeable power cut every few years

You are wired up yourself ? ;)
A blackout that kills all the lights is just one example of a power outage. The oned that 'hurt' a system a far more common.

Btw : still, power issues rarely actually kill a device physically. It's just wrong data getting written on the wrong place or something like that. Rebuilding (reformatting) the disk will take care of things. Just make sure your config is saved regularly. I've one of my PC's running a small program that logs in using SSH, executing the 'Diagnostics > Backup & Restore', retrieve the complete config, save the file and log out. A set it and forget it installation.
Take note of the "Netgate Device ID" and the 'Device key' which is useful to retrieve a backup of what has been send to Netgate's remote backup storage, see Services > Auto Configuration Backup > Restore

@Rico : I did as suggested and everything is working fine now.