New Fiber install, fresh Pfsense install, only getting 20Mbps up/down
-
I have a 500/20 package from my ISP and have seen over 900 down. The problem is not with pfSense.
-
@jknott Well, yeah. Getting over 400Mbps isn't a problem. If you were getting 400Mbps less then I think you would agree that it is a slight issue.
I'm not going to play the "My software is perfect" game here. We do need to explore the reality of the situation. There are fringe case devices that do not play well together regardless of how perfect you think your software is.
Like I was suggesting, I am highly suspect this offbrand SFP device that came with the converter.
-
I wouldn't expect anything the converter is doing to affect the connection. As long as it's linked correctly on both sides. But clearly something is happening.
You might try running a packet capture just to see if there is anything obvious being sent.
Steve
-
Ok, I found something. Turns out the ISP router is getting a different remote gateway then the Pfsense router. I'm going to try directing it to that gateway and see what happens.
-
Interesting....
the ISP router is getting a gateway IP of 192.24.57.1 and the Pfsense box is getting a gateway IP of 172.31.16.1
If I try to point it towards the Gateway of the ISP router, Pfsense tells me that The gateway address 192.24.57.1 does not lie within one of the chosen interface's subnets.
-
Damn no dice.
I found the setting to use out of range IP's in advanced, but even setting it to default gateway it still uses 172.31.17.1
-
Noticed another discrepancy. ISP router does not connect IPv6. So I turned it off in Pfsense. No effect, still 20Mbps.
-
Really at a loss of what to do now.
Here is the entire connectivity screen from the ISP router. Maybe one of you can see something I am not.
INTERNET
Internet Status
Internet Status reflects the status of the ISP connection.Connection Status
IPv4 Connection Connected
IPv6 Connection DisconnectedInternet Settings
The table below displays the current state of the Internet connection and settings.Internet Setting Status
IPv4 WAN Protocol dhcp
IPv6 WAN Protocol dhcpv6
MTU Size 1500
MSS Size 1460
TCP Connection 109
RWIN Size 163840
Packets Sent 4568070
Packets Received 11488214IPv4 Addressing
The table below displays currently assigned Internet connectivity settings for the device.Parameter Status
Device IPv4 Address 192.24.57.117
Device IPv4 Subnet Mask 255.255.255.0
DNS Address #1 8.8.8.8
DNS Address #2 64.235.98.226
Remote Gateway Address 192.24.57.1
Link Uptime 0D 0H 0M 44S -
@jddoxtator said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
Interesting....
the ISP router is getting a gateway IP of 192.24.57.1 and the Pfsense box is getting a gateway IP of 172.31.16.1
If I try to point it towards the Gateway of the ISP router, Pfsense tells me that The gateway address 192.24.57.1 does not lie within one of the chosen interface's subnets.
Your ISP router is likely using a certain tagged VLAN on its interface since it lands in a different subnet and gets a different Gateway.
Your pfsense by default uses the untagged native VLAN of the interface.Try using the ISP router, quickly switch to the pfSense and do a packet capture in promiscous mode (diagnostics -> packet capture).
See if you capture any frames with a VLAN tag that indicates what VLAN you should be usinng -
Ok, I captured packets from WAN with nothing attached to make sure there was no activity, then started a new capture and unplugged the WAN from the ISP router and directly plugged it into the WAN on the Pfsense router
This is what I got after 30 seconds of capture:
02:28:01.732611 DTPv1, length 38 02:28:02.699840 ARP, Request who-has 192.24.57.1 tell 192.24.57.117, length 28 02:28:02.731372 DTPv1, length 38 02:28:03.429465 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:28:03.733838 DTPv1, length 38 02:28:04.264595 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:28:04.796229 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:05.302364 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:28:05.773757 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36 02:28:06.372418 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:28:06.683297 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36 02:28:06.816486 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:08.433281 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:28:08.473367 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36 02:28:08.822134 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:10.838025 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:11.155034 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:28:11.194577 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:28:12.003469 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36 02:28:12.854932 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:14.882978 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:16.901047 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:18.975871 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:19.022785 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36 02:28:20.998571 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:22.254055 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:28:23.002261 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:24.361084 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300 02:28:25.030319 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42 02:28:27.049727 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42It looks like a bunch of spam of IP 0.0.0.68 complaining about topology change. What is interesting is the bridge ID. Is that Pfsense or the ISP gateway?
-
@keyser said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
Try using the ISP router, quickly switch to the pfSense and do a packet capture in promiscous mode (diagnostics -> packet capture).
See if you capture any frames with a VLAN tag that indicates what VLAN you should be usinngDoes that work?
I assumed you would need to put a managed switch in the WAN line, configure port mirror, then do a packet capture on that. -
@patch said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
@keyser said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
Try using the ISP router, quickly switch to the pfSense and do a packet capture in promiscous mode (diagnostics -> packet capture).
See if you capture any frames with a VLAN tag that indicates what VLAN you should be usinngDoes that work?
