Netgate SG-3100 "bans" access point
-
@jarhead Also remember that restarting pfsense, does put the Archer back in the game.
That's why I'd not focus elsewhere. -
@gich Without being willing to accept that something else might be causing the technical issue, or trying to do the recommended troubleshooting, will tend to others abandoning their attempts to assist you.
-
The only thing in a default pfSense install that could present like this is the sshgiard login protection.
When it appears to be 'banned' check Diag > Tables and look for any entries in the sshguard table. If the AP IP is shown there that would do it. It would get 'unbanned' after some time though.
Also that would only affect other devices connected to the AP if it was acting a as router and NATing all the traffic from wifi clients.Steve
-
@rcoleman-netgate Did you miss the "I'll try that to be sure" ???
I was explaining why I was pointed in another direction. -
There are some tests we can do to be sure. It 'feels' like a rogue dhcp server or IP conflict though.
-
So I tried to connect directly to the Netgate via another port. Nothing.
Then I removed the static ip on it and, while I was looking around, I had a glimpse on the ARP table of a "incomplete MAC".
WTF is that? Busted port? But it works when I connect the notebook.So since it was already planned: moved the Archer to a friend house, very basic setup, and it works fine for hours.
While this was going on I resetted the Netgate and reloaded the configuration just backupped.
Archer is back at home where it was before and going strong all night.Early to tell if this is definitive, since it might have worked for that long before, but I'm hopeful.
Still no idea if the "incomplete MAC" was real or a dream and what that might mean.
-
@gich said in Netgate SG-3100 "bans" access point:
Still no idea if the "incomplete MAC" was real or a dream and what that might mean.
Means it arped but didn't get an answer, like this if i ping an IP that is not actually there
? (192.168.9.33) at (incomplete) on igb0 expired [ethernet]
There was no answer to the arp, so its incomplete.
-
@gich said in Netgate SG-3100 "bans" access point:
So I tried to connect directly to the Netgate via another port. Nothing.
Ah, so you were unable to connect to the 3100 at all when this happens?
I assume you tried only one of the other LAN ports? The AP is connected to a LAN port also?
If you have not yet enabled the OPT port for local access I would do that. You can then try to connect via that and it doesn't rely on the on-board switch config. One thing that could explain a layer2 failure like this is of the switch config is changed somehow.
You can easily check that by running at the command line:etherswitchcfg
But to do that you need to have access to the 3100. The OPT port would give you that but you could also use the console directly.Steve
-
@stephenw10 I had actually tried a couple of ports on both ends.
After the reset of the Netgate I don't have the situation anymore so I can't investigate further.Note: I don't think it matters but one of the Netgate's port won't do gigabit anymore and goes only to 100.
-
Hmm, could be a physical port problem then. Just avoiding that port might prevent it happening again.
Steve
-
@stephenw10 Yeah not using that port... I just hope it's not something deeper.
-
@gich If the other LAN port works after a reboot then I suspect it's a hardware issue...
A few Qs:
- Is anything plugged into the OPT port?
- Are multiple devices plugged into the LAN ports?
- Can you DM me the SN of your 3100? Check for my message [need to check if it's under warranty still]
-
@rcoleman-netgate 1. No.
2. Only one LAN port is in use, it goes to the switch and than to infinity and beyond...
3. Warranty has expired, got it in 2019 (when I got fiber connection)... in Italy. -
@gich As you suspected, yes it is out of warranty by just over a year.
Do you have GUI access to the 3100? You could verify if it has VLANs that the VLANs are associated with all 4 ports of the LAN and we can try those ports, too, in case it's a physical interface issue.
If it is an etherswitch issue, the onboard hardware, then we could reprogram it to work on the OPT port.
But that requires GUI access...
-
@gich The port not working at full speed it's not a problem. It's suck but I'll live with it.
I was only wondering if there was a deeper connection between those problems.
