Inability to get DHCP ? No Carrier – SOLVED.

InvictusDecretum

Hello all,

Typical first forum post… in trouble and can't seem to track down the answer (have tried searching both these forums and generic internet searches).  First foray into the pfsense world with a netgate SG3100.

Setup:

Fiber (no modem, Yucca Telecom in bfe nm).  Wall jack that currently leads straight to my ASUS RT N56U router.  ASUS router is set to DHCP with a spoofed MAC specified from the ISP (no idea why, but I entered that same MAC to spoof with pfsense).

NETGATE SG3100 LAN IP 192.168.1.1/24
WAN ip... ???

Problem:

SG3100 gives me connection down, no carrier under Status --> interfaces.

Things I've tried:
Different cable (no change)
Used a lan tester on both cables, both tested good.
Disabled block bogon/unassigned for WAN (no change)
Disabled DHCP6 (no real reason for this... just trying things to try them)
Re-setup ASUS router, works fine
Stole the IP it received (172.97.x.xx) and tried static ipv4 (knew it probably wouldn't work)
Double checked to make sure it was indeed DHCP and spoofed MAC.
Double checked the spoofed mac for accuracy (it was correct)

Edit:
Have also tried leaving the LAN unplugged from the rj45 connector in the wall for an hour to hopefully have the dhcp lease expire... didn't work.
Have tried leaving the SG3100 plugged in for 2+ hours
Have tried "renew" through the GUI on DHCP under status-->interface multiple times

Edit2:
Have plugged a lan from my ASUS routers switched ports into the WAN on the 3100 pfsense box and the port lights up, so the port isn't dead (phew).  So it's definitely a problem somewhere else (just trying to isolate the cause here).  A possible workaround is to disable nat on my router/enabling passthrough... but replacing my 8yo ASUS router was the whole purpose of the SG3100 so I don't want to pursue that route.
Also two screengrabs of dashboard/interface

So what am I doing wrong here ?

I appreciate your time in advance to help a nub like me.

SOLVED
ISP forced the link to 100FD instead of 1000FD, and has a problem with their installation contractor for using part of the fiber line for tv/phone instead of running separate lines.  Info passed to NetGate via open ticket

SammyWoo

Highly unlikely these days of auto-MDIX but what do the RJ45 ports say, do you have a layer-2 hand shake? (Link State Up).

Basic of networking is, even before IP (layer-3), Ethernet Layer-2 should be up, this is basic NIC to NIC, WE SEE EACH OTHER.

InvictusDecretum

Link state is showing down, which is very perplexing to me, given that other plug and play routers work perfectly well with it.

I can also add that the LAN functionality is working perfectly.  I can see both my FreeNAS (192.168.1.43/24) server and my NetGear managed switch (192.168.1.239/24), and access both of them via GUI or DNS.  It's just the WAN port that will not cooperate…  For the record I have tried it without a spoofed MAC, with the spoofed MAC of the ASUS router, and with the spoofed MAC from the ISP.  Little chance any of that would work, given link state is "down", but thought I'd try before posting.

And thanks for the response :)

Edit:  No lights come on, on the port on the back of the SG3100 either

Gertjan

You are talking about the connection between your 3100 and the ASUS RT N56U router, right ?

Cut the problem in half : Put a switch between them and use two cables - see what happens.

ivor

Can you please submit a ticket so our support can assist? Please visit the following link to submit a ticket:

https://go.netgate.com/support/login

Thanks!

InvictusDecretum

@Gertjan:

You are talking about the connection between your 3100 and the ASUS RT N56U router, right ?

Cut the problem in half : Put a switch between them and use two cables - see what happens.

Negative.  My intention is to replace the ASUS with the SG3100.

Current:

Wall outlet –> ASUS (Fiber; no modem) --> 24pt netgear gigabit switch --> everything

Intented:

Wall outlet --> SG3100 --> switch --> everything.

The problem I'm having is the WAN on the SG3100 wont do anything when connected to the wall outlet, whereas the asus router and an old linksys I had laying around both utilize it without any problem, or any additional peripherals.

@ivor:

Can you please submit a ticket so our support can assist? Please visit the following link to submit a ticket:

https://go.netgate.com/support/login

Thanks!

Roger wilco.

NogBadTheBad

What colour is the LED on the Asus WAN port when connected ?

WAN (Internet) port
Yellow LED: 1000Mbps connection.
Green LED: 10Mbps/100Mbps connection.

Flashing: Transmitting or receiving data via wired connection.

Maybe try forcing the pfSense device to the matching speed.

The Asus also supports PPPOE do you need to set the pfSense WAN interface for PPPOE ?

Just throwing a couple of ideas out there.

InvictusDecretum

@NogBadTheBad:

What colour is the LED on the Asus WAN port when connected ?

WAN (Internet) port
Yellow LED: 1000Mbps connection.
Green LED: 10Mbps/100Mbps connection.

Flashing: Transmitting or receiving data via wired connection.

Maybe try forcing the pfSense device to the matching speed.

The Asus also supports PPPOE do you need to set the pfSense WAN interface for PPPOE ?

Just throwing a couple of ideas out there.

LED on the ASUS WAN is green (10mbps… my connection speed is 6mbps.  I know, I know.  I'm living in the dark ages in rural nm.  If I move 15mi to the east, I can get gigabit... tempting).

The ASUS router is definitely in DHCP... to my knowledge (which is limited and newly gained in the last month), my router would not use DHCP to detect PPPoE and switch, would it ?  I also have never been given (nor needed) a username and password, which I would need to set up PPPoE.  Unless somehow a MAC could be used for that ?  But wouldn't pfsense require a username/pass anyway ?

