Getting only 80mbps on a 175mbps WAN connection
-
Well, I would put something on tagged 34 on WAN and tagged 34 on OPT and be sure they can talk. Again, I'd be using a switch for this, not a pfSense bridge.
Or I'd start looking at packet captures to make sure the bridge is doing what you need and that the traffic from the unit is really on tagged 34.
-
Check your firewall logs. Do you see a load of hits on WAN_34 (or whatever you called it)?
Then run a packet capture to make sure you are seeing any VLAN34 tagged traffic.
IPTV is probably multicast or broadcast so you may need to add that capability to the bridge or add IP options to any firewall rules.
I agree though to be honest this is a waste of good firewall interfaces unless you are really planning to filter the IPTV traffic in some way. Just get a cheap managed switch and use it to separate the two VLAN connections at the ONT.
Of course you may find that the homehub won't handle the IPTV traffic at all unless it has an internet connection to pass back data (like everything you ever view! ;))
Lastly you will not be the first person out there to try this. Someone else will have done it and blogged it so it's probably more productive to research first than to experiment, even though that's the fun part.Steve
-
Looks like the homehub can run just the IPTV part without any problems:
http://blog.ngpixel.com/post/104449747538/how-to-bypass-bell-fibe-hub-and-use-your-own-router
Notice that he references VLAN36 for the IPTV though. ???Steve
-
OK some more reading:
http://www.dslreports.com/forum/r29091659-Bell-IPTV-Next-Phase
Looks like you need some 802.1p settings after all if you want to keep the APU in line.Steve
-
OK so it's confirmed that IPTV traffic is on VLAN 36. Set up a VLAN 36 interface from the ONT, and did DHCP on it (which is what the Home Hub 2000 does), and it got an IP address in the range that the Home Hub 2000 gets for IPTV, so that's working.
The question is… somehow the Home Hub 2000 uses the LAN for the set top boxes but couples the IPTV VLAN in there. I'm guessing the set top boxes use VLAN 1 (untagged) for normal IP traffic (there are apps and stuff in the STBs), and then VLAN 36 for the TV stuff.
So my question is, how do I combine the normal LAN and VLAN 36 into the LAN port and then onto my network?
I currently have it "separately" in the virtual interface, but I need to combine it somehow with the LAN which is currently working perfectly for NAT.
Yes, my goal is to completely be rid of the Home Hub 2000... I couldn't get that other configuration working.
Thanks guys,
Robert
-
How does the home hub physically talk to the STBs? Are they Ethernet? Wi-Fi? MoCA?
I'm starting to get a little lost. Maybe it's time for a summary drawing populated with what we know.
ONT ethernet (outside) interface:
TAGGED VLAN 35 INTERNET
TAGGED VLAN 36 IPTV (Must be .1p >=4 ??)HOME HUB ethernet (inside) interface:
UNTAGGED INTERNET ??
TAGGED VLAN 36 IPTV ??Do the STBs use the same VLAN as your general internet or are there three? IPTV, STB internet, and general internet?
Are we talking about this with VLAN 36 instead of 34 for IPTV?
-
Yup, we're talking that.
I have the Home Hub 2000 (made by Sagemcom) instead of the Actiontec.
From that diagram, it looks like the STBs don't use the same LAN as the rest of the network, but I remember my STB did have an IP address in the same subnet as my LAN.
I'm going to reconnect the Home Hub 2000 just to confirm that, but I'm pretty sure that's how it worked.
Is there any way to combine two VLANs together? Basically the normal LAN which gets NATed, but then I want to add the VLAN 36 from the ONT onto that. That might be a stupid question, I'm not a network expert by any means. :)
-
Is there any way to combine two VLANs together?
Combine them into what? Ethernet? Wi-Fi? MoCA? How are the STBs physically connected (for the third time?)
-
Is there any way to combine two VLANs together?
Combine them into what? Ehternet? Wi-Fi? MoCA? How are the STBs physically connected (for the third time?)
I'm sorry, you're right, I did keep asking that.
They (I actually only have one) are connected by Ethernet.
-
Two vlans are combined together on ethernet all the time with VLAN tags. It is possible for one and only one VLAN on the port to be untagged. If the pfSense interface in question was re2, you would:
Create VLAN X on re2
Assign the untagged VLAN to re2
Assign the tagged VLAN to re2_vlanXBut without knowing exactly what needs to be done it's all just a lot of guessing.
Do we know what VLAN tags are being used by the Home Hub to talk to the STBs on the private side?
Do you have a managed switch or not?
-
In one of those posts I linked to it implied that the supplied router simply bridged VLAN36 onto the LAN.
Steve
-
Two vlans are combined together on ethernet all the time with VLAN tags. It is possible for one and only one VLAN on the port to be untagged. If the pfSense interface in question was re2, you would:
Create VLAN X on re2
Assign the untagged VLAN to re2
Assign the tagged VLAN to re2_vlanXBut without knowing exactly what needs to be done it's all just a lot of guessing.
Do we know what VLAN tags are being used by the Home Hub to talk to the STBs on the private side?
Do you have a managed switch or not?
You are awesome for continuing to help me, thank you!!
So, my LAN port is re1 (that's the one where NATing occurs and gets the rest of my network out to the internet).
I have extracted VLAN 36 from re0 which is connected to the ONT, just as I have extracted VLAN 35 from re0 in order to get general internet access which works great.
