SG-2100: Internal Switch stucked + self-changed PVIDs

mmkkoo

Hello,
What I observed is my internal switch stucked randomly.
I was connected via cable to LAN interface and I lost my connection, also lost my accesspoint wifi nets. Move cable to my ETH_ADMIN on the combo port so I was able to log in PFsense. Then I reboot but this did not help, then power cycled to see that my PVIDs are changed.

LEDs on the switch were ON, even i take off two cables, after reboot LEDs were off and did not blink after cables were connected again.

Then I power cycled to see my LAN and other VLANs do not work correctly.

Question is what happened? How to avoid this in future?
So in general please help me understand wtf.
Not first time switch stucked like that, but this PVID thing never seen before.

My interfaces are

My VLANS at PFsense:

My VLANS at internal switch:

NEW port VIDs AFTER power cycle,:

ANY thought appreciated.

EDIT:
My pfsense version is 24.03

One more observation: when connecting to LAN as right now, after reboot i get IP from ETH_ADMIN's DHCP not LAN's.

SteveITS

@mmkkoo mvneta0 is normally WAN by default. Where is that connected?

If you are getting assigned a DHCP IP from the wrong interface then your interfaces are not separated. E.g. the VLANs aren't being isolated by the switch, or LAN is connected to the same network as ETH_ADMIN, etc.

Is "3663" in your config file anywhere?

Just to be clear, when you say "power cycle," you used Diagnostics/Halt and disconected power after it was done shutting down?

mmkkoo

This post is deleted!

mmkkoo

@SteveITS said in SG-2100: Internal Switch stucked + self-changed PVIDs:

mvneta0 is normally WAN by default. Where is that connected?

In SG-2100 box main micro has two interfaces mvneta0: accessible trough combo port, and mvneta1 internally connected to port 5 of the internal switch.

So this mvneta0 is ETH_ADMIN, while I get my internet (WAN) from modem card inside SG box via PPP.
I do not use this mvneta0 interface for anything other than admin PFsense after I screw up LAN.

If you are getting assigned a DHCP IP from the wrong interface then your interfaces are not separated. E.g. the VLANs aren't being isolated by the switch, or LAN is connected to the same network as ETH_ADMIN, etc.

Regarding subnets being not isolated, I can only guess they are not isolated since all ports had the same PVID 3663.

Is "3663" in your config file anywhere?

If you mean config I put into PFsense via web interface: I never put such PVID anywhere, not even in the past.

Just to be clear, when you say "power cycle," you used Diagnostics/Halt and disconected power after it was done shutting down?

To be honest I am not sure right now I did halted the system. Let's assume I did not.

SteveITS

@mmkkoo said in SG-2100: Internal Switch stucked + self-changed PVIDs:

I get my internet (WAN) from modem card inside SG box

Ok that's the part I was missing.

The LAN ports using the same PVID might connect those, but not WAN.

pfSense should configure the switch during boot, based on the config file. If you download/back up a config file now does that show 3663?

In general anything with a file system should be shut down since removing power can in theory cause file system corruption, if a file is half written. ZFS is better at avoiding that than UFS however.

mmkkoo

@SteveITS

I have config backup from 2 day ago - the last one before this crash, and not single sign of this 3663 PVID.

To be honest bigger problem is for me this internal switch hangup, anyone have experience with something like that?

Only things that come to my mind is too high temperature and some kind of electrical connection loop as I had cable with shield, but this is pure imagination.

stephenw10

I have seen that happen before but only when a cellular modem is present. And only on some devices.

If it happens again try running at the command line: etherswitchcfg

That should return the current state of the switch by querying it directly.

Under some circumstances the switch IC can either stop responding entirely or respond with garbage values to that query.

If that happens only a full power cycle will reset it.

What modem are you using?

Steve

mmkkoo

Sorry for delay...

@stephenw10
Modem is Sierra EM7455. Flashed with this SW:
SWI9X30C_02.38.00.00.cwe SWI9X30C_02.38.00.00_GENERIC_002.082_000.

@SteveITS said in SG-2100: Internal Switch stucked + self-changed PVIDs:

pfSense should configure the switch during boot, based on the config file. If you download/back up a config file now does that show 3663?

I also downloaded config after this happened and there was no 3663 PVID in it, only as expected 1 and 3000.

I changed PVID and all is good now.

Normally I would not bother anyone with this, but when you purchase pfsense inside NG box specifically for reliability/stability I guess it makes you somewhat unsettled.

---

BTW. as you guys are mostly professionals, I suppose, do you sometimes need to do hard reset/power cycle in commercial enviroment? Maybe my expectation were unrealistic somewhat ...

BTW I did forum search on etherswitchcfg to see few realted topics with following one being very informative: https://forum.netgate.com/topic/159297/sg-2100-dropping-lan-connections-with-em7305-cellular-wan

Regards,
MKo

stephenw10

Yes I think that was the first user to report that. After several attempts I was eventually able to replicate it on one device.

This is specifically some interaction between the modem and the switch IC though so it only affects some 2100s where a modem has been added.

If you see that repeatedly the only thing I really suggest is to use an external USB enclosure for the modem.

mmkkoo

@stephenw10
yeah, I do consider that. Thank you for you support and time.
I think subject is closed.

Best regards
MKo