Netgate 1100 with LAN + OPT switch only partially working

winksaville

I used these instructions, https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/configuring-the-switch-ports.html , to configure LAN + OPT as a switch. If I have devices plugged into LAN or LAN and OPT all is well and I can. But if unplug both devices and then reboot the 1100 and wait until the console says Bootup complete and displays the Menu with Enter an option. Then I plug in one of devices into OPT I get an address and route and can ping 192.168.1.1. If I then move the RJ45 from OPT to LAN I can also ping 192.168.1.1.

But, if I then move the RJ45 back to OPT I get:

$ ping 192.186.1.1
PING 192.168.1.1 (192.168.1.1) 45(84) bytes of data.
Form 192.168.1.100 icmp_seq=1 Destination Host Unreachable
Form 192.168.1.100 icmp_seq=1 Destination Host Unreachable
...

One interesting tid bit I just noticed, in the Console following the "Welcome to Netgate ..." it shows the "mvnetao.xxxx" info about WAN, LAN and OPT:

WAN (wan)     -> mvnetao.4090 ->
LAN (lan)     -> mvnetao.4091 -> v4: 192.168.1.1/24
OPT (opt1)    -> mvnetao.4092 ->

I'm surprised the OPT says mvnetao.4092, because when followed the instructions it assigns it to 4091. Maybe this is because I didn't delete the firewall setting and 4092 VLAN as the instructions say I can; "The assigned OPT interface in the firewall settings is redundant at this point and can be removed, along with the definition for VLAN 4092 on mvnetao.".

I didn't because I the instructions didn't say it was required to do so and I'm not sure exactly how to do it.

So is the behavior of not being able to switch from OPT to LAN to OPT a bug or an incorrect expectation of mine?

Gertjan

@winksaville

From what I make of this :

https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/configuring-the-switch-ports.html : WAN, LAN and OPT are separate network.

LAN would be 192.168.1.1/24 and OPT would be 192.168.2.1/24 (or whatever you chose, but not 192.168.1.1/24)

Follow the guide if you want to make a 'mini 2 switch port'.

Or : go for the easy live and add a switch on LAN ^^

winksaville

@gertjan, Quoting from the link: "This optional guide changes the configuration such that the LAN and OPT Ethernet ports are on the same VLAN, effectively creating a small two-port LAN switch."

With both computers connected to LAN and OPT the router the router has addr 192.168.1.1 and the computers 192.168.1.100 and 193.168.1.221 respectively. So AFAICT everything is working as if the router is a two port switch as long as both are connected.

Therefore I'd expect those two ports to always be operational, no matter which port is occupied when.

Gertjan

@winksaville said in Netgate 1100 with LAN + OPT switch only partially working:

Therefore I'd expect those two ports to always be operational, no matter which port is occupied when.

Well, yeah.

This guid https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/configuring-the-switch-ports.html - for me - should do what you want :

By default, LAN and OPT are two separated interfaces.
You want them to be 'switched' :

The final blue note now applies :

Unlike software bridging, traffic between ports 1 and 2 will never leave the switch chip so it will perform at switching speed. The firewall cannot filter traffic between the two ports as pfSense Plus software will never see it, as with any other (external) switch.

What happens when you connect you alternate a device / cable to these two devices : I don't know.

Btw : what did you saw in the DHCP server log ?
Does the device get the same IP assigned upon connect to each of these ports ?
There should only be on interface listed under DHCP-server tab : the 'LAN' as you only have now just one network.
This network is set to 192.168.1.1/24, right ?

A last resort :
Boot to default.
Do what the guide says.
Now reboot.