Any guidance with TippingPoint S10?
-
Out of the box the unit will load pfSense from nanobsd image on compact flash. Boot up is flawless. Looks very promising.
reeBSD 8.3-RELEASE-p16 #0: Mon Aug 25 08:27:41 EDT 2014 root@pf2_1_1_i386.pfsense.org:/usr/obj.i386/usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Celeron(R) M processor 600MHz (600.02-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x695 Family = 6 Model = 9 Stepping = 5 Features=0xa7e9fbbf <fpu,vme,de,pse,tsc,msr,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,tm,pbe>real memory = 1073741824 (1024 MB) avail memory = 1026891776 (979 MB) ACPI APIC Table: <intelr awrdacpi=""> ioapic0 <version 2.0=""> irqs 0-23 on motherboard ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0738f60, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0739000, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc07390a0, 0) error 1 wlan: mac acl policy registered cryptosoft0: <software crypto=""> on motherboard padlock0: No ACE support. acpi0: <intelr awrdacpi=""> on motherboard acpi0: [ITHREAD] acpi0: Power Button (fixed) acpi0: reservation of 0, a0000 (3) failed acpi0: reservation of 100000, 3fdf0000 (3) failed Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0 cpu0: <acpi cpu=""> on acpi0 acpi_button0: <power button=""> on acpi0 pcib0: <acpi host-pci="" bridge=""> port 0xcf8-0xcff on acpi0 pci0: <acpi pci="" bus=""> on pcib0 vgapci0: <vga-compatible display=""> port 0xff00-0xff07 mem 0xfdf00000-0xfdf7ffff,0xd0000000-0xdfffffff,0xfdf80000-0xfdfbffff irq 16 at device 2.0 on pci0 pcib1: <acpi pci-pci="" bridge=""> irq 16 at device 28.0 on pci0 pci1: <acpi pci="" bus=""> on pcib1 em0: <intel(r) 1000="" pro="" network="" connection="" 7.3.8=""> port 0xdf00-0xdf1f mem 0xfdae0000-0xfdafffff irq 16 at device 0.0 on pci1 em0: Using an MSI interrupt em0: [FILTER] pcib2: <acpi pci-pci="" bridge=""> irq 17 at device 28.1 on pci0 pci2: <acpi pci="" bus=""> on pcib2 em1: <intel(r) 1000="" pro="" network="" connection="" 7.3.8=""> port 0xcf00-0xcf1f mem 0xfd6e0000-0xfd6fffff irq 17 at device 0.0 on pci2 em1: Using an MSI interrupt em1: [FILTER] pcib3: <acpi pci-pci="" bridge=""> irq 18 at device 28.2 on pci0 pci3: <acpi pci="" bus=""> on pcib3 em2: <intel(r) 1000="" pro="" network="" connection="" 7.3.8=""> port 0xaf00-0xaf1f mem 0xfdee0000-0xfdefffff irq 18 at device 0.0 on pci3 em2: Using an MSI interrupt em2: [FILTER] pcib4: <acpi pci-pci="" bridge=""> irq 19 at device 28.3 on pci0 pci4: <acpi pci="" bus=""> on pcib4 em3: <intel(r) 1000="" pro="" network="" connection="" 7.3.8=""> port 0xef00-0xef1f mem 0xfdce0000-0xfdcfffff irq 19 at device 0.0 on pci4 em3: Using an MSI interrupt em3: [FILTER] uhci0: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-a=""> port 0xfe00-0xfe1f irq 23 at device 29.0 on pci0 uhci0: [ITHREAD] usbus0: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-a=""> on uhci0 uhci1: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-b=""> port 0xfd00-0xfd1f irq 19 at device 29.1 on pci0 uhci1: [ITHREAD] usbus1: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-b=""> on uhci1 ehci0: <intel 82801fb="" (ich6)="" usb="" 2.0="" controller=""> mem 0xfdfff000-0xfdfff3ff irq 23 at device 29.7 on pci0 ehci0: [ITHREAD] usbus2: EHCI version 1.0 usbus2: <intel 82801fb="" (ich6)="" usb="" 2.0="" controller=""> on ehci0 pcib5: <acpi pci-pci="" bridge=""> at device 30.0 on pci0 pci5: <acpi pci="" bus=""> on pcib5 pci5: <unknown> at device 3.0 (no driver attached) em4: <intel(r) 