pfSense on Watchguard M270

stephenw10

Yes, that is it shown above.

deadare321

@stephenw10 any chance you can share what that setup script looks like? I've got pfsense running no problem but can't get any of the interfaces functioning.

stephenw10

The script looks like this:

#!/bin/sh
#
# Script to setup the switch in the M270
#
# SteveW 5/6/2020
#

echo "Configuring switch..."
logger Configuring switch...

etherswitchcfg vlangroup1 vlan 1 members 9
etherswitchcfg vlangroup2 vlan 2 members 3,4,5,6,7,8,10
etherswitchcfg vlangroup3 vlan 3 members 2,4,5,6,7,8,10
etherswitchcfg vlangroup4 vlan 4 members 2,3,5,6,7,8,10
etherswitchcfg vlangroup5 vlan 5 members 2,3,4,6,7,8,10
etherswitchcfg vlangroup6 vlan 6 members 2,3,4,5,7,8,10
etherswitchcfg vlangroup7 vlan 7 members 2,3,4,5,6,8,10
etherswitchcfg vlangroup8 vlan 8 members 2,3,4,5,6,7,10
etherswitchcfg vlangroup9 vlan 9 members 1
etherswitchcfg vlangroup10 vlan 10 members 2,3,4,5,6,7,8

etherswitchcfg port1 forwarding
etherswitchcfg port2 forwarding
etherswitchcfg port3 forwarding
etherswitchcfg port4 forwarding
etherswitchcfg port5 forwarding
etherswitchcfg port6 forwarding
etherswitchcfg port7 forwarding
etherswitchcfg port8 forwarding
etherswitchcfg port9 forwarding
etherswitchcfg port10 forwarding

echo "done"
logger done

But it will only run in Plus. None of the switch stuff is in CE.
It's still not really perfect there. The required loader hints are lost at upgrade currently.

Steve

ozon08

Hey, i bought a Watchgaurd M270 and installed pfsense on a new mSata drive, activated pfsense plus home.
After i stick it in the M270, it boots up but ich can not config the etherswitch.
I get this error:

etherswitchcfg: Can't open control file: /dev/etherswitch0: No such file or directory

stephenw10

You need the loader hints to create the switch device. Add these lines to /boot/device.hints:

hint.mdio.0.at="ix1"
hint.e6000sw.0.addr=0
hint.e6000sw.0.is6190=1
hint.e6000sw.0.port0disabled=1
hint.e6000sw.0.port9cpu=1
hint.e6000sw.0.port10cpu=1
hint.e6000sw.0.port9speed=2500
hint.e6000sw.0.port10speed=2500

Unfortunately as I said those are lost at upgrade. The file handling for the 7100 switch adds/removes those lines when needed and the m270 is not recognised. Been a while since I looked at it though. Might be different in 22.01.
Edit: Nope still removed at upgrade so you need console access to add it back.

Steve

ozon08

@stephenw10 thank you.
My Switch is now working, but is ix1 wan and lan port or is ix0 wan and ix1 lan?

stephenw10

If you used the script I posted above WAN should be ix0 and connects to port 0.
LAN should be ix1 and connects to ports 1-7.

Of course you can change that to be however you want. Add VLANs to get 8 separate interfaces/ports for example.

Steve

sorcefm

This post is deleted!

sorcefm

This post is deleted!

ozon08

@stephenw10 Perfect. Now everything is running.
Thank you very much Steve

ozon08

Did anyone update to pfsense plus 23.x?
@stephenw10 can you help me?

stephenw10

It will run 23.01 just fine but, as mentioned, the device hints required for the switch will be lost at upgrade.
You will need to add them back at the console after the reboot. That might be twice coming from 22.05.

Steve

ozon08

@stephenw10 i did this with the hints and the etherswitch config but it didnt work. The Links are up but no connection to the network

stephenw10

Also this applies as it's the same switch: https://redmine.pfsense.org/issues/13993
Unlikely you would hit it unless you have two in HA with a direct link.

stephenw10

Check etherswitchcfg shows the correct switch config.

ozon08

@stephenw10 what show etherswichcfg show me?

stephenw10

It should show you the current config for the switch.
If it just errors then the switch hasn't been setup correctly.
If it shows something but it's incorrect then the switch setup script probably didn't get run by the shellcmd.

The actual output depends how you have it setup.

ozon08

@stephenw10 port9 and port10 is in state 1. is it correct?

stephenw10

If you're using my example script above where the WAN is port 1 and LAN is ports 2-8 then it should look like:

[23.01-RELEASE][root@m270-2.stevew.lan]/root: etherswitchcfg
etherswitch0: VLAN mode: PORT
port1:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
port2:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port3:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port4:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port5:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port6:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port7:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port8:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port9:
        state=8<FORWARDING>
        flags=1<CPUPORT>
        media: Ethernet 2500Base-KX <full-duplex>
        status: active
port10:
        state=8<FORWARDING>
        flags=1<CPUPORT>
        media: Ethernet 2500Base-KX <full-duplex>
        status: active
vlangroup1:
        port: 1
        members 9
vlangroup2:
        port: 2
        members 3,4,5,6,7,8,10
vlangroup3:
        port: 3
        members 2,4,5,6,7,8,10
vlangroup4:
        port: 4
        members 2,3,5,6,7,8,10
vlangroup5:
        port: 5
        members 2,3,4,6,7,8,10
vlangroup6:
        port: 6
        members 2,3,4,5,7,8,10
vlangroup7:
        port: 7
        members 2,3,4,5,6,8,10
vlangroup8:
        port: 8
        members 2,3,4,5,6,7,10
vlangroup9:
        port: 9
        members 1
vlangroup10:
        port: 10
        members 2,3,4,5,6,7,8

stephenw10

Ah, now I recall I had to add those ports to the script in 23.01!

#!/bin/sh
#
# Script to setup the switch in the M270
#
# SteveW 5/6/2020
#

echo "Configuring switch..."
logger Configuring switch...

etherswitchcfg vlangroup1 vlan 1 members 9
etherswitchcfg vlangroup2 vlan 2 members 3,4,5,6,7,8,10
etherswitchcfg vlangroup3 vlan 3 members 2,4,5,6,7,8,10
etherswitchcfg vlangroup4 vlan 4 members 2,3,5,6,7,8,10
etherswitchcfg vlangroup5 vlan 5 members 2,3,4,6,7,8,10
etherswitchcfg vlangroup6 vlan 6 members 2,3,4,5,7,8,10
etherswitchcfg vlangroup7 vlan 7 members 2,3,4,5,6,8,10
etherswitchcfg vlangroup8 vlan 8 members 2,3,4,5,6,7,10
etherswitchcfg vlangroup9 vlan 9 members 1
etherswitchcfg vlangroup10 vlan 10 members 2,3,4,5,6,7,8

etherswitchcfg port1 forwarding
etherswitchcfg port2 forwarding
etherswitchcfg port3 forwarding
etherswitchcfg port4 forwarding
etherswitchcfg port5 forwarding
etherswitchcfg port6 forwarding
etherswitchcfg port7 forwarding
etherswitchcfg port8 forwarding
etherswitchcfg port9 forwarding
etherswitchcfg port10 forwarding

echo "done"
logger done