TippingPoint X506 Hardware
-
The box isnt showing me any love when I put the pfSense-2.1-RELEASE-512mb-i386-nanobsd.img.gz image on a Transcend 4gig ultra cf card.
Like literally no output on the serial, both 9600 and 115200.
-
After writing the pfSense-memstick-serial-2.1-RELEASE-i386.img.gz image to a usb stick and trying to boot from it, I got the following:
TippingPoint OS, MFG version BSP: [t10 1.2] Bootloader: [15] Creation date: Jun 2 2006, 10:24:47 Press any key to stop auto-boot... 0 auto-booting... boot device : ata=0,0 unit number : 0 processor number : 0 host name : NDS file name : auto flags (f) : 0x0 Could not initialize ATA. Error loading file: errno = 0x0. Can't load boot file!! -
Hmm, OK.
What baud rate do you see the locked BIOS at?Maybe it just can't boot that card for some reason.
No booting from USB either. That's not surprising it would be big security risk if you could just plug in your own compromised OS and reboot the box without even opening it.Can you try setting up the NICs with the microdrive?
First you need to find out if you can actually get any networkaccess at all. I aimagine it might be VLANs to whatever the chip under the heatsink is but they may require setting up via some out of band service like i2c which would be bad.Steve
-
Hmm, OK.
What baud rate do you see the locked BIOS at?Steve
I can see the TippingPoint OS prompt and bios password prompt at 115200. When the microdrive is in, I have to close putty and reopen it at 9600 in order to see the full boot.
-
Sometimes if you're running at 115200 the bootloader sees that as some random input when it gets to the F1 prompt and then waits for you to press return which you can't because your not actually connected.
Try booting the CF card with putty at 9600 the whole time.
Also if you've just changed the boot media you sometimes have to boot twice as the first boot halts with a message about hardware change. Only the case with some BIOSes and I wouldn't expect it on something designed for embedded but still…Steve
-
Interesting, it doesnt like my Transcend Compact Flash ULTRA 4GB Industrial.
As soon as I imaged my microdrive with the pfSense-2.1-RELEASE-512mb-i386-nanobsd.img.gz image and popped it in, it booted right away.
Here is a snippet from assigning vlan interfaces.
___ ___/ f \ / p \___/ Sense \___/ \ \___/ Welcome to pfSense 2.1-RELEASE ... Creating symlinks......done. External config loader 1.0 is now starting... ad0s3 Launching the init system... done. Initializing............................. done. Starting device manager (devd)...done. Loading configuration......done. Default interfaces not found -- Running interface assignment option. sis0: link state changed to DOWN Valid interfaces are: sis0 ff:ff:ff:ff:ff:ff (up) NatSemi DP8381[56] 10/100BaseTX Do you want to set up VLANs first? If you are not going to use VLANs, or only for optional interfaces, you should say no here and use the webConfigurator to configure VLANs later, if required. Do you want to set up VLANs now [y|n]? y VLAN Capable interfaces: sis0 ff:ff:ff:ff:ff:ff (up) Enter the parent interface name for the new VLAN (or nothing if finished): sis0 Enter the VLAN tag (1-4094): 100 VLAN Capable interfaces: sis0 ff:ff:ff:ff:ff:ff (up) Enter the parent interface name for the new VLAN (or nothing if finished): sis0 Enter the VLAN tag (1-4094): 200 VLAN Capable interfaces: sis0 ff:ff:ff:ff:ff:ff (up) Enter the parent interface name for the new VLAN (or nothing if finished): sis0 Enter the VLAN tag (1-4094): 300 VLAN Capable interfaces: sis0 ff:ff:ff:ff:ff:ff (up) Enter the parent interface name for the new VLAN (or nothing if finished): VLAN interfaces: sis0_vlan100 VLAN tag 100, parent interface sis0 sis0_vlan200 VLAN tag 200, parent interface sis0 sis0_vlan300 VLAN tag 300, parent interface sis0 *NOTE* pfSense requires *AT LEAST* 1 assigned interface(s) to function. If you do not have *AT LEAST* 1 interfaces you CANNOT continue. If you do not have at least 1 *REAL* network interface card(s) or one interface with multiple VLANs then pfSense *WILL NOT* function correctly. If you do not know the names of your interfaces, you may choose to use auto-detection. In that case, disconnect all interfaces now before hitting 'a' to initiate auto detection. Enter the WAN interface name or 'a' for auto-detection: sis0_vlan100 Enter the LAN interface name or 'a' for auto-detection NOTE: this enables full Firewalling/NAT mode. (or nothing if finished): sis0_vlan200 Enter the Optional 1 interface name or 'a' for auto-detection (or nothing if finished): sis0_vlan300 Enter the Optional 2 interface name or 'a' for auto-detection (or nothing if finished): The interfaces will be assigned as follows: WAN -> sis0_vlan100 LAN -> sis0_vlan200 OPT1 -> sis0_vlan300 Do you want to proceed [y|n]?y Writing