1000="" pro="" legacy="" network="" connection="" 1.0.6=""> port 0xbf00-0xbf3f mem 0xfd9c0000-0xfd9dffff,0xfd9a0000-0xfd9bffff irq 18 at device 4.0 on pci5 em4: [FILTER] isab0: <pci-isa bridge=""> at device 31.0 on pci0 isa0: <isa bus=""> on isab0 atapci0: <intel ich6="" udma100="" controller=""> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xfa00-0xfa0f at device 31.1 on pci0 ata0: <ata channel=""> at channel 0 on atapci0 ata0: [ITHREAD] ata1: <ata channel=""> at channel 1 on atapci0 ata1: [ITHREAD] atapci1: <intel ich6m="" sata150="" controller=""> port 0xf900-0xf907,0xf800-0xf803,0xf700-0xf707,0xf600-0xf603,0xf500-0xf50f mem 0xfdffc000-0xfdffc3ff irq 19 at device 31.2 on pci0 atapci1: [ITHREAD] ata2: <ata channel=""> at channel 0 on atapci1 ata2: [ITHREAD] ata3: <ata channel=""> at channel 1 on atapci1 ata3: [ITHREAD] pci0: <serial bus,="" smbus=""> at device 31.3 (no driver attached) atrtc0: <at realtime="" clock=""> port 0x70-0x73 irq 8 on acpi0 uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 uart0: [FILTER] uart0: console (115200,n,8,1) uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0 uart1: [FILTER] ppc0: <parallel port=""> port 0x378-0x37f,0x778-0x77b irq 7 on acpi0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode ppc0: [ITHREAD] ppbus0: <parallel port="" bus=""> on ppc0 ppi0: <parallel i="" o=""> on ppbus0 orm0: <isa option="" rom=""> at iomem 0xef000-0xeffff pnpid ORM0000 on isa0 acpi_throttle0: <acpi cpu="" throttling=""> on cpu0 Timecounter "TSC" frequency 600024136 Hz quality 800 Timecounters tick every 10.000 msec IPsec: Initialized Security Association Processing. usbus0: 12Mbps Full Speed USB v1.0 usbus1: 12Mbps Full Speed USB v1.0 usbus2: 480Mbps High Speed USB v2.0 ad0: 3823MB <ts4gcf133 20110407=""> at ata0-master PIO4 ugen0.1: <intel> at usbus0 uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus0 ugen1.1: <intel> at usbus1 uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus1 ugen2.1: <intel> at usbus2 uhub2: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr=""> on usbus2 Root mount waiting for: usbus2 usbus1 usbus0 uhub0: 2 ports with 2 removable, self powered uhub1: 2 ports with 2 removable, self powered uhub2: 12 ports with 12 removable, self powered Trying to mount root from ufs:/dev/ufs/pfsense0 Configuring crash dumps... Mounting filesystems... Setting up memory disks... done. Disabling APM on /dev/ad0 ___ ___/ f \ / p \___/ Sense \___/ \ \___/ Welcome to pfSense 2.1.5-RELEASE ... Creating symlinks......done. External config loader 1.0 is now starting... Launching the init system... done. Initializing............................. done. Starting device manager (devd)...done. Loading configuration......done. Updating configuration...done. Cleaning backup cache........done. Setting up extended sysctls...done. Setting timezone...done. Configuring loopback interface...done. Starting syslog...done. Starting Secure Shell Services...done. Setting up polling defaults...done. Setting up interfaces microcode...done. Configuring loopback interface...done. Creating wireless clone interfaces...done. Configuring LAGG interfaces...done. Configuring VLAN interfaces...done. Configuring QinQ interfaces...done. Configuring WAN interface...done. Configuring LAN interface...done. Syncing OpenVPN settings...done. Configuring firewall......done. Starting PFLOG...done. Setting up gateway monitors...done. Synchronizing user settings...done. Starting webConfigurator...done. Configuring CRON...done. Starting DNS