SG-1000 and Apple Airport Extreme
-
I just bought an SG-1000 to place in front of an Apple Airport Extreme (less than 2 years old). I've placed the Airport Extreme in Bridge mode and created an interface with VLAN 1003 on pfsense with DHCP. There's nothing between Airport and Pfsense.
Problem is, the guest network doesn't work. I can connect to Wifi, but I don't get an IP from DHCP even if I set a static IP, I can't access anything (firewall rule pass all). Furthermore, under status -> interfaces, the interface shows 0 packets for everything.
Am I missing something? I see the SG-1000 has an extra button under interfaces - Switches. I don't recall seeing this one on my SG-2220.
Edit: Airport Extreme is 6th generation
-
Update: I've just tried out the same config with an SG-2440 and it works. It must be something with the SG-1000
-
Is it just the guest wifi that doesn't work ?
Does the SG-2440 Auto MDIX and the SG-1000 doesn't ?
Maybe you just need a cross over cable.
https://en.wikipedia.org/wiki/Medium-dependent_interface
-
Is it just the guest wifi that doesn't work ?
Does the SG-2440 MDIX and the SG-1000 doesn't ?
Maybe you just need a cross over cable.
https://en.wikipedia.org/wiki/Medium-dependent_interface
I've used the same cable and port for both of them. Basically I've just unplugged the sg-1000 and pluged the sg-2440. I've also tried a reset to factory defaults on the sg-1000 and redid the config.
I've switched to a different cable but it still doesn't work. And yes, it's just the guest wifi that doesn't work, more specifically it looks like VLAN doesn't work.
-
Is the other "different" cable you tried a cross over cable, I only ask as your connecting a router to a router ?
https://upload.wikimedia.org/wikipedia/en/thumb/9/96/Vergleich_2von2_Crossoverkabel.jpg/1920px-Vergleich_2von2_Crossoverkabel.jpg
If you set up the LAN port as a simple LAN port on the SG-1000 can you ping the Airport Extreme ?
-
Is the other "different" cable you tried a cross over cable, I only ask as your connecting a router to a router ?
https://upload.wikimedia.org/wikipedia/en/thumb/9/96/Vergleich_2von2_Crossoverkabel.jpg/1920px-Vergleich_2von2_Crossoverkabel.jpg
If you set up the LAN port as a simple LAN port on the SG-1000 can you ping the Airport Extreme ?
Both are straight. I'm connecting the netgate to the airport directly. Simple LAN works. AE gets DHCP and I have working internet via wireless.
But I don't see how the cable can be at fault here, since sg-2440 works just fine, and normal LAN works.
-
Yup I was trying to verify if the SG-1000 auto mdix'd or not, if you just set it up as a normal port and it works that tells me it does.
-
Is it possible that the issue has something to do with this?
I've got 99 problems, but a switch ain't one
Maybe the VLAN needs to be set up in the SG-1000 switch settings as well as on the interface?
-
@virgiliomi:
Is it possible that the issue has something to do with this?
I've got 99 problems, but a switch ain't one
Maybe the VLAN needs to be set up in the SG-1000 switch settings as well as on the interface?
I've tried creating a VLAN from there and it didn't work.
-
Tried doing a packet capture, are packets tagged with vlan1003 leaving the firewall ?
If you do a packet capture in promiscuous mode from the lan interface and then open it up in Wireshark you should be able to see if the tagged packets are leaving the SG-1000.
If you type vlan in the filter field you should see packets that are tagged, the attached screenshot shows packets tagged with vlan2, ignore the vlan column thats something I set up.
-
Don't pull your hair out. There might be an issue there with the higher VLAN IDs.
-
Don't pull your hair out. There might be an issue there with the higher VLAN IDs.
It might be so, I just saw this error in the log. ( i hope I attached it)
Tried doing a packet capture, are packets tagged with vlan1003 leaving the firewall ?
I tried setting a static IP and pinging the LAN from the VLAN interface and it threw a "no route to host".
Unfortunately I don't have enough time to troubleshoot this in depth. I've already lost a lot of time with this. Honestly, this product should be advertised more clearly as a beta, because I'm a networking noob and I've purchased this based on the "out of the box" way the other 2 worked. I've seen some other random errors in the logs.
Thanks for taking your time though!
 -
Fixed in latest snapshots.
-
I've noticed. I managed to setup the VLAN and assign an interface but I can't test it yet because it's at a remote location.
-
Problem solved with update.
