pfSense on Watchguard M270

ozon08

@stephenw10 port9 and port10 is in state 1. is it correct?

stephenw10

If you're using my example script above where the WAN is port 1 and LAN is ports 2-8 then it should look like:

[23.01-RELEASE][root@m270-2.stevew.lan]/root: etherswitchcfg
etherswitch0: VLAN mode: PORT
port1:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
port2:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port3:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port4:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port5:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port6:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port7:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port8:
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port9:
        state=8<FORWARDING>
        flags=1<CPUPORT>
        media: Ethernet 2500Base-KX <full-duplex>
        status: active
port10:
        state=8<FORWARDING>
        flags=1<CPUPORT>
        media: Ethernet 2500Base-KX <full-duplex>
        status: active
vlangroup1:
        port: 1
        members 9
vlangroup2:
        port: 2
        members 3,4,5,6,7,8,10
vlangroup3:
        port: 3
        members 2,4,5,6,7,8,10
vlangroup4:
        port: 4
        members 2,3,5,6,7,8,10
vlangroup5:
        port: 5
        members 2,3,4,6,7,8,10
vlangroup6:
        port: 6
        members 2,3,4,5,7,8,10
vlangroup7:
        port: 7
        members 2,3,4,5,6,8,10
vlangroup8:
        port: 8
        members 2,3,4,5,6,7,10
vlangroup9:
        port: 9
        members 1
vlangroup10:
        port: 10
        members 2,3,4,5,6,7,8

stephenw10

Ah, now I recall I had to add those ports to the script in 23.01!

#!/bin/sh
#
# Script to setup the switch in the M270
#
# SteveW 5/6/2020
#

echo "Configuring switch..."
logger Configuring switch...

etherswitchcfg vlangroup1 vlan 1 members 9
etherswitchcfg vlangroup2 vlan 2 members 3,4,5,6,7,8,10
etherswitchcfg vlangroup3 vlan 3 members 2,4,5,6,7,8,10
etherswitchcfg vlangroup4 vlan 4 members 2,3,5,6,7,8,10
etherswitchcfg vlangroup5 vlan 5 members 2,3,4,6,7,8,10
etherswitchcfg vlangroup6 vlan 6 members 2,3,4,5,7,8,10
etherswitchcfg vlangroup7 vlan 7 members 2,3,4,5,6,8,10
etherswitchcfg vlangroup8 vlan 8 members 2,3,4,5,6,7,10
etherswitchcfg vlangroup9 vlan 9 members 1
etherswitchcfg vlangroup10 vlan 10 members 2,3,4,5,6,7,8

etherswitchcfg port1 forwarding
etherswitchcfg port2 forwarding
etherswitchcfg port3 forwarding
etherswitchcfg port4 forwarding
etherswitchcfg port5 forwarding
etherswitchcfg port6 forwarding
etherswitchcfg port7 forwarding
etherswitchcfg port8 forwarding
etherswitchcfg port9 forwarding
etherswitchcfg port10 forwarding

echo "done"
logger done

ozon08

@stephenw10 this looks like my configuration.

ozon08

@stephenw10 i just have it. I forgot to forward port 9 and 10. sorry that was my fault

stephenw10

No that wasn't required in 22.05. Something changed in the switch driver defaults. Probably the same reason for that MDI/X bug.

ozon08

@stephenw10 okay, now i added it to my shellcmd. After a test reboot it works fine. Thank you

shaker

Hello,
I tried the whole night to bring me M270 to work.
But I didn't have success.

Can you please explain more detailed, what are the steps for get it done?

Thank you so much.

ozon08

@shaker
What have you done so far?

shaker

I installed OPNsense, which is very similar to pfSense without issues. The switchports are not able to work by default.
Then I opened "shell" to modify the files you recommended.

First I added this code

hint.mdio.0.at="ix1"
hint.e6000sw.0.addr=0
hint.e6000sw.0.is6190=1
hint.e6000sw.0.port0disabled=1
hint.e6000sw.0.port9cpu=1
hint.e6000sw.0.port10cpu=1
hint.e6000sw.0.port9speed=2500
hint.e6000sw.0.port10speed=2500

to /boot/device.hints

Then I created the scripts in /usr/local/bin/setup_switch.sh

#!/bin/sh
#
# Script to setup the switch in the M270
#
# SteveW 5/6/2020
#

echo "Configuring switch..."
logger Configuring switch...

