Nfe0 and vlan not possible?

iorx

nfe0 and vlan not possible?
Hello!

Was experimenting with a Zotac MAG, NVIDIA ION based little machine. My original plan was to use the integrated single network card and then vlan. But trying to use vlan on nfe0 nic give me "No VLAN capable interfaces detected".

nfe0 not capable of VLAN? Or I'm doing something wrong here?

Info: pfs. 1.2.3 RELEASE

Perry

If I look at the driver info http://www.freebsd.org/cgi/man.cgi?query=nfe&sektion=4&manpath=FreeBSD+7.2-RELEASE they all seem to support vlan. If I should guess you have a slightly newer/altered chip version. Try using a pfSense 2.0 snapshot http://snapshots.pfsense.com as the underlying FreeBSD version is newer.

iorx

Was planing to use this machine in a production environment and there for 1.2.3 version. 2.0B isn't really there yet. Got a taste of the 20101020 update… :-) My home install was downed.

Do I have to have the machine connected to vlan enabled port in the switch while booting up pfsense? When I tried I "hot plugged" the network cable to a vlan enabled port in the switch.

I'll try the 2.0 BETA and report back.

iorx

Used today build, error booting. Couldn't mount the CD?! Using an external-SUB CD/DVD-reader…

iorx

Hello again!

As mentioned before; todays -1022 didn't mount the CD correctly. Didn't read what was up on the screen obviously… I had to type it in my self "cd9660:/dev/cd0" and then the booting continued. I'm now running a "live-cd" with vlan on a ZOTAC MAG Atom 330. VLAN is configured in a hp procurve 1810G.

And here are the results: Download 113.84Mbit/s Upload 11.31Mbit/s. Not bad if you consider that the service I'm using is announced as 100/10Mbit.

So, 1.2.3 doesn't like ION network card (I also noticed that the switch didn't negotiate 1Gbit, just 100Mbit).

And the big question: I have a customer which need a solution just like the above. Does one dare running 2.0 BETA in such case? Any "extra stable build" known?

wallabybob

Suggestion: (I can't test since I don't have any nfe interfaces)

pfSense 1.2.3 doesn't seem to know about the VLAN capabilities of nfe so tell it by editing /etc/inc/globals.inc

Find the first line containing vlan_native_supp and add "nfe" to the list of interface names. Do the same on the next line to add "nfe" to the list of interface names assigned to vlan_long_frame, save the file and reboot

Perry

And the big question: I have a customer which need a solution just like the above. Does one dare running 2.0 BETA in such case? Any "extra stable build" known?

It's not recommended.

(I also noticed that the switch didn't negotiate 1Gbit, just 100Mbit).

The older hp procure 1800g was also known for that.

iorx

@wallabybob:

Suggestion: …editing /etc/inc/globals.inc

Find the first line containing vlan_native_supp and add "nfe" to the list of interface names. Do the same on the next line to add "nfe" to the list of interface names assigned to vlan_long_frame, save the file and reboot

Whoho! It works! Up and running. Took an extremely ugly path to change the file global.inc. Hex edited the ISO image…  :P My test unit, Zotac MAG, is my own HTPC box and I'm to lazy to replace the hard drive just to test this.

BTW: Port speed negotiated to 1Gbit and I got the same internet throughput as with 2.0 BETA (>100Mbit down, >10Mbit up).

Case closed. The customer is going to use pf1.2.3, a ZOTAC and a hp switch. The final configuration is going to be load balanced/fail over. So there is going to be 3 VLANs (2 wan, 1 lan) involved. Any comments on the solution? Good/bad?

Brgs,

Thanks!

wallabybob

@iorx:

Any comments on the solution? Good/bad?

One does what one must!

It wasn't clear from your post exactly what pfSense variant you were running. On the full version of pfSense files can be edited from a login session. On the full version and the embedded version files can be edited from the web GUI: Diagnostics -> Edit file. Because the embedded version runs with the file system read only the file system must be mounted read-write if you want to edit files from a login session.

Perry

Case closed. The customer is going to use pf1.2.3, a ZOTAC and a hp switch. The final configuration is going to be load balanced/fail over. So there is going to be 3 VLANs (2 wan, 1 lan) involved. Any comments on the solution? Good/bad?

Have been working well for me.
I prefer to use failover pools and split the load that way.
I use opendns as monitor IP's and DNS servers.

iorx

@wallabybob:

@iorx:

Any comments on the solution? Good/bad?

One does what one must!

It wasn't clear from your post exactly what pfSense variant you were running. On the full version of pfSense files can be edited from a login session. On the full version and the embedded version files can be edited from the web GUI: Diagnostics -> Edit file. Because the embedded version runs with the file system read only the file system must be mounted read-write if you want to edit files from a login session.

Solution: It's rather nice price/performance and a flexible platform as it delivers the 1Gbit n:interfaces, 2 cores+2 treaded Atom 330 and 2GB RAM. And it is of the shelf components! That saves time.

pfSense varian: For testing I've used the "pfSense-1.2.3-RELEASE-LiveCD-Installer.iso.gz 08-Dec-2009 05:47 55M" but only used it as Live-CD. And then the ugly hack editing the ISO for nfe. I had problem coming pass the interface assignment before the nfe was accepted as VLAN-enabled. I there a way to jump out to shell and edit files while booting the Live-CD? Just curious.
The final install will be full-install to local disk on the PC.

iorx

@Perry:

Case closed. The customer is going to use pf1.2.3, a ZOTAC and a hp switch. The final configuration is going to be load balanced/fail over. So there is going to be 3 VLANs (2 wan, 1 lan) involved. Any comments on the solution? Good/bad?

Have been working well for me.
I prefer to use failover pools and split the load that way.
I use opendns as monitor IP's and DNS servers.

The Multi-WAN doc looks like it using pools also. I'm going to use that as template for the setup. Haven't had "that" much time experimenting with multi-wan environments.
DNS: I find OpenDNS a bit slow. Planing to use a combination of ISP-DNS and Google-DNS I think.

If you guys are interested I post back here when the system is up and running.

wallabybob

@iorx:

I there a way to jump out to shell and edit files while booting the Live-CD?

I don't know of a way to do what you describe (unless what I describe below qualifies). Especially since you can't "easily" permanently change the files on the CD.

Clearly you have a problem creating the initial configuration with VLANs. If there were two NICs in your system (you could temporarily add a supported USB wired NIC or WiFi NIC or maybe even assign the parallel port as an interface) you could boot from CD, install to hard drive, edit the file, reboot and assign interfaces from the console menu and then setup your VLANs. From memory, pfSense 1.2.3 requires two interfaces. During the "install to hard drive" phase you don't need functioning interfaces so you could leave the VLAN configuration until after you have installed to hard drive.

From memory, pfSense 1.2.3 includes drivers so the parallel port and firewire ports can be used as IP interfaces if the necessary hardware is present in your system. Therefore it might be pretty easy to configure two interfaces to get through the initial install to hard drive, even if your system doesn't include two more conventional NICs.