So currently:
physically:
ONT (port 1) -> pfSense (re0)
pfSense (re1) -> 24-port switch (port 1)
24-port switch (port 2) -> desktop
24-port switch (port 3) -> Bell STBVLAN:
ONT (VLAN 35) -> pfSense (re0_vlan35)
ONT (VLAN 36) -> pfSense (re0_vlan36)re0_vlan35 is doing PPPoE to get a public IP and that works great. I then NAT re1 to re0_vlan35
re0_vlan36 is doing DHCP to get a private IP from Bell's data center and that is working too.I just don't know how to get that VLAN onto the re1 physical LAN and have it propagate through my switch. I also have to do QoS on it and make sure it is set to 4 somewhere…
Yes I have a fully managed switch which is currently operating in "dumb" mode except for two ports which are LAGged for a Lenovo NAS.
I don't know which VLAN tags are being sent out on the LAN by the Home Hub 2000 when it is set up as the router. I suppose I will have to connect it all together and do some packet capturing. I was just hoping to avoid that. :)
@Steve, that's exactly what I want to try. :)
-
Add a VLAN36 interface to re1.
Disable DHCP on re0_VLAN36, set it as type 'none'. The set top box needs to pull an IP from Bell not your firewall.
Make sure those sysctls are still set to remove filtering on bridge members.
Add a bridge that includes re0_VLAN36 and re1_VLAN36.Hope.
Steve
-
Add a VLAN36 interface to re1.
Disable DHCP on re0_VLAN36, set it as type 'none'. The set top box needs to pull an IP from Bell not your firewall.
Make sure those sysctls are still set to remove filtering on bridge members.
Add a bridge that includes re0_VLAN36 and re1_VLAN36.Hope.
Steve
Done (see attached). Fingers crossed. Restarting the STB now.
-
Question, where do I set the QoS to 4? On which interface?
The STB is still booting :P
–--
10 minutes later...
It's still booting, well, it's stuck on a screen that just says "Bell Fibe", so I have a feeling it might just sit here.
It was on before even though there was no signal, but I had turned it on when it did have a signal. Maybe if it doesn't get a signal, it just doesn't boot? That would be kinda weird...
I'll keep tinkering with it tomorrow, my girlfriend wants me to prove I exist. :P
The next morning....
So the STB sat at the "Bell Fibe" screen all night and didn't boot up fully into a menu. ARGH! That's pretty ridiculous. The nice thing about the STB system info page is it shows its IP address as well as whether or not IPTV is connected. I'm assuming IP address it gets from DHCP and IPTV on or off is determined by whether or not it can find VLAN 36.
I will go back to the drawing board today. :)
-
I only had a chance to try something now. Here's what I tried:
I plugged the ONT into an un-managed 1gigabit switch (port 1 – but port is irrelevant)
I plugged the WAN port of the pfSense box into the same gigabit switch (port 23)
I plugged the WAN port of the Home Hub 2000 into the same gigabit switch (port 24)
I told the Home Hub 2000 not to do internet (by putting in the wrong PPPoE password)Like this, everything works... both internet and TV.
So it begs the question, why isn't the bridge from VLAN 36 on the WAN port of the pfSense to VLAN 36 on the OPT1 port working?
I'm ok with using the Home Hub 2000 for TV service... I can live with that, but I just don't understand why the pfSense bridge isn't working.
Maybe I should "waste" three ports on my 24-port fully managed switch to do what the outside un-managed switch is doing?
I'm not sure how to make a network "segment" using my Netgear GS724T, but I imagine there must be a way...
OK so when I say TV is working perfectly, I mean, that I can watch TV.
But when I try to run apps which rely on an internet connection, it doesn't work... just another reason why I need to get this VLAN 36 bridged. ARGH!!!
The Home Hub 2000 is definitely doing DHCP to the Fibe service... I don't know what it does once it connects though. That is most probably why just bridging VLAN 36 isn't working, I really need to do DHCP for some reason. Although my set top box gets a private IP on the same network as any other internet device connecting to the Home Hub...
I guess I really need to talk to a Bell network expert to know what's going on in there.
-
It could well be the QoS thing. Could also be IP options not getting through.
I think i would be doing some packet sniffing at this point.Steve
-
So I got a chance to email a senior Bell technician who is helping me out on the case… here was his short but sweet reply (see attached).
I'm not completely sure what he means by it...
I'm thinking the 10.0.0.0/16 is wrong, it should likely be 10.0.0.0/8. Problem is I use 10.50.0.0/16 as my LAN, so this might be an issue. But I got DHCP working on the VLAN36 of WAN side, and I get an IP of 10.240.0.0, so I could maybe just route that. I attached a screenshot of the route I made. Not sure if that's right.
Also, I don't know if I need to bridge VLAN36 back to the LAN interface... I've asked him, don't know if he'll reply. :)
Edit: Would someone be able to tell me where I'm supposed to set the QoS settings?
-
I wouldn't ask him what to do, I would ask him for the specifics of what his gear expects in an equipment-agnostic fashion. Then we just make pfSense do that.
Are you still guessing that you need QoS or do you know that you need QoS?
-
I wouldn't ask him what to do, I would ask him for the specifics of what his gear expects in an equipment-agnostic fashion. Then we just make pfSense do that.
Are you still guessing that you need QoS or do you know that you need QoS?
Yes, he's totally giving me equipment agnostic info, which is awesome. He's telling me what to set up etc…
It turns out the current issue is an IGMP issue. I need to proxy 224.0.0.0/4 to the IPTV LAN. That's what I'm working on now. I can't quite get it though. I might have my settings wrong.
I manage to get 5 seconds of TV (which is sent TCP unicase), but then when it kicks into IGMP multicast mode, I lose TV. :( There are other articles about this on the net, but none that applies specifically to Bell Fibe.
I'm super close though!