forwarder...done. Starting NTP time client...done. Starting DHCP service...done. Starting DHCPv6 service...done. Configuring firewall......done. Generating RRD graphs...done. Starting syslog...done. Starting CRON... done. Bootup complete FreeBSD/i386 (pfSense.localdomain) (console) *** Welcome to pfSense 2.1.5-RELEASE-nanobsd (i386) on pfSense *** WAN (wan) -> em0 -> LAN (lan) -> em4 -> v4: 192.168.1.1/24 0) Logout (SSH only) 8) Shell 1) Assign Interfaces 9) pfTop 2) Set interface(s) IP address 10) Filter Logs 3) Reset webConfigurator password 11) Restart webConfigurator 4) Reset to factory defaults 12) pfSense Developer Shell 5) Reboot system 13) Upgrade from console 6) Halt system 14) Disable Secure Shell (sshd) 7) Ping host 15) Restore recent configuration Enter an option: 8</intel></intel></intel></intel></intel></intel></ts4gcf133></acpi></isa></parallel></parallel></parallel></at></serial></ata></ata></intel></ata></ata></intel></isa></pci-isa></intel(r)></unknown></acpi></acpi></intel></intel></intel></intel></intel></intel></intel(r)></acpi></acpi></intel(r)></acpi></acpi></intel(r)></acpi></acpi></intel(r)></acpi></acpi></vga-compatible></acpi></acpi></power></acpi></intelr></software></version></intelr></fpu,vme,de,pse,tsc,msr,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,tm,pbe>
pciconf -l -v hostb0@pci0:0:0:0: class=0x060000 card=0x25908086 chip=0x25908086 rev=0x04 hdr=0x00 class = bridge subclass = HOST-PCI vgapci0@pci0:0:2:0: class=0x030000 card=0x25928086 chip=0x25928086 rev=0x04 hdr=0x00 class = display subclass = VGA pcib1@pci0:0:28:0: class=0x060400 card=0x26608086 chip=0x26608086 rev=0x04 hdr=0x01 class = bridge subclass = PCI-PCI pcib2@pci0:0:28:1: class=0x060400 card=0x26628086 chip=0x26628086 rev=0x04 hdr=0x01 class = bridge subclass = PCI-PCI pcib3@pci0:0:28:2: class=0x060400 card=0x26648086 chip=0x26648086 rev=0x04 hdr=0x01 class = bridge subclass = PCI-PCI pcib4@pci0:0:28:3: class=0x060400 card=0x26668086 chip=0x26668086 rev=0x04 hdr=0x01 class = bridge subclass = PCI-PCI uhci0@pci0:0:29:0: class=0x0c0300 card=0x26588086 chip=0x26588086 rev=0x04 hdr=0x00 class = serial bus subclass = USB uhci1@pci0:0:29:1: class=0x0c0300 card=0x26598086 chip=0x26598086 rev=0x04 hdr=0x00 class = serial bus subclass = USB ehci0@pci0:0:29:7: class=0x0c0320 card=0x265c8086 chip=0x265c8086 rev=0x04 hdr=0x00 class = serial bus subclass = USB pcib5@pci0:0:30:0: class=0x060401 card=0x24488086 chip=0x24488086 rev=0xd4 hdr=0x01 class = bridge subclass = PCI-PCI isab0@pci0:0:31:0: class=0x060100 card=0x26418086 chip=0x26418086 rev=0x04 hdr=0x00 class = bridge subclass = PCI-ISA atapci0@pci0:0:31:1: class=0x01018a card=0x266f8086 chip=0x266f8086 rev=0x04 hdr=0x00 class = mass storage subclass = ATA atapci1@pci0:0:31:2: class=0x01018f card=0x26538086 chip=0x26538086 rev=0x04 hdr=0x00 class = mass storage subclass = ATA none0@pci0:0:31:3: class=0x0c0500 card=0x266a8086 chip=0x266a8086 rev=0x04 hdr=0x00 class = serial bus subclass = SMBus em0@pci0:1:0:0: class=0x020000 card=0x00008086 chip=0x109a8086 rev=0x00 hdr=0x00 class = network subclass = ethernet em1@pci0:2:0:0: class=0x020000 card=0x00008086 chip=0x109a8086 rev=0x00 hdr=0x00 class = network subclass = ethernet em2@pci0:3:0:0: class=0x020000 card=0x00008086 chip=0x109a8086 rev=0x00 hdr=0x00 class = network subclass = ethernet em3@pci0:4:0:0: class=0x020000 card=0x00008086 chip=0x109a8086 rev=0x00 hdr=0x00 class = network subclass = ethernet none1@pci0:5:3:0: class=0xff0000 card=0x00010001 chip=0x0001a727 rev=0x00 hdr=0x00 em4@pci0:5:4:0: class=0x020000 card=0x002e1903 chip=0x10768086 rev=0x05 hdr=0x00 class = network subclass = ethernet [2.1.5-RELEASE][root@pfSense.localdomain]/root(2): exit