I assumed you would need to put a managed switch in the WAN line, configure port mirror, then do a packet capture on that.Depends: If your ISP is routing at the edge (ie: where your fiber is linked), then no, because the switching of boxes causes a link down which takes the routing/VLAN interface down in their equipment. But here in DK, the edge equipment is quite often only a stupid L2 bridge device, and then the quick switch usually sees a bunch of TCP retries and what not from existing sessions being transmitted down your line where you can see the VLAN tag.
So it was just an attempted quick fix.
-
@jddoxtator said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
Ok, I captured packets from WAN with nothing attached to make sure there was no activity, then started a new capture and unplugged the WAN from the ISP router and directly plugged it into the WAN on the Pfsense router
This is what I got after 30 seconds of capture:
02:28:01.732611 DTPv1, length 38
02:28:02.699840 ARP, Request who-has 192.24.57.1 tell 192.24.57.117, length 28
02:28:02.731372 DTPv1, length 38
02:28:03.429465 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:03.733838 DTPv1, length 38
02:28:04.264595 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:04.796229 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:05.302364 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:05.773757 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36
02:28:06.372418 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:06.683297 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36
02:28:06.816486 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:08.433281 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:08.473367 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36
02:28:08.822134 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:10.838025 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:11.155034 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:11.194577 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:12.003469 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36
02:28:12.854932 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:14.882978 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:16.901047 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:18.975871 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:19.022785 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36
02:28:20.998571 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:22.254055 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:23.002261 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:24.361084 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:25.030319 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:27.049727 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42It looks like a bunch of spam of IP 0.0.0.68 complaining about topology change. What is interesting is the bridge ID. Is that Pfsense or the ISP gateway?
Well we can’t decode everything from this as that is only a summary “overview” of the capture. You need to open it in Wireshark or another pcap decoder application.
However, a few things is obvious. Your ISP is not your average setup since they run Spanning Tree to the client edge - that’s a new for me - never seen that before :-)
But there is also Cisco dynamic trunking protocol frames on the wire, so it seems your ISP is running some VLANs on the wire.The funny thing though… all the 0.0.0.0:68 frames is your pfSense trying to aqquire a IP address via DHCP - it doesn’t get any. So there is no Internet available to it - how on earth are you testing with success albeit very slow speed?
Love the no fuss of using the official appliances :-)
-
@keyser Also, the very first ARP frame (the second frame in the capture) is very interesting. I fail to understand how that frame was generated since your pfSense does not have an IP address at this time - and certainly not the public IP address your ISP box had when it was connected.
We want your pfSense to aqquire that IP - or another public IP in the same range - via DHCP, but that has not happened at that time in the capture.
It also seems to be an inbound frame instead of outbound…. So it’s just strange. But it might have our needed VLAN tag attached, so inspect that frame in Wireshark. -
@jddoxtator said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
@patch The ISP configures it with DHCP, MAC address and an IP alias. The gateway is picked up automatically.
Converter is UMC-GA1F1T some FS-unlimited brand. The router is just a bog standard consumer router.
Just looked that converter up, and it is a L2 Ethernet media converter. You should be able to simply move the SFP fiber module to a SFP port in your pfSense (if it has any).
As I read your posts, you have already tried that unsuccessfully because your NIC does not recognise the SFP.But even if you get a compatible SFP for your pfSense NIC, you still need to figure out which VLAN tag to use on your WAN interface in pfSense.
-
@jddoxtator Ahhh, think I just figured your strange packet capture. You had the ISP router connected to a switch, and the switch to the media converter right?
You then disconnected the ISP router from the switch the same time you connected your pfSense right?Then the first ARP frame is a broadcast from your ISP router because you had them both connected for a brief split second. And all the Spanning tree frames are from your switch…. :-)
AND: if that’s the case then the ARP frame should have your needed VLAN tag attached. So download and install Wireshark on your machine. Download the packet capture from your pfSense and open it in Wireshark. Inspect the ARP frame, and look at the Ethernet VLAN tag on that frame.
You then need to create that VLAN number on your pfSense, and reassign your WAN interface to that VLAN number on the NIC connected to the switch/media converter.
-
The ISP's router has to be within the address range you get. You can't just change the router address and expect it to work.
-
@keyser
Ah, This is very helpful.I am assuming that the ARP IP address is related to the fact that I have set the gateway manually to the same one as the ISP router and forced static IP for the gateway.
There was no switch between the converter and the ISP router before the WAN port was switched over to the WAN port on the pfsense device.
I will download this Wireshark you speak of and see the details.
Edit: Slight problem... I run Linux on all my devices, is there a wireshark for linux?
Edit2: nvm found it. -
My mistake, the ARP request came from some Calix device.