Edit:  Used the correct word. lol.

Grimson

Seems the SG3100 is affected by this as well: https://redmine.pfsense.org/issues/7532

JKnott

LED on the ASUS WAN is green (10mbps… my connection speed is 6mbps.

WOW!!!  6 millibit/s!!!

Actually, it shouldn't show green for 10 Mb, unless the other end is only a 10 Mb interface.  The light has nothing to do with the actual bandwidth.  For example, the modem interface could be capable of 1 Gb, yet still only provide 6 Mb, as limited by ADSL.

InvictusDecretum

@Grimson:

Seems the SG3100 is affected by this as well: https://redmine.pfsense.org/issues/7532

That would severely suck for me… as that's going on 6mo with no movement.  Is there any way I can actually see what my connection is ?  based on 6Mbps, it very well could be 10FD.@JKnott:

LED on the ASUS WAN is green (10mbps… my connection speed is 6mbps.

WOW!!!  6 millibit/s!!!

Actually, it shouldn't show green for 10 Mb, unless the other end is only a 10 Mb interface.  The light has nothing to do with the actual bandwidth.  For example, the modem interface could be capable of 1 Gb, yet still only provide 6 Mb, as limited by ADSL.

Haha thank you for pointing out the error of my ways.  The light is a very definitive green, as compared to the yellow of the connection coming out of the switched ports.  There is 100Mbps internet coming into this area though, which leads me to believe the line is faster than 10baseF.  The light would also be green with a 100Mbps negotiated link too, correct ?  Is there a way for me to determine what protocol the line is running 10 or 100 or 1000baseF ?

I have also submitted a ticket to NetGate for assistance.  They want me to test putting an unmanaged switch between the SG3100 and the wall socket, which I'll grab tomorrow.

Derelict

Connect a laptop into the SG-3100 port. What happens?

Connect a laptop to the wall jack. What happens?

If you have no idea why you spoofed the MAC address, why did you do that? Do you know this ISP requires it?

Did you try a crossover cable?

Have you called the ISP to see what they see from their side?

SammyWoo

@InvictusDecretum:

Is there a way for me to determine what protocol the line is running 10 or 100 or 1000baseF ?

Unfortunately, the LED status lights are not universal, have to consult the manuals for exact meaning if they are not clearly labeled nearby.  Generally, yes light Good, all dark No-Good.

SG3100… amazing these days and age still dealing with negotiation issue.

1000baseF as in FIBER? Once you have RJ45, the "fiber" component is gone. Everything inside your place is baseT, as in Twisted Pairs CAT cablings and jacks.  Anywhoo, think we are zero-ing the NICs speed/duplex negotiation component.  Got a CROSSOVER ethernet cable laying around?

Derelict

SG3100… amazing these days and age still dealing with negotiation issue.

There have been a couple of things with the built-in switch but that is a new beast and they have been corrected (a couple of bits not flipped quite right in the early releases).

This is the first i have heard of any issues with the other two discrete ports. And I remain unconvinced it is not something to do with settings or the ISP port itself.

I recently got a dumb switch that simply would not establish link with a Mac. The Mac worked with everything else. The switch worked with everything else. Whose fault is that? Who the hell knows. Still happens.

JKnott

The light would also be green with a 100Mbps negotiated link too, correct ?  Is there a way for me to determine what protocol the line is running 10 or 100 or 1000baseF ?

You'll have to check the manual to see what the light colour means.  As for connection bandwidth, you need some way to check the bandwidth status.  I'm not familiar with that equipment, so I can't say.  On pfSense, you can see on the Status/Interfaces tab.

InvictusDecretum

BREAK BREAK BREAK

SOLVED

So after 5 calls to the ISP and talking to the techs there (it's a small local company with only a few techs who are happy to nerd out about this stuff.  One of them was like "you had me at pfsense, brother")

They forced my connection to 100FD, over 1000FD.  Apparently they had a contractor come out and dig/install the fiber, and they stole some of the pairs for TV/phone rather than running separate lines.

For some reason, the SG3100 was unable to negotiate a link with the combined internet, tv, phone combo (even though I only have the internet portion).  As soon as he forced it to 100FD, it immediately went link status "up" and DHCP "up".  It did negotiate a new public IP (in the first couple octets at least) than usual, but who cares.  I have internet, and all shall behold the power of this fully operational… SG3100.

Again thank you all for your insight, and all of y'alls instincts about link negotiation were spot. freaking. on. and instrumental to isolating the problem/figuring this out.

Respectfully,
ID

Thank you all for your help and I will pass this info along to NetGate via the open ticket I have with them and this issue.


SammyWoo

Yup, cutting corners without a full CAT cable will cause this. Netgate will be glad to know not a SG box problem. :)

JKnott

They forced my connection to 100FD, over 1000FD.  Apparently they had a contractor come out and dig/install the fiber, and they stole some of the pairs for TV/phone rather than running separate lines.

It's obvious someone doesn't know what they're doing.  Ethernet auto-negotiation takes place at 10 Mb, over 2 pairs.  It will then switch to the best common speed, which the NICs think is 1 Gb.  However, GB requires all 4 pairs and so will fail.  By locking the modem at 100 Mb, it now only needs 2 pairs.

SammyWoo

@JKnott:

It's obvious someone doesn't know what they're doing.

Nah, I wager is one of those just doing enough the get by. Contractor didn't want the hassle to run a new cable, so use old one with 1/2 pairs. this puppy is gonna come up again at upgrade time, hope the cable is outside of DMARC (ISP responsibility) 'cuz if it's inside, customer's expense to fix/upgrade.

Derelict

A speed/duplex hard-set there is not the end of the world.