Enter an option: 1 Valid interfaces are: em0 00:07:99:a2:75:bf (up) Intel(R) PRO/1000 Network Connection 7.3.8 em1 00:07:99:a2:75:c0 (down) Intel(R) PRO/1000 Network Connection 7.3.8 em2 00:07:99:a2:75:c1 (down) Intel(R) PRO/1000 Network Connection 7.3.8 em3 00:07:99:a2:75:c2 (down) Intel(R) PRO/1000 Network Connection 7.3.8 em4 00:07:99:a2:75:be (up) Intel(R) PRO/1000 Legacy Network Connection 1.0.6 Do you want to set up VLANs first?
Here is the problem. I see all the interface, but can only access em4, which is the legacy intel gigabit interface. em0 to em3 seem dead. There are no lights on them, they do not detect a wire plugged into the port. I found some information from an X506 device https://forum.pfsense.org/index.php?topic=72916.0, but I think this unit is totally different. These interfaces are not switch IC, they seem like real network interface.
I thought there maybe a bios option to turn them on/off. There is no bios prompt on boot.
em4 is labeled management on the unit.
-
I think you are using an older pfSense, could that be? I read BSD 8, while pfSense 2.2 is at version 10 I think. If you are using an older version, could you try a newer version instead?
-
Thanks for fast reply. I initially had pfsense 2.2 nano. In this version, none of the ports work, even em4 did not work.
-
Looks like it has some sort of network bypass that's getting in the way. It may be possible to disable that with jumpers or in the BIOS if you can get to it. The BIOS is probably accessed via 115200bps and try hitting TAB.
Steve
-
Could you post one or more high-res photos of the inside of the box? That would make it easier to see how it's built and how it's working.
-
Yep. I can find almost no documentation on the box so it's hard to say quite how those NICs are connected. Could be internal switches with mirror ports for the IDS.
Fun. ;)Steve
-
Serial connection to unit was easy. Boot message does not prompt for bios access. I think your on to something regarding "network bypass." When I get home tonight, I will post some high res photos.
-
Unfortunately only 2 mac address are shown in the sticker. I was able to identify 3 pins that could be change/alter. The one on the first picture with "???" in top left corner, I'm not sure what this jumper is for. There are no marking to indicate what is does. One way at the bottom next to CF card is for selecting master/slave. There is one pin next to battery, I'm assuming this is for resetting bios.
Boot Screen
Load End drivers BIOS V1.0.7 Memory Testing : OK ... TippingPoint OS BSP [m10 1.2] Bootloader [20] Creation date: Jul 22 2009, 17:27:19
Control C give the below prompt. I think it already is running from disk and not a bios prompt. You can see I typed the "@" to continue the boot process.
Load End drivers BIOS V1.0.7 Memory Testing : OK ... TippingPoint OS BSP [m10 1.2] Bootloader [20] Creation date: Jul 22 2009, 17:27:19 Press Control-C to stop auto-boot... 2 Type '@' to continue boot, or 'h' for help [VxWorks Boot]: @ boot device : ata=0,0 unit number : 0 processor number : 0 host name : NDS file name : auto flags (f) : 0x0 Attaching to ATA disk device... done. /boot/2.5.5.6994/vxWorks [0c3ca432ffef42a5a746da5469573ac3] Loading /boot/2.5.5.6994/vxWorks....13275344 + 1222576 + 14761892 Starting at 0x108000...