Here is the expanded log:
1 0.000000 Cisco_89:a0:f6 CDP/VTP/DTP/PAgP/UDLD DTP 60 Dynamic Trunk Protocol
2 0.967229 Calix_6b:e8:f7 Broadcast ARP 42 Who has 192.24.57.1? Tell 192.24.57.117
3 0.998761 Cisco_89:a0:f6 CDP/VTP/DTP/PAgP/UDLD DTP 60 Dynamic Trunk Protocol
4 1.696854 0.0.0.0 255.255.255.255 DHCP 342 DHCP Request - Transaction ID 0xa4d00549
5 2.001227 Cisco_89:a0:f6 CDP/VTP/DTP/PAgP/UDLD DTP 60 Dynamic Trunk Protocol
6 2.531984 0.0.0.0 255.255.255.255 DHCP 342 DHCP Request - Transaction ID 0xa4d00549
7 3.063618 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
8 3.569753 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x1c1ffc0e
9 4.041146 fe80::3eec:efff:fe70:1cf5 ff02::1:2 DHCPv6 98 Information-request XID: 0x0163ec CID: 0001000129f61dd33cecef701cf5
10 4.639807 0.0.0.0 255.255.255.255 DHCP 342 DHCP Request - Transaction ID 0xa4d00549
11 4.950686 fe80::3eec:efff:fe70:1cf5 ff02::1:2 DHCPv6 98 Information-request XID: 0x0163ec CID: 0001000129f61dd33cecef701cf5
12 5.083875 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
13 6.700670 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x1c1ffc0e
14 6.740756 fe80::3eec:efff:fe70:1cf5 ff02::1:2 DHCPv6 98 Information-request XID: 0x0163ec CID: 0001000129f61dd33cecef701cf5
15 7.089523 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
16 9.105414 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
17 9.422423 0.0.0.0 255.255.255.255 DHCP 342 DHCP Request - Transaction ID 0xa4d00549
18 9.461966 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0x1c1ffc0e
19 10.270858 fe80::3eec:efff:fe70:1cf5 ff02::1:2 DHCPv6 98 Information-request XID: 0x0163ec CID: 0001000129f61dd33cecef701cf5
20 11.122321 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
21 13.150367 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
22 15.168436 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
23 17.243260 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
24 17.290174 fe80::3eec:efff:fe70:1cf5 ff02::1:2 DHCPv6 98 Information-request XID: 0x0163ec CID: 0001000129f61dd33cecef701cf5
25 19.265960 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
26 20.521444 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0xa45704e7
27 21.269650 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
28 22.628473 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0xa45704e7
29 23.297708 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814f
30 25.317116 Cisco_89:a0:f6 PVST+ STP 64 Conf. TC + Root = 24576/85/7c:69:f6:f2:da:40 Cost = 2 Port = 0x814fNot a network engineer, so not exactly sure what I am looking at, but I don't see anything that specifically references VLAN. Unless PVST+ is some kind of VLAN like protocol.
Editr: Search is your friend. It appears that PVST+ is a cisco brand Per VLAN Spanning Tree Plus. Though I don't see anything but a MAC address and ports, no IP to configure a VLAN from.
-
@keyser said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
@jddoxtator said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
Ok, I captured packets from WAN with nothing attached to make sure there was no activity, then started a new capture and unplugged the WAN from the ISP router and directly plugged it into the WAN on the Pfsense router
This is what I got after 30 seconds of capture:
02:28:01.732611 DTPv1, length 38
02:28:02.699840 ARP, Request who-has 192.24.57.1 tell 192.24.57.117, length 28
02:28:02.731372 DTPv1, length 38
02:28:03.429465 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:03.733838 DTPv1, length 38
02:28:04.264595 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:04.796229 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:05.302364 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:05.773757 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36
02:28:06.372418 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:06.683297 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36
02:28:06.816486 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:08.433281 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:08.473367 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36
02:28:08.822134 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:10.838025 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:11.155034 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:11.194577 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:12.003469 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36
02:28:12.854932 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:14.882978 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:16.901047 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:18.975871 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:19.022785 IP6 fe80::3eec:efff:fe70:1cf5.546 > ff02::1:2.547: UDP, length 36
02:28:20.998571 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:22.254055 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:23.002261 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:24.361084 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
02:28:25.030319 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42
02:28:27.049727 STP 802.1d, Config, Flags [Topology change], bridge-id 8055.e0:2f:6d:a5:16:80.814f, length 42It looks like a bunch of spam of IP 0.0.0.68 complaining about topology change. What is interesting is the bridge ID. Is that Pfsense or the ISP gateway?
Well we can’t decode everything from this as that is only a summary “overview” of the capture. You need to open it in Wireshark or another pcap decoder application.
However, a few things is obvious. Your ISP is not your average setup since they run Spanning Tree to the client edge - that’s a new for me - never seen that before :-)
But there is also Cisco dynamic trunking protocol frames on the wire, so it seems your ISP is running some VLANs on the wire.The funny thing though… all the 0.0.0.0:68 frames is your pfSense trying to aqquire a IP address via DHCP - it doesn’t get any. So there is no Internet available to it - how on earth are you testing with success albeit very slow speed?
Forgot to address the connection with no IP. It does get one, but it seems it is the wrong gateway. They are currently still building out the network in my area, so there may be some insecure patch devices in the line for workers to access? That's my only thought...
