Duplex Problem
-
Have you tried changing the NIC settings under "Interfaces->WAN->Spped and Duplex->Advanced"?
You should be able to lock the NIC at 100B-TXFD from there. I don't remember if you need a reboot after making cjanges there.Failing that,as a quick test, what happens if you put 100Mb switch in between the router and the modem?
I'm guessing the modem may not behave cleanly in an autonegotiation. While not optimum, the switch inline may at least improve performance somewhat.
-
The pull-down in Interfaces->WAN->Advanced shows as 100B-TX Full Duplex. Yet the Dashboard and Status->Interfaces show as half duplex. Speed tests corroborate half duplex. And running ifconfig as in the image I attached, if I read it right, it says that it's been told to run as FD but is actually running only half duplex.
I do have a different pfsense box I could throw in to see if it lets me force the right setting.
-
In general pfSense does a good job working with a wide variety of hardware combinations but as always there are exceptions.
It's probably a good idea to try the NIC swap then, Realtek chipset NICs have been more problematic than others while Intel based are generally better.
Barring that if you have another box (different Motherboard/NICs ?) that might also be worth a try.
I still think putting a switch inline could be worthwhile as well.
I found an older thread that may give some insight into the basic issues: https://forum.pfsense.org/index.php?topic=55791.msg298136#msg298136
-
Yep, try swapping wan and lan, use em0 to connect at 100Mb FD. A switch in line will only help if you're able to fix the port speed on it, probably a waste of a managed switch.
Steve
Edit: typo
-
Thanks Stephen. That was sort of my thought too. And I don't have a spare managed switch to throw at this. I'll try moving the WAN port to the Intel card and see what happens.
-
Some Realtek NICs just refuse to disable autonegotiation, which is exactly what you're showing there. It was configured with fixed speed and duplex, but the NIC isn't using it. Switch the NICs around as Steve noted and you'll be fine. Or if you can convince your ISP it's no longer 1995 and autonegotiation works perfectly fine 99.99999999% of the time so they should just enable it, you'll be fine with the re NIC.
-
cmb> I agree that all ISPs should set their devices to autonegotiate. But in Columbus, I have a few clients using TW Telecom fiber and in every install I've ever seen from them, their box mandates the router/firewall be hard set to 100B-TX FD. I don't know what they do nationwide, but that's my experience so far. I suppose it's worth inquiring about, but in most cases asking an ISP for changes of this sort I may as well be talking to the wall.
In this instance, I built a 2U rack-mount box which allowed me to use an Intel card. But. . . if some Realtek NICs refuse to disable autonegotiation it makes me really nervous about moving to the APU2 or APU4 - which use Realtek's 8111E. My go-to board used to be the Intel D2500CC, but with Intel exiting the motherboard business there just aren't many choices left if you want a Mini ITX board with dual Intel NICs. It makes it a lot tougher to build a small form factor box.
-
Most are willing to change the CPE to auto if you ask, I've had AT&T (fiber services) and TWTelecom do that in the past in situations with customers where we couldn't or didn't want to force it.
It's something we should be able to fix for the APU at least.
https://redmine.pfsense.org/issues/3870 -
As an update to this. . .today I switched the ports and made the Intel port the WAN and the Realtek the LAN.
The Intel autonegotiated to 100B-TX Half Duplex as expected. Figured I'd try just using the GUI to set the Intel to 100B-TX Full Duplex. And lo & behold the Intel actually set to 100B-TX FD. And speed was instantly as expected.It's bittersweet because the Intel D2500CCE was my go-to motherboard and while I can still get them I don't know how long that will be true. I wish there were more options for mITX motherboards with dual Intel NICs.
Mike Castaldi
Wild Frog Consulting -
I put my cable and dsl modems on blank, untagged vlans with my WAN ports. That might enable you to go back to the realtek and hard-set the switchport to 100-Full to the cable modem.
(Security issues aside (I'd rather have a dedicated outside switch), I do it so I can put a sniffer on the outside on a mirror port.)
