6100 ix0 and ix1 unable to negotiate with SFP 1G ports?
-
I received my 6100 this week, and was originally planning on connecting my main Unifi 1G switch to WAN4 (ix1) on the 6100 with an SFP DAC. However, the lights never activate on the 6100 or Unifi switch when I do that. When I move the SFP cable to WAN2 (ix2), everything works.
I tried an SFP+ DAC cable I had on hand and that didn’t work on ix0 or ix1 either. I don’t have any fiber cables to test with.
Does this mean that ix0 and ix1 will only communicate at 10G, and not auto negotiate to 1G? Since I only have a 1G capable switch, I can’t use (and verify they work) the 10G ports on my 6100?
-
@offstageroller
i've had DAC's before on 6100 units that didn't like to auto-negotiate. Forcing the link on both ends to the correct speed sometimes works.I've also had a switch where i needed to force the media-type to "DAC" to get the link up and running
-
Yes, you may need to force the link speed to 1G there and DAC cables commonly don't make multiple link speeds available. You probably could link using ix0/1 if you used a fiber module there. But using the ix2/3 NICs, which are 1G only, is a perfectly valid config.
Steve
-
Thank you both for the replies!
I was able to connect my SFP cable to the ix1 port, and once I set both sides to 1000Base, the connection worked!
This did not work with my SFP+ cable. Within the pfSense interface, I didn't have the 1000Base option, and it only allowed me to chose autoselect or the 10000Base option.
So I should be able to use ix0 or ix1 with my current switch if I want... except for one problem. I don't have ix0 or ix1 added as an interface assignment. I have a bunch of VLANs that I assign to my main interface (currently ix2) that goes into my switch, but that interface is not active under interface assignments in pfSense. I've read it's not a good idea to add that interface there if the sole purpose for that interface is for VLAN trunking.
So... if that interface isn't active and on that page, then I can't set the speed right? Meaning I can't use those interfaces with my setup? I'm okay sticking with ix2, since that maxes out my current 1Gbps speed. I'm more so just curious at this point on if I could use the ix0 and ix1 interfaces.
-
@offstageroller
most dac's (i've used) only work at a single speed.
so in case of spf+ dac's those will likely only work at 10GbE.
regular spf dac's will generally only work at 1GbE.
switch sfp+ ports are (generally) backwardscompatible with sfp.not sure i understand your question about inactive interfaces - but you can assign an interface and set the ip4/6-configuration-type to 'none'
this way you can probably enable the parent-interface of a vlan-trunk, without additional configuration =>only to set the required link-speed -
You absolutely can assign and enable the VLAN parent interface. And as you say you would need to to apply link settings to it. You don't need to set an IP address on it if you're not actually passing untagged traffic there.
Steve
-
@stephenw10 said in 6100 ix0 and ix1 unable to negotiate with SFP 1G ports?:
You absolutely can assign and enable the VLAN parent interface. And as you say you would need to to apply link settings to it. You don't need to set an IP address on it if you're not actually passing untagged traffic there.
Steve
Again, thank you both! :)
It makes sense to assign the parent interface to set the speed, and then leave IPv4 and IPv6 configurations both set to none.
I found the article I read in the past about not adding the parent interface:
https://nguvu.org/pfsense/pfsense-baseline-setup/We need to identify a parent interface before we can start configuring and assigning VLANs. The parent interface refers to the physical interface that will transfer the VLAN tagged traffic.
Historically the best practice was to leave the parent interface unassigned due to undefined, unpredictable or inconsistent behaviour by some hardware, depending on the manufacturer. There was a chance that tagged traffic could be stripped of its tags and end up allocated to the parent interface introducing a security risk.Are they correct in what they're saying?
-
I would consider it best practice to not combine tagged and untagged traffic on the same interface if possible. That's for a number of reasons including that applying a setting to the parent can break tagged traffic on it in some cases, though it should not. More often it opens a possibility for traffic to escape a VLAN if something connected to it incorrectly untagging traffic. If that interface will accept and route untagged traffic it can end up being passed incorrectly.
However that isn't the case here because you don't need to add an IP address to the parent NIC or put any firewall rules on it.Steve
-
@stephenw10 said in 6100 ix0 and ix1 unable to negotiate with SFP 1G ports?:
I would consider it best practice to not combine tagged and untagged traffic on the same interface if possible. That's for a number of reasons including that applying a setting to the parent can break tagged traffic on it in some cases, though it should not. More often it opens a possibility for traffic to escape a VLAN if something connected to it incorrectly untagging traffic. If that interface will accept and route untagged traffic it can end up being passed incorrectly.
However that isn't the case here because you don't need to add an IP address to the parent NIC or put any firewall rules on it.Steve
Thank you again! :)
