Netgate 2100 - setup question
-
-
@netboy As soon as I did the above my Web GUI is VERY SLOW (I was trying to apply static address to certain MAC addresses). Has the port / switch configuration messed up something?
-
Yes, that's correct for the switch config.
As long as you have the mvneta1.4084 VLAN interface also configured and assigned it should work as expected.
Steve
-
@stephenw10
Get the following message:
Hmmm… can't reach this page
192.168.0.1
took too long to respond -
This is what I have
-
@netboy Definitely something is wrong... the web GUI is very slow......Any suggestions?
-
@netboy When I removed the ethernet jack from port 3 the web gui works normal. Is there something I am missing in configuring port 3?
-
@netboy What was plugged into port 3 exactly? And if it was a switch what was THAT plugged in to?
What it sounds like to me, after a quick glance over the thread, is you might have a loop going -- your main network feeding back into the new VLAN... but that's just an educated guess.
-
Yes, if you had the switch connected to ports 3 and 4.
The switch in the 2100 does not support STP to prevent that.Steve
-
@stephenw10 What is STP? Yes port 3 and port 4 are connected to "separate" unmanaged switches so that anything connected to the switch has the 172 subnet.
This was my idea right from beginning.
Are you telling me that I cannot connect any switch to port 3 and 4?
Please note that port 3 is disconnected right now and port 4 is connected to a unmanaged switch. This configuration does not choke up web GUI but once I connect port 3 to a switch the web GUI chokes up.
Kindly advice
-
@netboy said in Netgate 2100 - setup question:
What is STP?
Spanning Tree Protocol.
If you have a link from one network going into another, it cannot detect that and mitigate the cross-talk.
You can connect a switch to those ports, yes, but I was asking you what the rest of those are connected to -- is it possible that one of those switches is connected to port 1 or 2?
-
@rcoleman-netgate You are on the money!!! I had daisy chained the switch which was in port 1 and port 3 because my standby router had only one port and was waiting for 2100 to arrive. Newbie mistake!!! Thanks for pointing this out!
I have now removed the daisy chain ethernet cable connecting switches which were in port 3 and port 1.
Web gui works fine.
Thank you for baby sitting me!
-
@netboy Yeah, don't do that :) It does bad things -- as you have seen. :)
-
@rcoleman-netgate I need help in firewall rules.
I want 192.16.0.XXX subnet to go to internet and talk to 172.16.0.XXX subnet but I want to BLOCK 172.16.0.xxx to 192 subnet - 172 can talk to internet (allow). This is my existing firewall rules.
IoTP4 is 172.16.0.XXX
-
@netboy So block on LAN interface anything with a SOURCE address of IOTP4 Network. Put that above your "allow all traffic" rule
-
@rcoleman-netgate on the LAN firewall (192) BLOCK IoT (172) and this must be the FIRST rule. Have I got it right? On drop down there are two options IOTP4 address and IOTP4 net - which one to select as source
Below correct?
-
@netboy That will only block HTTP and HTTPS but not Ping or DNS
Set the traffic to ANY type, not TCP.
And, as I said, IOT Network, not IOT Address :)
-
@rcoleman-netgate
Is this correct? The order ok?
-
@netboy Needs to be IOTP4 Network, not address.
-