The rest of the boot process from TippingPoint OS
Attaching interface lo0...done Adding 32415 symbols for standalone. Initialize Memory.......................[OK] Add reboot hooks........................[OK] Start CPU Resource Monitoring...........[OK] Initialize System Clock.................[OK] 2015-03-16 05:38:13 [UTC] Set Boot Time...........................[OK] Calculate CPU Speed.....................[OK] 600.104 MHz Identify Host Type......................[OK] n1 Identify HW.............................[OK] A (A-10LF) gei Mount Storage Device....................[OK] Mount File System.......................[OK] /boot/ - Volume is OK /opt/ - Volume is OK /usr/ - Volume is OK /log/ - Volume is OK Initialize IPC..........................[OK] Initialize Paths........................[OK] Read Configuration Files................[OK] Apply Task Environment..................[OK] Apply ATA Environment...................[OK] Apply LCD Environment...................[OK] Create /ramLog..........................[OK] Create /ramTmp..........................[OK] Initialize System Log...................[OK] Initialize License Manager..............[OK] Initialize Update subsystem.............[OK] Create /ramRO...........................[OK] Load RAM Disk...........................[OK] Set Memory Protection...................[OK] 0x3fe8f800 Performing Host/Model Checks............[OK] Software chassis Initialize Network Processor............[OK] Initialize IPM..........................[NOT DETECTED] Read TOS metadata.......................[OK] ver=2.5.5.6994 Read DV metadata........................[OK] ver=2.5.2.7735 Read bootloader metadata................[OK] ver=20 cnt=33 Initialize Audit log....................[OK] Initialize Block Log....................[OK] Initialize Alert Log....................[OK] Initialize SNMP.........................[OK] Initialize Email........................[OK] Initialize Remote Syslog................[OK] Validating Certificate..................[OK] _____ ____ _ |_ _|_ _ __ _ __ _ _ __ __ _| _ \ ___ _ _ __ | |_ | | | | '_ \| '_ \| | '_ \ / _` | |_) / _ \| | '_ \| __| | | | | |_) | |_) | | | | | (_| | __/ (_) | | | | | |_ |_| |_| .__/| .__/|_|_| |_|\__, |_| \___/|_|_| |_|\__| |_| |_| |___/ TippingPoint - Austin, Texas, USA - www.tippingpoint.com TOS Version : 2.5.5.6994 Build Date: Aug 31 2009, 16:35:01 Digital Vaccine : 2.5.2.7735 Serial: U10C-99A2-75BE Hardware Rev : A (A-10LF) Loading........ Login:
-
So you have a load of lan-bypass relays. They are why you can't connect to any port other the management port. You will have to disable those (or enable them perhaps) to be able to use it.
It's curious that you have 4 NIC chips. It's hard to see how those are connected. 1 is the management port and I woulfd guess that 2 are for the by-pass 'segments', maybe the other one was for some 3 segment model. Are you sure that they are all identical chips? The last one is the same under the heat spreader? They show as differently detected in your logs above.If you can't access the bios at all you could try dumping the BIOS with flashrom from pfSense and looking through it for clues.
Steve
-
TP's OS is based upon redhat/fedora Linux (unless they've changed it)…it use to run the stock images and has since been re-skinned for a bit of background. The controllers you have on that box are PC82573L's (http://www.intel.com/content/dam/doc/datasheet/82573-gbe-controllers-datasheet.pdf), as usual they like older controllers. The 82573L controller was first released almost 10-yrs ago. Take a look at (https://downloadcenter.intel.com/download/17509/Network-Adapter-Gigabit-Base-Driver-for-FreeBSD-) for the current version of the drivers, though they were designed for the FreeBSD 9.x kernel.
