pfSense won't get IP from Frontier Fiber.

Jarhead

@stephenw10 I was. Just put two ports into a separate untagged vlan and connected one to the ONT, the other to WAN and instant IP address.

Jarhead

Has anyone seen this?
Couldn't it be implemented?

FreeBSD man ifconfig
pcp priority_code_point
Priority code point (PCP) is an 3-bit field which refers to the
IEEE 802.1p class of service and maps to the frame priority
level.

 -pcp    Stop tagging packets on the interface w/ the priority code	point.

stephenw10

You can set priority tags, there's a field for it in the pfSense gui, but you can only do it on VLAN tagged packets. FreeBSD won't allow you to set VLAN0 which is what is used for priority only tagging.

Steve

Jarhead

@stephenw10
Saw that after posting. Looks like FreeBSD 13.1 will be the fix for this. Any idea when pfSense will use 13.1?

stephenw10

Hmm, I wasn't aware that had changed in any FreeBSD version. You have a link to that?

BogusException

@Jarhead You might already have this resolved, but I've had a hell of a time with customers trying to put the Frontier modems in bridge mode (what I prefer). It hosed up their static address assignments, too.

I am forced to disable bridge mode on them. Will switching over to whichever one (bridged/non-bridged) you aren't on now make a difference?

stephenw10

Are you able to test a 2.7 snapshot?

I don't have any easy way of testing it but it looks like that's included there already:

[2.7.0-DEVELOPMENT][admin@cedev.stevew.lan]/root: ifconfig em0 pcp 4
[2.7.0-DEVELOPMENT][admin@cedev.stevew.lan]/root: ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: webserver
	options=81209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER>
	ether d2:43:8f:91:74:e7
	pcp 4
	inet6 fe80::d043:8fff:fe91:74e7%em0 prefixlen 64 scopeid 0x1
	inet 172.25.10.1 netmask 0xffffff00 broadcast 172.25.10.255
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Unclear what behavior that sets for incoming tagged traffic.

Jarhead

@stephenw10
The snippet I posted was from 13.1 man page where it's applied to all interfaces. If you look at the 12.3 man page it's only applied to vlans. It's actually called vlanpcp or something like that.

Jarhead

@bogusexception I don't use their router (no modem needed with fiber) anymore. This install wasn't mine though and they don't even provide a router anymore. Actually they provide an Eero 6 Pro but it's not much of a router and I would never use it as one.
But before learning this (yesterday) I did still use their router (Arris NVGsomething) and it worked fine. Their newer, not sure when, firmware added a 'transparent bridge' mode which was more of a true bridge than the more common DHCP reservation suedo-bridge instructions you find all over the internet. If you're using one of their arris routers go to advanced/connection and you'll find the bridge mode there. My biggest thing was I didn't want another device plugged in so I changed my install to the switch in between yesterday and it's working perfectly.

Jarhead

@stephenw10 I actually do have a "lab" box I have pfSense+ on. If I get time tomorrow maybe I'll give that a shot!

stephenw10

Mmm, it might 'just work'. pfSense is built on 12-stable. So whilst it still shows as 12.3 it's actually newer.
Though it looks like that code has actually been in ifconfig for some years:
https://github.com/pfsense/FreeBSD-src/commit/9de215608cfe3e871e92c6d6444063dd8be2b5c9
And it specifically mentions only tagging outbound traffic and that incoming traffic may be filtered by the driver.

Steve

Jarhead

@stephenw10
Just tried with no luck.
Can't find too much info on pcp though so I may not be implementing properly.
All I did was "ifconfig em0 -pcp 0"
It did show as applied but made no difference.
Is that all that's needed?

stephenw10

I would try ifconfig em0 pcp 0 which should enable tagging. However after reading I don't think it does anything for the replies which are the problem here.

Steve

random_pawn

How is this going? Frontier is running fiber here soon. I would love to dump Charter (Spectrum).

stephenw10

You will still require a switch to strip the tags if they are sending vlan0 tagged traffic.

Steve

random_pawn

My concern is not getting it to work if we take the plunge and losing money. Probably can get it to work, but I cannot get any answers from Frontier about what their network does here. No surprise, these companies treat people like cattle anyway. If you read their website about the eero, they are all like you have to use it blah blah blah. The fine print says you have to sign with Amazon account too (lol, what??).

Anyway, I found so many posts out there regarding this. This one was most interesting. One person says a linux router distro works out of the box (did not say which). Another said Proxmox worked. My pfsense is on Hyper-V, so hopefully Hyper-V will handle it if it is there (back up is on the Netgate appliance though). Otherwise, I will be finagling two of my SFP+ 10 Gb ports for their own little VLAN.

What is it with these telecomm companies pushing half-brained services? Regulation is a joke lol.

stephenw10

Hmm, not sure if I've seen Hyper-V used with vlan0 tags. There's a pretty good chance that would strip the tags in the vswitch though.

Jarhead

I have a couple of Frontier installs going through a managed switch and they work fine. Yours will too.
You won't be using the sfp+ ports though, all copper since you'll have to use their ONT.

random_pawn

Good to have options. These are combo SFP+ ports supporting 10 Gbe. My pfsense box uses one already using a copper module. Although I bet Hyper-V will handle it as is.

The waiting game now... Have to wait for construction in the neighborhood first.

q54e3w

Just had Frontier 1gbps service installed with the new black ONT. Engineer connected it to my pfSense 2.5.2 routers WAN port replacing my Spectrum S33 modem and it picked up a public WAN address without hiccup or any VLAN0 messing.