etherswitchcfg vlangroup1 vlan 1 members 9
etherswitchcfg vlangroup2 vlan 2 members 3,4,5,6,7,8,10
etherswitchcfg vlangroup3 vlan 3 members 2,4,5,6,7,8,10
etherswitchcfg vlangroup4 vlan 4 members 2,3,5,6,7,8,10
etherswitchcfg vlangroup5 vlan 5 members 2,3,4,6,7,8,10
etherswitchcfg vlangroup6 vlan 6 members 2,3,4,5,7,8,10
etherswitchcfg vlangroup7 vlan 7 members 2,3,4,5,6,8,10
etherswitchcfg vlangroup8 vlan 8 members 2,3,4,5,6,7,10
etherswitchcfg vlangroup9 vlan 9 members 1
etherswitchcfg vlangroup10 vlan 10 members 2,3,4,5,6,7,8

etherswitchcfg port1 forwarding
etherswitchcfg port2 forwarding
etherswitchcfg port3 forwarding
etherswitchcfg port4 forwarding
etherswitchcfg port5 forwarding
etherswitchcfg port6 forwarding
etherswitchcfg port7 forwarding
etherswitchcfg port8 forwarding

echo "done"
logger done

Gave it this:
chmod +x setup_switch.sh

run it ./setup_switch.sh

But I get fault:

etherswitchcfg: Can't open control file: /dev/etherswitch0: No such file or directory

More Information:

root@OPNsense:/ # kldstat
Id Refs Address                Size Name
 1   39 0xffffffff80200000  215dc08 kernel
 2    1 0xffffffff8235e000     f460 carp.ko
 3    1 0xffffffff8236e000     3b18 pflog.ko
 4    3 0xffffffff82372000    75240 pf.ko
 6    1 0xffffffff82407000    3d648 if_ixv.ko
 7    1 0xffffffff82445000    4f610 if_ix.ko
 8    1 0xffffffff82495000     4b58 if_enc.ko
 9    1 0xffffffff8249a000     ba48 if_gre.ko
10    1 0xffffffff824a6000    18338 if_lagg.ko
11    2 0xffffffff824bf000     3538 if_infiniband.ko
12    1 0xffffffff824c3000     e4d0 if_bridge.ko
13    2 0xffffffff824d2000     7870 bridgestp.ko
14    1 0xffffffff824da000     e318 pfsync.ko
15    1 0xffffffff82720000     3250 ichsmb.ko
16    1 0xffffffff82724000     2180 smbus.ko
17    1 0xffffffff82727000     4700 nullfs.ko

root@OPNsense:/ # ifconfig -a
ix0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: WAN (wan)
        options=4803828<VLAN_MTU,JUMBO_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,NOMAP>
        ether 00:a0:c9:00:00:02
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ix1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: LAN (lan)
        options=4803828<VLAN_MTU,JUMBO_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,NOMAP>
        ether 34:12:78:56:01:03
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=0<> metric 0 mtu 1536
        groups: enc
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
        groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
        syncpeer: 0.0.0.0 maxupd: 128 defer: off
        syncok: 1
        groups: pfsync

Let me know if you need any other information.
Thank you

ozon08

@shaker
Did you restart after adding the boot hints?

shaker

Yes I gestartet every time I made changes

stephenw10

OPNSense doesn't have the required drivers to access the switch. The same reason CE won't work. It can only work with pfSense Plus currently.

Steve

shaker

What a pitty.
I thought the base is Free BSD which give the possibility in general.
Is there no way to bring the correct driver to FreeBSD and let it work?

By the way, if somebody need access to the BIOS, just let me know.

stephenw10

It only happens to work in pfSense Plus because we have done the development work for the 7100. There is basically zero incentive for Deciso to sponsor that in OPN so I'd say it's very unlikely.

shaker

OK that's cool. Thank you.
So one last question. When it works with plus only, do I need top buy it, or is there a way to get it for private use.
I read there is a way to upgrade CE to plus, but therefore you need Internet access first on the device.
So what's the best option?

stephenw10

The easiest way is to install CE and upgrade to plus in something else then move the boot device across into the m270. Then re-register it there once you've added the switch scripts so it has connectivity.

shaker

Thank you very much for the support.
I have now running pfsense plus on my M270.

stephenw10

Cool!
Be aware that the driver code was never intended to run on that hardware so the startup scripts that ensure the 7100 works as expected will end up breaking it for the m270 at upgrade. At least currently.
So if/when you do a firmware upgrade you will need access to the console to copy back the device hints and regain connectivity. I usually just have a backup of the file I can quickly copy back into place.

Steve

shaker

Yes I will do. I made some notes to not forget.

Actually the ethernetswitch is configured to use 1 WAN and 7 LAN interfaces, working in switch mode.
Is it possible to configure it to have 7 independent LAN ports, where to activate VLANs on each?