-
@Patrick_:
TP's OS is based upon redhat/fedora Linux (unless they've changed it)…it use to run the stock images and has since been re-skinned for a bit of background. The controllers you have on that box are PC82573L's (http://www.intel.com/content/dam/doc/datasheet/82573-gbe-controllers-datasheet.pdf), as usual they like older controllers. The 82573L controller was first released almost 10-yrs ago. Take a look at (https://downloadcenter.intel.com/download/17509/Network-Adapter-Gigabit-Base-Driver-for-FreeBSD-) for the current version of the drivers, though they were designed for the FreeBSD 9.x kernel.
According to his serial output, this one is running vxWorks.
The BIOS has no regular interface it seems, probably only NVRAM-controlled as is quite often with vxWorks boxes.Regarding the jumper in the left top corner near the power connector: that looks like it is either wired into a DC-DC circuit, a AD-DA circuit (it's near an analog devices chip) or maybe simply for an optional part that is not installed.
It seems to be x86 based with full BIOS boot, maybe a dmidecode dump (if BSD has that, I know Linux does) would shed some light on what tables are there. ACPI dump would be nice too.
Regarding the escape-to-prompt option: at that stage you are in some sort of bootloader. It's not a BIOS escape prompt at that part. This is quite common, if you press ? instead of @ you should get a bunch of commands that allow for direct manipulation of addresses and their contents.
I'd love to get my hands on one of these, seems like a fun hacking project :p
Edit: I found one on eBay, going to bid on it ^^
Looks like these TippingPoint devices were stand-alone, then 3Com and then HP. For some reason they are ridiculously expensive, seeing that they are basically low-power vxWorks boxes with some ancient software… would love to hack in pfSense support for them.
Edit2: Might be that vxWorks is the bootloader and it actually loads a Unix or Linux system afterwards. Looking at the chips, there seems to be an EEPROM and a ROM, and some glue logic based on FPGA-like devices. As long as those are abstracted away by the general x86 architecture, we might be able to switch the relays in software using either GPIOs or writing bits to a special address. In the latter case, we really do need ROM dumps of pretty much everything.
Edit3: Those ULN2003A's on the sides of the relay's are darlington arrays, probably used to drive the relays using TTL level signals. Turn those on (as in the power-less state the relays need to be in bypass mode, that is how bypass works ;) ) and you have accessible network ports. Since there are tons of relays and those arrays allow individual IO's to be done, it probably means that they can be individually controlled from software. So ports can be switched on and off, and be bypassed to each other in a software-defined way. So it's not like Ports 1 and 2 are hardwired to be bypassable, you could bypass any set of ports you want. (if the relays have enough pins.. it's all theory ATM). So no common bypass signal for ALL ports at once I fear.
Edit4: okay, I'm probably too enthusiastic and wrong, those relays are B4CA4 relays which allow for two separate lines to be switched. So basically you can do 2 out of 8 signal lines per port with 1 relay. There are 16 relays, so I guess that's 32 lines, which is 4 switchable ports. This is pretty logical because there are 2 sets of ports on the front panel, so the relays are configured to allow those two sets to be individually bypassed. The relays themselves are set/reset relays according to one of the datasheets, there are A-types and B-types in that series, and the B-series are latching. It probably means that on powerloss the device has a few seconds before power down which is used to control the way passthrough is done from software.
Edit5: okay, now it's getting sad :p Those BA4CA4.5Z relays are actually 'normal' relays that switch off on power loss, so not latching at all.
-
Yeah, they pretty much have to be non-latching otherwise they don't failover in a power failure.
They probably only have two positions also; 1a connected to 1b or not. However with a normal lan-bypass setup you have one NIC for each port and there aren't enough here. :-\
Steve
-
Yeah, they pretty much have to be non-latching otherwise they don't failover in a power failure.
They probably only have two positions also; 1a connected to 1b or not. However with a normal lan-bypass setup you have one NIC for each port and there aren't enough here. :-\
Steve
Well, I can see five ports and five transformers, and five Intel chips for ethernet. (the one on the far left is still under it's heatsink, but you can see the transformer traces going over there)
The four ports next to the relays are in their bypass setup, the one leftmost is a non-bypass port, presumably to connect to a management network. -
Ah, under the heatsink. I guess that's why it's detected as something different. Though quite why the management port needs heatsinking and the in-band ports don't…..
