New Fiber install, fresh Pfsense install, only getting 20Mbps up/down
-
@stephenw10 said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
Ok, so you are still not seeing all the traffic to/from the ISP router?
But you can see it using DHCP to pull an address in the correct subnet from upstream?
That should show any special dhcp client options it's using.
Steve
Perhaps not true. If he is only seeing dhcp and other broadcasts, he’s either not capturing in promiscious mode, or he’s only seeing the broadcasts in the native VLAN which might be used for ISP management and has nothing to do with the user/internet VLAN
-
@jddoxtator the major issue with using a managed switch is it will by default discard any VLAN tagged frames if that VLAN is not enabled in the switch. Thats why i suggested you used a dumb non managed switch. It makes it infinitely much easier to learn VLAN tags from as Long as you can see the broadcasts.
You are likely capturing data on a port that has stripped unknown VLANs or forgot to capture i promiscious mode.
If you are capturing on mvneta1 in the SG-2100, remember that is a uplink port to the internal 4 port switch. If dot1.q mode is enabled on that switch to create “discrete” interfaces, then the 2100 is the switch that is stripping unknown VLAN’s -
@keyser Yes, I forgot promiscuous mode. Good catch.
Recaptured and I am seeing the PVST+
Now the VLAN is type PVID, so I am wondering if that is the issue. I see option in the switch for PVID but not in Pfsense.
here is the full details:
Originating VLAN (PVID): 85
Type: Originating VLAN (0x0000)
Length: 2
Originating VLAN: 85 -
There is no PVID setting in pfSense (except those with built in switches) because that only applies to assigning VLAN tags to untagged traffic and that only happens in a switch.
pfSense either sends and receives tagged traffic on a VLAN interface or untagged traffic on a regular interface.To be clear you are now seeing VLAN tagged traffic in your pcaps on the SPAN port?
-
@stephenw10 Yes, however I have tried the VLAN 85 before and Pfsense just fails to even connect.
There is a possibility I am not implementing the VLAN correctly in Pfsense.
What i am doing is creating the VLAN on the bare port ID then assigning that VLAN to WAN instead of having it the bare port ID.
-
Which is fine if only VLAN85 is required. Looks like something more is so maybe priority tags. And/or custom dhclient values. Something else...
-
Well this is interesting.... ISP router has completely locked my out of the WebGUI but passes the internet. Tried reboots hooking back up to converter, might have to reset the damned thing.
-
@stephenw10 said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
Which is fine if only VLAN85 is required. Looks like something more is so maybe priority tags. And/or custom dhclient values. Something else...
Yes, that might be the next issue. Even if your pfSense is on the correct VLAN some ISP’s do everything they can to deter customers from attaching their own equipment directly.
In frace fx. It’s very common that DHCP requests needs to be DSCP queued with 0x06, and a couple DHCP option requests needs to present in the DHCP request. Otherwise the DHCP does not respond, and you experience this as “no service” because nothing responds on the line.To solve that issue you need to capture a successfull DHCP request/offer/ack session from the ISP router, and then see what DHCP options/queue markings is present compared to your regular DHCP request from pfSense when it tries.
Rather technical, but solvable :-) -
@keyser
Here is what I picked up from a DHCP request:Option: (55) Parameter Request List
Length: 10
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (28) Broadcast Address
Parameter Request List Item: (2) Time Offset
Parameter Request List Item: (121) Classless Static Route (seen in multiple DHCP tags)
Parameter Request List Item: (3) Router
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (12) Host Name
Parameter Request List Item: (119) Domain Search
Parameter Request List Item: (26) Interface MTUDoes anything here give any indication of how to configure Pfsense?
-
@jddoxtator said in New Fiber install, fresh Pfsense install, only getting 20Mbps up/down:
@keyser
Here is what I picked up from a DHCP request:Option: (55) Parameter Request List
Length: 10
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (28) Broadcast Address
Parameter Request List Item: (2) Time Offset
Parameter Request List Item: (121) Classless Static Route (seen in multiple DHCP tags)
Parameter Request List Item: (3) Router
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (12) Host Name
Parameter Request List Item: (119) Domain Search
Parameter Request List Item: (26) Interface MTUDoes anything here give any indication of how to configure Pfsense?
I’m sorry but that part is a little outside my experience and knowledge field. I was lucky to find a blog describing how to get my pfSense working with the ISP named Orange in France:
https://vincent.bernat.ch/en/blog/2019-orange-livebox-linux
And
https://syscall.eu/blog/2021/10/04/livebox_replacement/You can skip the ONT part and just look at the DHCP options part. Remember, this is for Orange, and I then found an article on how to get the pfSense DHCP client on WAN to use those settings.
-
Yeah, it won't be a parameter request. It will appears as a client option it sends to the server. Assuming it is sending anything custom...
Otherwise check for priority tags or DSCP flags.
Steve
-
I have a Cisco switch here and port mirroring with it is a pain. I created a data tap, with a cheap 5 port managed switch.
