Odd internet slowness with Netgear GS324TP Switch
-
@creationguy said in Odd internet slowness with Netgear GS324TP Switch:
How would I configure the port so that I could access the switch to manage?
Move your pfSense to port 1?
Also ... it should be accessible through pf via VLAN1Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@rcoleman-netgate VLAN 1 isn't hard-coded by the switch to be on only Port 1, port 1 is just the port that my primary desktop is on where I would normally log into the switch to make changes. I took off VLAN1 from the ports, I can still access the switch. Looks like I'm all set there. Thanks for the information on data leaking.
@Jarhead Data transfer is still slow across the VLANs.
-
@creationguy Wow, saw a switch set the same as you originally had and once the vlans were corrected the problem was fixed. I'll see if I can find that thread for reference.
Next thing I would do is disable all firewall rules except the any any on all interfaces.
Can you try adding vlan 1 as tagged to the interface going to the switch? You would also have to tag vlan 1 on port 24 in the switch. ie No untagged vlans on the trunk.
-
@jarhead said in Odd internet slowness with Netgear GS324TP Switch:
You would also have to tag vlan 1 on port 24 in the switch
Tagging vlan 1 is not normal - many devices do not support it even.
Vlan one is just the default untagged vlan, there is no significance to the ID number to be honest. Untagged traffic coming in defaults to vlan 1, if you want untagged traffic to be on a different vlan, then just set that - there is nothing to do with vlan 1..
-
@johnpoz Not looking for untagged traffic, trying to get rid of it actually.
I have vlan 1 tagged with no issues.
-
@jarhead but does the sending device allow you to tag vlan1?
I just do not see the point of tagging vlan 1, just don't use it - have your device use vlan 100 or something and tag that.
-
@johnpoz Doesn't matter anymore. I found the bug I mentioned earlier in this thread and it was referring to tagged and untagged vlans on a bridge interface so wouldn't apply here.
Maybe it really is related to the dual nic?
Doesn't seem to be much more it can be a this point.@CreationGuy Any chance you have another nic you can add to the system?
-
@jarhead said in Odd internet slowness with Netgear GS324TP Switch:
@johnpoz Doesn't matter anymore. I found the bug I mentioned earlier in this thread and it was referring to tagged and untagged vlans on a bridge interface so wouldn't apply here.
Maybe it really is related to the dual nic?
Doesn't seem to be much more it can be a this point.@CreationGuy Any chance you have another nic you can add to the system?
To answer your suggestion on the firewall rules, what you saw in the screen shot was all that I have. Did you want those shut off as well?
I do have a USB Ethernet NIC I could try or I could enable the onboard NIC in the BIOS and try that as well.
-
@creationguy Try them both instead of the dual nic.
-
What NIC types do you have available?
To create that sort of slowness I'd expect so see a lot of errors/collisions in Status > Interfaces.
Otherwise maybe some IP conflict? I would expect to see errors logged.
I would avoid using VLAN1 tagged if at all possible. Most switches use that as the native internal VLAN and can end up doing odd things with it.
For similar reasons it is better to avoid tagged and untagged traffic on the same link. Though that should work fine and isn't a FreeBSD or switch issue but using it invites user error generated problems. It's far easier to accidentally configure a port/device to strip the tags than to put something tagged on the wrong VLAN. If the pfSense interface connected to that is just dropping untagged traffic that's no issue. But if it is you can end up with unexpected traffic on an interface.Steve
-
@stephenw10 said in Odd internet slowness with Netgear GS324TP Switch:
invites user error generated problems
That I would concur with for sure.. Tagged an Untagged seem to be a point of confusion for new users to vlans.. Mixing them could lead to error sure..
-
Mmm, and even if you understand what you're doing assume the next guy might not!
-
@stephenw10 @Jarhead
I plugged in a USB Ethernet, pfsense shows that it's at 1000Mb/Full, 0 collisions. Zero collisions for all interfaces. The transfer speed is about 12-13MB per sec. Both desktops are connected at 1000/Full. No pfsense rules.I have not yet tried removing the DUAL NIC, that is next.
Edit; I plugged in another USB to Ethernet, set up a vlan for that one as well, so Desktop to Desktop are avoiding the Dual NIC and speeds are still 13MB/s.
-
Still going through the switch though?
-
@stephenw10 @Jarhead
I removed the Dual NIC (Supermicro AOC-SG-i2) and enabled the onboard 1GbE and installed a USB 3 1GbE. I configured the interfaces with the correct VLANs.Transfer speeds are much faster, 77MB/S which is about 600Mb/s. It's WAY faster now, so it's something with this NIC. I thought that it was an Intel chipset but it's not. That solves that one....
I wanted to make sure that my rules all set.
Thank you again!
-
That NIC should be an Intel chipset. How did the interfaces appear in pfSense?
Just by having it unused in the system other traffic was slow? That's very odd behaviour.
The 'Block Guest to LAN' rule you have on LAN can never match anything. Traffic with source 'Guest net' should never come into the LAN.
Steve
-
@stephenw10 said in Odd internet slowness with Netgear GS324TP Switch:
That NIC should be an Intel chipset. How did the interfaces appear in pfSense?
Just by having it unused in the system other traffic was slow? That's very odd behaviour.
The 'Block Guest to LAN' rule you have on LAN can never match anything. Traffic with source 'Guest net' should never come into the LAN.
Steve
The Dual NIC chipset was my mistake, I assumed it was by looking at it. It's removed now. I was using it prior to yesterday for testing- that was the odd cause of the inter-vlan slowness.
I was wondering if that LAN rule was off; other than that, it looks fine?
-
Yes, looks reasonable otherwise.
