Lanner 7573 Support
-
After a week or two of stumbling in the dark I have installed pfsense 2.1.3 on a lanner 7573, which is quite bleeding edge (great work, guys!)
Some caveats:
-System detects igbp0 and igbp1, but they do not seem to exist or behave normally (the only ports that actually exist are 2-5, and they are ports 1,2,3,4 on the front panel)
-ports 5 & 6 do not work, they use the intel i210 platform. the others use a marvell chipset. (2 x Intel i210AT, 1 x Marvell 88E1543 controllers)
LCD display will work, you need the lcdproc-dev package, 2x20 display, lpt0 as the port, LPT serial wiring for the connection type, and the Watchguard firebox with SDEC driver. (Should probably be renamed Lanner SDEC driver, watchguards are just rebranded lanners)- you will need to modify some boot time parameters to boot, such as editing the /boot.config to have -D on the first line;
you will also need to modify /boot/loader.conf.local with the following if you like your MBUF not filling up within 5 seconds of a network cable being plugged in
kern.cam.boot_delay=1000 kern.ipc.nmbclusers="131072" hw.igb.num_queues=1
/boot/loader.conf needs these lines added so you dont fly blind:
boot_multicons=yes boot_serial="YES" comconsole_speed="9600" #(or if you havent changed the bios from 115200, set this to 115200!) console="comconsole,vidconsole" hw.usb.no_pf="1" #(may already be in there, I know with some other hardware you need this to prevent USB ports being detected as network ports)
- could not boot from nanobsd imaged onto a compact flash. I suspect it has something to do with the CF being on the SATA bus. Watchguard people, any experience with this?
- so far I'm running full on an industrial grade CF. However I do not want this to be long term. flashing the CF disk does nothing, so I suspect there may be some settings in nanobsd that arent in the full? DMA possibly? any input here?
These are all the things I can think of right now, so far everything else just works.
- you will need to modify some boot time parameters to boot, such as editing the /boot.config to have -D on the first line;
-
The i210 ports should work as they use the same updated driver as the i354 ports (which some vendors keep labeling as Marvell). I suspect that they are the two ports you mentioned that aren't working correctly. Check the BIOS to make sure that they don't have the Bypass option forced on if your system shipped with it.
Also, unless you have a specific reason to leave it in, I'd remove the hw.igb.num_queues=1 line from your loader.conf.local. It isn't needed any more under 2.1.1+ with high core & NIC counts, all you need to do is increase nmbclusters, and in some cases it seems to have contributed to abnormally-high latency.
-
Actually, Ermal found some problems with the i210 before 2.1.1 dropped, and we've not gotten back to it.
-
Should probably be renamed Lanner SDEC driver, watchguards are just rebranded lanners
Interestingly that driver was originally developed for the Watchguard X-Core boxes which actually used an SDEC LCD and was not manufactured by Lanner.
Steve
-
@gonzopancho:
Actually, Ermal found some problems with the i210 before 2.1.1 dropped, and we've not gotten back to it.
Ah, good to know.
-
I'm having some trouble with i211 ethernet controller too. Same vendor (Lanner) but a different model FW-7543.
The best result was in 2.0.3 version with serial output, but without if_igb found. I've tried compile Intel's i211 driver (different versions) in FreeBSD 8.1(i386) but without success. Only in 8.3 version it compile with success. (both i386 and amd64)
I've tried this: http://gnurds.com/index.php/2014/01/07/intel-i210-nic-in-pfsense-2-1/
Strange situation with pfs 2.1.x and 2.2 (alpha) I can't get any serial output. (I don't have VGA cable).
I'm still trying… but additional help will be appreciated! :)
-
Blooregard,
See if the following steps help.
Start with nano vga image. Modify the image / cf card directly, before install into the device.
-
create file boot.config in root directory, containing only "-h" (no qoute)
-
create file /boot/loader.conf.local
- contain "console=comconsole" (no quote) -
edit file /etc/ttys
- set entry ttyu0 to cons25 on
-
-
Try this for getting output to the com port:
https://forum.pfsense.org/index.php?topic=76382.msg418066#msg418066Steve
-
demco,
Thanks for your instructions!
But…
The output still stops at line:
IPsec: Initialized Security Association Processing.
-
Does anyone know if pfSense could be made to run on the Lanner 8893C? (since we're talking about high end Lanner devices here…)
http://www.lannerinc.com/products/x86-network-appliances/x86-rackmount-appliances/fw-8893c -
The Colleto Creek QA parts won't work. We have a few of these internally, but decided to concentrate on AES-NI first.
-
It's got a different LCD modules to previous Lanner devices so the driver mentioned above probably won't work. That may not concern you. ;)
Edit: Already confirmed as working in the first post. Presumably not all the buttons function.
Steve
-
I would have expected the 7573 to use EFI like the 7575 does. Unless I misunderstood, 2.1.3 can't boot on an EFI machine, right?
(I'd love to boot my 7575 without ESXi installed. It's a nightmare.)
-
Unless I misunderstood, 2.1.3 can't boot on an EFI machine, right?
Why do you think that? I would think that only problem if it has a non-disableable secure boot.
Steve
-
Unless I misunderstood, 2.1.3 can't boot on an EFI machine, right?
Why do you think that? I would think that only problem if it has a non-disableable secure boot.
Steve
I guess BIOS compatibility in UEFI firmware is more common than I understood.
I was able to boot from a USB key with the 2.1.3 memstick/serial image on it.
However, I was not able to get all the way to the web server and the UI. I seem to get stuck indefinitely at "Configuring WAN interface…" which in this case is igb4, an Intel 82580DB. All interfaces were correctly identified during setup.
-
Is the WAN actually connected and receiving and IP? It can take a while to timeout otherwise. NTP too.
Steve
-
Is the WAN actually connected and receiving and IP? It can take a while to timeout otherwise. NTP too.
Steve
Yes, it's connected, but it's a static IP and there's no upstream DHCP server. How long is the timeout here? There was no progress for 30 minutes.
-
Not that long and not at all if it's not waiting for DHCP. Maybe 30s max for ntp, probably less I've never timed it.
You have some other issue there.Steve
-
Not that long and not at all if it's not waiting for DHCP. Maybe 30s max for ntp, probably less I've never timed it.
You have some other issue there.Steve
Any tips for debugging it?
-
Should probably start a new thread for this different model.
Steve