Easy to test the by-pass mode. Without any power connected to the box test for connectivity between 1a and 1b (or 2a and 2b).Steve
-
That would indeed work, lets see if the TS can test that when he/she gets home.
I did a small inspection on the traces to those ULN2003A's, it looks like every chip controls 4 relays, and per chip, only the first four channels are used.
Those channels are tied together on one trace, so in theory, shorting one of them to Vcc will switch the relays.On the right hand side of the ULN chips, you can see U69, which looks like one pin is connected to the two ULN's up there, another to Vcc and the head pin to a trace that goes down to the Lattice chip. I could be wrong as the photo isn't sharp enough to do that kind of PCB tracing when zoomed in, but it's pretty logical to me. The Lattice is probably responsible for some general glue logic.
-
I am new to pfSense, I'm so thankful for this forum and the people who contribute to it. Saved me a lot of time.
tippingpoint_s10. Anways, with only 1 ethernet port I manage to get flashrom installed and read out the bios.[2.1.5-RELEASE][root@pfSense.localdomain]/root(8): flashrom -p internal -r tippS10.bin flashrom v0.9.7-r1711 on FreeBSD 8.3-RELEASE-p16 (i386) flashrom is free software, get the source code at http://www.flashrom.org Calibrating delay loop... OK. Found chipset "Intel ICH6-M". Enabling flash write... OK. Found SST flash chip "SST49LF008A" (1024 kB, FWH) at physical address 0xfff00000. Reading flash... done.
So much fun, I want to learn all this stuff, but I don't have time. Any pointers to bios editing would be helpful. I did some search, but only came up with bios-mods.com, too much information here with no guidance. Their latest message on the welcome page is from 2013.
Here are the original photo, I had to cut the previous one to size. My phone camera isn't that great.
https://drive.google.com/file/d/0B3viFJ2DdornNGRtN1FleFloSEU/view?usp=sharing
With the power off, 2a is connected to 2b, and 1a is connected to 1b.
edit1: I can tell you that the one labeled Intel legacy gigabit is a different chip. This is the one currently working, this chip is under the heatsink. I'm not worry about this chip. It's the other 4 that don't seem to work at all. My guess is the TippingPoint OS turns them on, because they light up after TOS boots.
-
Ok, that is a standard Award BIOS. Console redierction is enabled by default at 115200bps. Try connecting at that speed and use TAB to connect. The com port is not specified though so it may be using an internal com port. Though if that was the case I would not expect the pfSense serial console to work. The BIOS may specify com2 somewhere though…
It does have options to disable the two lan-bypass segments.
Com ports look absolutely normal and the pfSense console works so nothing suspicious there. There is no 'Agent wait time' option so possibly it isn't waiting in which case you may have a very short time to be pressing TAB. Start pressing it as soon as you power on.
Steve
-
If you're not able to reach the BIOS setup we could try editing the image to make lan-bypass disabled the default option. You can flash that back and clear the CMOS to apply it. Of course that carries some risk.
Steve
-
Nope, tried multiple times, I can't get into the bios settings. If you could modify the bios for me, I will flash it. I understand the risk. I have done multiple bios recovery before, no problem. I was also looking around for for the same type of bios (SST49LF008A-33-4C-NHE). Just in case something goes wrong and I need another chip.
My questions are: I notice when I extracted the bios it was only 1024 kB. The same type of chip has a 8MB version and a 4MB version? Can I flash a 1MB bin file to a 8MB or 4MB bios? Or do I have to find the exact capacity bios? Also, where did you learn how to edit bios firmware? What program did you use? Are they manufacture specific?
Thanks for your help.
-
49LF008 is by definition 8Mbit = 1Mbyte (Mb is a megabit, MB is megabyte). So a 1MB BIOS is the right size for a 8Mb flash chip. Many/most memories are usually specified in bits not bytes (because they can be arranged differently - sometimes 8 bits wide, 16 bits wide etc).
There is no 4 Megabit 49LF008.