Yes, you could do that. A lagg of the two 10G SFP ports is obviously higher bandwidth, potentially at least.

If you don't need that on the LAN then it makes no difference.

Steve

@dyener said in Turn off sg1100:

Do the LED lights behave better in higher-end Netgate models (SG-3100, 5100, 7100, etc.)?

I have one SG-5100 on my desk at the moment (going in production tomorrow) so here we go:

Power up:
1_SG-5100.jpg

Booting pfSense:
2_SG-5100.jpg

pfSense ready to push some packets:
3_SG-5100.jpg

After Shutdown via WebGUI (power still connected):
4_SG-5100.jpg

-Rico

Yeah, there's no hard limit on the number of instances. The total bandwidth is what counts here, the SG-3100 can pass ~100Mbps OpenVPN so you should be OK.
I also agree it sounds like you could use one remote access server for students to connect to but if you needed to use 6 that should also be fine.

Steve

What are you running on the SG-1100 to log the traffic on the span port?

I'm not sure what you're trying there has ever been tested so I couldn't tell you what sort of performance you could expect there.

The OPT port would not need any config to monitor incoming packets, I would set that to 'none'.

Do you have pf disabled?

Steve

I pulled the optional 60GB m.2 SSD and powered it up. It went through the normal boot cycle looking for a location to boot from. Looks like a need an image to load. Will likely need a new m.2 SSD as well unless I can salvage this one. I contacted Netgate and they got back to me within a few hours with the firmware and steps needed to try to recover. Big shout out to Netgate for being supportive and responsive. Will try to recover and get back up and running. Still going to buy an SG-3100 for the additional throughput.

@kiokoman Appreciate the advice, thank you! Trying to get traction on this since noon, with no avail. The post-sales experience for a brand new device is sub-par.

Yeah, it's not required and wouldn't really help anyway. If you start using SWAP you have Squid tuned incorrectly. Any system that starts swapping will usually see a massive performance hit when it does.

Steve

From what I could understand, it's related to auto negotiation.. where the master could force the slave to negotiate from 1000baseT to 100baseTX for an example
I didn't know about this master/slave thing in the auto negotiation process.

Thanks Jimp for your time answering me

@chrismacmahon hi Chris, it is back available. Thank you.

@N8LBV said in SG-2440 boot Failure:

can't load 'kernel'

Yeah that's a bit of a show stopper! 😉

Just for reference if you do use the CE image it needs to be the ADI version which enables the console on com2. If you boot the standard CE memstick you see nothing after the bootloader, though it is still booting at the wrong console.

Looks like you got it anyway but for anyone else you can request a factory image for that device by opening a ticket with us (subscription not required).

Steve

That. 👆

It cannot possibly work unless it's intended to connect to a service that is on the client. (that would be horrible though)

It's nothing pfSense is doing, certainly not related to older vs newer versions. The only way this could have worked in 2.3.5 is if you had a host override for that fqdn.

Steve

@stephenw10 I did get the IPv6 working on 3 VLANs. I was originally using a DHCPv6 64-bit prefix which left no room for subnetting. I asked the ISP (Spectrum) for a 60-bit prefix and got one no problem. My second ISP (TDS) won't be supporting IPv6 for a while but I'll be ready when they do!

Try running ifconfig ix0 -vvvm and the same for ix1.
Make sure it is 'seeing' the modules correctly and the incoming optical signal power.

Some devices require setting 1G fixed link speed to get link in a 10G port.

Steve

Just to follow up: Netgate support did modify my old configuration and it came up just fine on the new router. Fantastic experience, thanks Netgate!

I was afraid I would hear that. As an interim solution I actually did use a media converter (I agree with the "yuck"), because I had an extra one available. In the long run I will most likely get another switch and use that solution.

Thanks for the quick and helpful reply, though!

Open a ticket with us: https://go.netgate.com/

You should always see some output there from uboot if you power cycle it, even if pfSense is not booting at all.

We have seen bad cables that somehow allow the device to be seen but not any actual output. You have already tried a different cable though.

Steve

Yup that.

An m.2 SATA is significantly faster than the eMMC but that really only makes any difference to packages using the storage and boot times.
VPN throughput would not change.

Steve

Difficult to say what the issue was. U suspect it was resolved before you ran the command line update. I would expect it to fail there if there was an issue. The advantage of updating at the command line like that is it gives you some error output that usually tells you why6 packages are not available.

As far as I know there is no current issue with the armv6 pkg repo and hasn't been for some weeks at least.

Steve

That Crucial module is a compatible device. It removing that allowed it to run stable it was probably a bad module.

Steve

I would expect to see ~100Mbps OpenVPN throughput from the SG-3100. About 3x that for IPSec using one of it's hardware accelerated ciphers.
That is very depended on latency, packet size etc.

Steve