Intel Pro/1000 PT Quad Adapter & FreeBSD em driver issues & other issues
-
Hello there,
This is my first time running an installation of pfSense.
I'm currently running pfSense 2.2.6.
I apologize in advance for the LONG post.
There is a TL;DR to try and remedy this.Router Hardware Specs:
CPU: Intel Pentium E5200 Dual-Core @2.5GHz
Motherboard: ASUS P5KPL-AM EPU
RAM: x2 Kingston KVR667D2N5K2/2g
NIC On-Board: Atheros AR8121/AR8113/AR8114 (Not 100% sure which - Shows up as ale0)
NIC #2: Intel PRO/1000 PT Quad Port Low Profile Server Adapter (Shows up as em0 through em3)
NIC #3: Realtek 8139 10/100BaseTX [[b]i](Shows up as rl0)
NIC #4: Atheros AR8121/AR8113/AR8114 (Not 100% sure which - Shows up as dc0)Upon initial install, pfSense will load accordingly with no issues. pfSense sets my WAN to em0 and my LAN to em1.
I must use the second port on the Intel NIC to get to the webconfig (which is already weird; why not the first port?).
pfSense recognizes all 4 of the NICs, even without drivers.
I assign the On-Board (ale0) to the WAN port.
Activating the last 2 NICs (Realtek and Atheros) in the interface is possible, but when you plug an Ethernet into either one of them, nothing lights up and there is no LED activity on the NIC or what it's connected to. (Meaning no traffic)
This is the first of my problems. On a rare occasion the 2 NICs will activate their activity LEDs briefly but nothing happens.The on-board NIC (ale0) seems to work fine though I haven't put it through any particular testing yet. I connected an Ethernet to it and it obtained an IP so I'm assuming it's working.
This is all well and good but not all the ports on my Intel PRO/1000 PT Quad Port NIC are working; I assign them all in the interface tab and activate them all.
I then added all of the NICs into a bridge (excluded the on-board as it's my WAN) so that they'll get IPs from the LAN (em1).
If I plug a computer into any of the Intel NIC ports other than the official LAN port, I get LED activity on the back and the laptop gets all the DHCP information but I am unable to get to the webconfig through any other port.
I've added the "pass" rule to the Firewall rules section for each NIC as well but that doesn't seem to help.===== ===== ===== ===== ===== =====
My attempt to fix the Intel NIC, as well as the other NICs, is by adding the drivers and changing settings. This 'causes pfSense to boot-loop
===== ===== ===== ===== ===== =====The Intel NIC was purchased from here (http://www.amazon.ca/gp/product/B000P5I4EY) and here are the official Intel specs (http://ark.intel.com/products/50495/Intel-PRO1000-PT-Quad-Port-Low-Profile-Server-Adapter).
The Intel NIC Chipset and the specific NIC is support on FreeBSD 10.1 em driver; as seen here (https://www.freebsd.org/cgi/man.cgi?query=em&apropos=0&sektion=0&manpath=FreeBSD+10.1-RELEASE&arch=default&format=html)I downloaded the 2gig .iso of FreeBSD 10.1 off of their website. From there, I extracted the 4 NIC drivers from the ISO's boot/kernel folder (if_em.ko & if_alc.ko & if_dc.ko & if_rl.ko).
From there, I enabled the SSH Secure Shell in the pfSense advanced options, and then connected with WINSCP and copied the drivers into the pfSense boot/kernel folder.For the Intel NIC:
I've added kern.ipc.nmbclusters="1000000" to the systems tuneables.
I've added if_em_load=”YES" to the loader.conf.local.For all other NICs:
I've added if_ale_load=”YES" and if_rl_load=”YES" and if_dc_load=”YES" to the loader.conf.local.If I get at least get the Intel NIC to start working, I would be happy to remove the 2 other NICs if they're a lost cause.
-
What can I do to get my Intel NIC to function correctly without the if_em.ko causing pfSense to boot-loop?
-
How can I get my last 2 NIC cards to work?
-
Did I do anything wrong along the way?
If there's anything else I can provide that can help diagnose this, please let me know.