configuration...done. Updating configuration...done. Cleaning backup cache...done. Setting up extended sysctls...done. Setting timezone...done. Configuring loopback interface...done. vlan0: changing name to 'sis0_vlan100' Starting Securevlan1: changing name to 'sis0_vlan200' Shell Services.vlan2: changing name to 'sis0_vlan300' ..done. Setting up polling defaults...done. Setting up interfaces microcode...done. Configuring loopback interface...done. Creating wireless clone interfaces...done. Configuring LAGG interfaces...done. Configuring VLAN interfaces...done. Configuring QinQ interfaces...done. Configuring WAN interface...Generating new MAC address.done. Configuring LAN interface...done. Syncing OpenVPN settings...done. Configuring firewall......done. Starting PFLOG...done. Setting up gateway monitors...done. Synchronizing user settings...done. Starting webConfigurator...done. Configuring CRON...done. Starting DNS forwarder...done. Starting NTP time client...done. Starting DHCP service...done. Starting DHCPv6 service...done. Configuring firewall......done. Generating RRD graphs...done. Starting syslog...done. Starting CRON... done. Bootup complete FreeBSD/i386 (pfSense.localdomain) (console) *** Welcome to pfSense 2.1-RELEASE-nanobsd (i386) on pfSense *** WAN (wan) -> sis0_vlan100 -> LAN (lan) -> sis0_vlan200 -> v4: 192.168.1.1/24 OPT1 (opt1) -> sis0_vlan300 -> 0) Logout (SSH only) 8) Shell 1) Assign Interfaces 9) pfTop 2) Set interface(s) IP address 10) Filter Logs 3) Reset webConfigurator password 11) Restart webConfigurator 4) Reset to factory defaults 12) pfSense Developer Shell 5) Reboot system 13) Upgrade from console 6) Halt system 14) Disable Secure Shell (sshd) 7) Ping host 15) Restore recent configuration Enter an option: -
Can you try setting up the NICs with the microdrive?
First you need to find out if you can actually get any networkaccess at all. I aimagine it might be VLANs to whatever the chip under the heatsink is but they may require setting up via some out of band service like i2c which would be bad.Steve
So even after assigning vlan's 100, 200, and 300 to the sis0 interface, no interfaces come alive when I plug in a CAT5 cable to each of the 6 jacks.
-
And here is our mystery chip under the heatsink.
-
Ok so as suspected a switch IC. These are normally configured via spi in soho routers but usually (often) that's only neccessary if you need to change the default config.
You can't just assign VLANs at random. Assign the sis interface directly. Run a packet capture on it. Whilst it's running send some traffic into external switch ports. Now look at the capture to see what vlans traffic arrived on. Of course you'll have to get the capture file off the box to analyse it, or do it the hard way. ;)Steve
-
You can't just assign VLANs at random. Assign the sis interface directly.
Steve
I need 2 interfaces before pfsense will proceed, do I assign one generic vlan as WAN and then assign the sis0 directly to LAN? How would you do it?
-
PfSense only requires 1 interface. But yes you could use one real interface and one VLAN interface.
The other possibility is that the default config of the switch is no vlans at all, just like an unmanaged switch.Steve
-
I'm keeping an eye on this thread :)
-
I wonder if this has similar hardware :P
http://www.ebay.ca/itm/HP-Tippingpoint-Core-Controller-48-Port-Gigabit-Switch-/321258224413?pt=US_Network_Switches&hash=item4acc7b7b1d -
Unlikely. You need some serious power for a 48 port gig switch. You're suggesting it might have an x86 backend? Maybe if it has any firewall or routing features. I doubt it though.
Steve
-
You're suggesting it might have an x86 backend?
SteveIts a posibility…
And that's what I'm after :)
-
PfSense only requires 1 interface. But yes you could use one real interface and one VLAN interface.
The other possibility is that the default config of the switch is no vlans at all, just like an unmanaged switch.Steve
Ive now assigned sis0 as LAN and since it asked for WAN first, I just filled in a random vlan name. However, nomatter what cable or port I plug into, none of the ports light up. They dont recognize that a cat5 cable is plugged in.
If it doesnt see that a cat5 cable is plugged in, how is a packet capture going to work? Dont we first have to work through getting sis0 "UP"?
-
Ah, well that makes things a lot more complex. If the default config of the switch is no config at all, everything off, then it needs to be configured before anything will work.
Yes you need to see sis0 as UP before anything else.
Where are you reading this though, at the console I assume. What do you see from 'ifconfig -a'? If it is vlans only at sis0 then an interface set to use no tags or vlan1 might show as down. What does is show for media and status?Steve
-
Im doing everything from the console at this point.
