Problem replacing Cisco ASA with pfSense on Comcast
-
Try a cheap, unmanaged switch between WAN and your modem. Might help with negotiation issues.
-
Or a crossover cable.
-
OK, I’ve tried two different dumb switches on the WAN side. I always get “No carrier” but have connectivity lights on the adapter and switches.
I tried switching interfaces. I have 3: em0, em1, and igb0. I use em1 for the LAN and it works fine. I’ve tried both em0 and igb0 for WAN and get “no carrier” The weird thing also is that on either em0 or igb0 if I try to force them to 1000 or 100 full duplex the interface status still shows auto select. Is there some weird bug with the WAN interface? I’m also using the new stable release 2.4.3, maybe I should try the previous release?
-
Are the 2 boxes right next to each other and the only thing connecting the 2 are one simple patch cable? 'Cuz recently there was another post he finally disclosed a buried cable blah-blah. Do u have access to the SMC box can make conf changes there? This is so simple it's maddening, the hardware LINK between the 2 is bad.
-
No there is no weird bug on the WAN interface. It is something you are doing in your environment. No, do not try an earlier version.
-
Yes, the two boxes are right next to each other with just the one cable connecting them. And I’ve tried several different cables.
Right now I’ve got things in an isolated test setup since it’s a workday and we need our Internet access (so we’re back on the Cisco for now). I’ve got the LAN connected only to my laptop and the WAN connected to a dumb switch. WAN still says no carrier regardless of whether I use igb0 or em0. Still no carrier on the WAN side.
-
Take a KNOWN GOOD 8-conductor cable and loop igb0 and em0 (plug one end into igb0, the other end into em0)
Execute this in Diagnostics > Command Prompt: ifconfig -a
Post the output.
-
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 68:05:ca:7b:42:2b
hwaddr 68:05:ca:7b:42:2b
inet6 fe80::6a05:caff:fe7b:422b%em0 prefixlen 64 scopeid 0x1
nd6 options=21 <performnud,auto_linklocal>media: Ethernet 100baseTX <full-duplex>status: active
igb0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=6400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6>ether 70:85:c2:46:81:f9
hwaddr 70:85:c2:46:81:f9
inet6 fe80::7285:c2ff:fe46:81f9%igb0 prefixlen 64 scopeid 0x2
inet 10.0.160.2 netmask 0xffffff00 broadcast 10.0.160.255
nd6 options=21 <performnud,auto_linklocal>media: Ethernet 100baseTX <full-duplex>status: active
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=4009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwtso>ether 70:85:c2:46:81:fb
hwaddr 70:85:c2:46:81:fb
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::1:1%em1 prefixlen 64 scopeid 0x3
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
nd6 options=21 <performnud,auto_linklocal>groups: lo
enc0: flags=0<> metric 0 mtu 1536
nd6 options=21 <performnud,auto_linklocal>groups: enc
pflog0: flags=100 <promisc>metric 0 mtu 33160
groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync
syncpeer: 224.0.0.240 maxupd: 128 defer: on
syncok: 1</promisc></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,simplex,multicast> -
And in doing this the WAN interface status shows up in the web tool. Weird that with a dumb switch or my cable modem connected it’s down.
-
Yeah. Fix your layer 1/2. The igb0 and em0 should both auto-mdx. Hard to say what the problem is from remote.
-
Man I think I’m prepared to say I’m an idiot.
I think I misread which port was which (someone asked me that early in this thread). I assumed both built-in NICs were em0 and em1 and the add on card was igb0. Reasonable right? After all the hardware for the built-in ports is the same on the motherboard. Well, it looks like one built-in is em1 and the other is igb0 and the add on is em0. Right now I have the add on card connected to the dumb switch and configured as the WAN port and it’s showing UP.
Guess I should never assume anything. BTW does the underlying Linux of pfSense have a command line tool to blink the network ports? That would be the final confirmation.
-
I spoke too soon. I think the web interface isn’t updating status properly. Em0 is the WAN port, and it’s showing UP connected to my dumb switch now after doing the cross-connect to igb0.
-
"underlying Linux of pfSense have a command line"
pfsense is not linux its on freebsd… Big difference!!!
As to your em sure you should be able to use this
https://www.freebsd.org/cgi/man.cgi?query=em&apropos=0&sektion=0&manpath=FreeBSD+11.1-RELEASE&arch=default&format=html#FILESFILES
/dev/led/em* identification LED device nodesEXAMPLES
Make the identification LED of em0 blink:echo f2 > /dev/led/em0
Turn the identification LED of em0 off again:
echo 0 > /dev/led/em0
igb should be able to do it too
https://www.freebsd.org/cgi/man.cgi?query=igb&apropos=0&sektion=4&manpath=FreeBSD+11.1-RELEASE&arch=default&format=htmlWhen get home will validate with my 4860
-
You sure you actually know what port is what?
-
Yeah, I feel really stupid, especially after the "you sure you know what port…" comment. I wish I knew that blink command yesterday!
Thanks for all the help everyone. Now does anyone know why pfSense would call the two built-in ports em1 and igb0 and the add on card em0? Makes no sense to me at all. That's what tripped me up.
-
The operating system enumerates the ports. It has to do with the PCI bus they are on, etc. Every motherboard is different. You need to look at the MAC addresses and be sure you're talking to the correct port.