You might also have to explain the process as I'm still learning. I've Googled a lot so far though.TL;DR - Why isn't my Intel NIC working? I am unable to use all the ports on the NIC. The LED lights work but no clients will get access to pfSense via any ports except for the LAN port (em1). If I added the em driver and use if_em_load=”YES", and then proceed to restart the machine; pfSense will hang on the enabling/loading the WAN for awhile and then shortly after it's able to load, it'll dump a TON of text onto the screen and then restart itself. It'll do this infinitely until I turn the machine off and then reinstall pfSense to start fresh. The NIC is supported in the em driver, but it's causing boot-loops, what do I do?
-
-
Why are you bridging your "expensive Intel NIC"?
Buy a switch. pfSense is not a switch.
-
Why are you bridging your "expensive Intel NIC"?
I consider to this; "Bridge only if you must and route where you can!"
Should be a golden rule and not a hint today as I see it right.Buy a switch. pfSense is not a switch.
A Cheap switch from Netgear GS108Tv2 is capable of building LAGs and supporting VLANs too.
What can I do to get my Intel NIC to function correctly without the if_em.ko causing pfSense to boot-loop?
Buy two good supported quad port Intel NICs and all your problems are going away.
Or alternatively a second one with dual ports, so the other ones can be disabled or took out.How can I get my last 2 NIC cards to work?
With right drivers and settings. Perhaps you might be taking pfSense 2.3 and try it out once more
because there can be something changed inside and if this might be not working well for you, please
accept that many NICs are supported but the drivers are often not reaching the grade of the Intel based
ones! And so for saving time and getting a fine success with your pfSense firewall I would save the time
and spend more money to get rid of this actions and will be payed by a smooth and liquid running pfSense
firewall, without any issues. You can try it out to get them working as you need or wish but the time for this
action mostly is to high compared to money.Did I do anything wrong along the way?
-
Why are you bridging your "expensive Intel NIC"?
Buy a switch. pfSense is not a switch.
I'm only saying expensive 'cause I'm at a student's wage and I can't really afford to be buying this and that when I have spare parts and pieces laying around to use.
I already have a 5 port switch connected to my production network. I was planning on moving that over to the pfSense box once I get all the ports working.
Regardless though, I HAVE the ports! Why not put them to use? There's a lot of devices in my office that need to be connected.
2 of the Intel ports are supposed to be connected to 2 HP ProLiant DL320 G6s. One of which is an ESXI 6.0 host while the other is a FreeNAS box.
I was also going to use link aggregation with the FreeNAS box to increase it's throughput.
Maybe I'm misunderstanding what a bridge does?
I want to be able to use all the ports on the back of the Intel NIC as if they were a switch. Is a bridge the incorrect thing to be using? I read 2 or 3 guides I found through Google that say bridging is the way to do this.@BlueKobold:
Why are you bridging your "expensive Intel NIC"?
I consider to this; "Bridge only if you must and route where you can!"
Should be a golden rule and not a hint today as I see it right.Read above as to why I need all the ports on the Intel NIC to work. The Link Aggregation/server section.
I need all the ports to be active so that they can give IPs to all the devices plugged into each port.
Unless there's another method to do so? I'm still learning so anything is helpful.@BlueKobold:
Buy a switch. pfSense is not a switch.
A Cheap switch from Netgear GS108Tv2 is capable of building LAGs and supporting VLANs too.
I already have a Unmanaged 5 port D-Link switch and I just bought another Managed 5 port D-Link to use VLANs to pull internet from another office upstairs.
There's only 1 port that connect to the upstairs office. The modem is upstairs and there's 2 devices that need internet. The Managed Switch will push the WAN and LAN information in 2 different ports so that the 2 devices upstairs aren't directly connected to the modem.@BlueKobold:
What can I do to get my Intel NIC to function correctly without the if_em.ko causing pfSense to boot-loop?
Buy two good supported quad port Intel NICs and all your problems are going away.
Or alternatively a second one with dual ports, so the other ones can be disabled or took out.What do you mean? The Intel NIC that I bought IS supported according to the FreeBSD pages that I linked.
Both in the em driver page and somewhere else that correlated with pfSense that I no longer have the link to, lol.
If I can at LEAST get my Intel NIC working, I'll trash the other 2 NICs; they're not important, it would've just been nice to have them.@BlueKobold:
How can I get my last 2 NIC cards to work?