Enter an option: 1 Valid interfaces are: sis0 02:63:c0:d6:7b:7e (up) NatSemi DP8381[56] 10/100BaseTX Do you want to set up VLANs first? If you are not going to use VLANs, or only for optional interfaces, you should say no here and use the webConfigurator to configure VLANs later, if required. Do you want to set up VLANs now [y|n]? y WARNING: all existing VLANs will be cleared if you proceed! Do you want to proceed [y|n]?y VLAN Capable interfaces: sis0 02:63:c0:d6:7b:7e (up) Enter the parent interface name for the new VLAN (or nothing if finished): sis0 Enter the VLAN tag (1-4094): 1 VLAN Capable interfaces: sis0 02:63:c0:d6:7b:7e (up) Enter the parent interface name for the new VLAN (or nothing if finished): VLAN interfaces: sis0_vlan1 VLAN tag 1, parent interface sis0 *NOTE* pfSense requires *AT LEAST* 1 assigned interface(s) to function. If you do not have *AT LEAST* 1 interfaces you CANNOT continue. If you do not have at least 1 *REAL* network interface card(s) or one interface with multiple VLANs then pfSense *WILL NOT* function correctly. If you do not know the names of your interfaces, you may choose to use auto-detection. In that case, disconnect all interfaces now before hitting 'a' to initiate auto detection. Enter the WAN interface name or 'a' for auto-detection: sis0_vlan1 Enter the LAN interface name or 'a' for auto-detection NOTE: this enables full Firewalling/NAT mode. (or nothing if finished): sis0 Enter the Optional 1 interface name or 'a' for auto-detection (or nothing if finished): The interfaces will be assigned as follows: WAN -> sis0_vlan1 LAN -> sis0 Do you want to proceed [y|n]?y Writing configuration...done. One moment while we reload the settings... done! *** Welcome to pfSense 2.1-RELEASE-nanobsd (i386) on pfSense *** WAN (wan) -> sis0_vlan1 -> LAN (lan) -> sis0 -> v4: 10.0.0.169/24 0) Logout (SSH only) 8) Shell 1) Assign Interfaces 9) pfTop 2) Set interface(s) IP address 10) Filter Logs 3) Reset webConfigurator password 11) Restart webConfigurator 4) Reset to factory defaults 12) pfSense Developer Shell 5) Reboot system 13) Upgrade from console 6) Halt system 14) Enable Secure Shell (sshd) 7) Ping host 15) Restore recent configuration Enter an option:[2.1-RELEASE][root@pfSense.localdomain]/root(1): ifconfig -a sis0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=83808 <vlan_mtu,wol_ucast,wol_mcast,wol_magic,linkstate>ether 02:63:c0:d6:7b:7e inet6 fe80::7422:d7c0:c46:842%sis0 prefixlen 64 scopeid 0x1 inet 10.0.0.169 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=1 <performnud>media: Ethernet autoselect (none) status: no carrier enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 pflog0: flags=100 <promisc>metric 0 mtu 33192 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 nd6 options=3 <performnud,accept_rtadv>sis0_vlan100: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 02:63:c0:d6:7b:7e inet6 fe80::7422:d7c0:c46:842%sis0_vlan100 prefixlen 64 scopeid 0x6 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none) status: no carrier vlan: 100 vlanpcp: 0 parent interface: sis0 sis0_vlan200: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 02:63:c0:d6:7b:7e inet6 fe80::7422:d7c0:c46:842%sis0_vlan200 prefixlen 64 scopeid 0x7 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none) status: no carrier vlan: 200 vlanpcp: 0 parent interface: sis0 sis0_vlan300: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 02:63:c0:d6:7b:7e inet6 fe80::7422:d7c0:c46:842%sis0_vlan300 prefixlen 64 scopeid 0x8 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none) status: no carrier vlan: 300 vlanpcp: 0 parent interface: sis0 sis0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 02:63:c0:d6:7b:7e inet6 fe80::7422:d7c0:c46:842%sis0_vlan1 prefixlen 64 scopeid 0x9 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none) status: no carrier vlan: 1 vlanpcp: 0 parent interface: sis0 [2.1-RELEASE][root@pfSense.localdomain]/root(2):</performnud,accept_rtadv></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></performnud></vlan_mtu,wol_ucast,wol_mcast,wol_magic,linkstate></up,broadcast,running,simplex,multicast> -
sis0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=83808 <vlan_mtu,wol_ucast,wol_mcast,wol_magic,linkstate>ether 02:63:c0:d6:7b:7e inet6 fe80::7422:d7c0:c46:842%sis0 prefixlen 64 scopeid 0x1 inet 10.0.0.169 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=1 <performnud>media: Ethernet autoselect (none) status: no carrier</performnud></vlan_mtu,wol_ucast,wol_mcast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>Hmm, well that doesn't look good. I would expect that sis0 is always connected to the switch. The switch may have autonegotiation disabled on that port. You could try setting sis0 to 100Mbps FD and see if shows carrier. Though even if auto was disabled it should still fall back to 10Mb HD if a connection is detected. :-\
You might be able to port (if someone else hasn't done it already some roboswitch code from, for example, OpenWRT.
Steve