With right drivers and settings. Perhaps you might be taking pfSense 2.3 and try it out once more
because there can be something changed inside and if this might be not working well for you, please
accept that many NICs are supported but the drivers are often not reaching the grade of the Intel based
ones! And so for saving time and getting a fine success with your pfSense firewall I would save the time
and spend more money to get rid of this actions and will be payed by a smooth and liquid running pfSense
firewall, without any issues. You can try it out to get them working as you need or wish but the time for this
action mostly is to high compared to money.I'm under the assumption that I am using the correct drivers.
Everything is from the official FreeBSD .iso! Unless I'm missing a step somewhere?
Are you suggesting I should try the pfSense 2.3 beta? That idea did come across my mind but I read that it shouldn't be used in production; only testing.
You think that pfSense 2.3 could fix the issue?I'm not trying to be rude, but we've kind of gone passed fixing the Intel NIC into other territories. :-[
I only have 1 possibly-working on-board NIC to use if I can't get this Intel NIC to work. I have at least 7 devices in my office alone that need to be connected. :-
Every port counts :'(I appreciate both your suggestions though! I'd just rather fix the issue rather than spend money that I don't have buying new equipment D:
-
Regardless though, I HAVE the ports! Why not put them to use?
…
I want to be able to use all the ports on the back of the Intel NIC as if they were a switch.pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch.
Is that clear enough?
-
Regardless though, I HAVE the ports! Why not put them to use?
…
I want to be able to use all the ports on the back of the Intel NIC as if they were a switch.pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch. pfSense is not a switch.
Is that clear enough?
This might have been somewhat of a rude awakening but I think I understand now; my apologies.
Alright, how could I make better use of the Intel ports then?
Also, this doesn't explain why the if_em.ko driver causes the computer to boot-loop? ??? -
Reserve the router ports until you need them.
Stop the bridging nonsense and see if it still crashes.
You have a hodgepodge of interfaces in there. Some with pretty fringe support. You might try paring it down to the intel card and seeing how it goes.
-
Read above as to why I need all the ports on the Intel NIC to work. The Link Aggregation/server section.
I need all the ports to be active so that they can give IPs to all the devices plugged into each port.
Unless there's another method to do so? I'm still learning so anything is helpful.A proper fast Switch that will support VLANs could solve the situation.
I want to be able to use all the ports on the back of the Intel NIC as if they were a switch.
Use them as a single or combined (LAG) port(s) o you will be able to use routing instead of bridging.
Is a bridge the incorrect thing to be using?
Yes, in 99,9% it is the case! In some really spare cases and by very experienced admins that know what
they are doing it could be a hint or work around or the solution, but for the entire rest of all networking
peoples it should be forbidden or should not be used.I read 2 or 3 guides I found through Google that say bridging is the way to do this.
This can be really nice for peoples to know how Micheal Schumacher is pimping or tuning his F1 racing
car, but for the rest of us this might be not interesting or matching well, driving a normal car in the town!One of which is an ESXI 6.0 host while the other is a FreeNAS box.
I was also going to use link aggregation with the FreeNAS box to increase it's throughput.A strong and fast switch and Intel based NICs it will be enough and if not, it is better to use a cheap
solution with 10 GbE or SFP+ because the LAG is not really nice for smaller networks, it was made to
solve problems where many devices or users are connecting to one device.Intel Quad Port NICs
I would recommend to go perhaps if money or the budget is low, with 2 x Intel Quad Port NIC for
~$50 - $70 so you will get 8 Ports for ~$120 - ~$140! But why? A smaller Switch would be really
nice tranporting all packets nearly "wire speed" so if you connect your pfSense firewall and all other
devices to the Switch and you only own one IP address range or network the packets will not be needed
to push through the pfSense box! An LAG (LACP) is only making sense if many users or device are taking
from one device and LACP is working like this:- It will be using the first cable line until it is rendered and then it will be starting to use the next one
So you need really some applications that are rendering permanently the first cable line! And this is often
not really practicable and use able or to realize for a home network with 5 devices.
So a good suited switch will be the delivering the best effort and benefit to you.
All in all I would deactivate all the other NICs in the system and start using only the Intel NIC.
The Intel NIC is supported ok, but then do a config backup and do a fresh and full install of pfSense
only with the Intel NIC inside. If ports are rare, please buy a greater switch with more ports or get
a second Intel NIC with two or four ports. Thats it. - It will be using the first cable line until it is rendered and then it will be starting to use the next one