10Gtek 4 port NIC (I350-T4) configuration?
-
Some of the older low-end TP-Link switches leak broadcasts across VLANs as you cannot remove VLAN 1 from all the ports. But they still pass VLAN traffic, I would expect to see the tagged traffic fine in pfSense.
What switch do you have?How / where exactly did the new card disappear?
Steve
-
Hi and thanks for the reply.
TP-Link 16-Port Gigabit Ethernet Easy Smart Managed Switch (TL-SG1016DE)
The g10tek ports seem to disappear after the VLAN 2 is configured.
I removed the VLAN 2 from pfsense but the g10tek ports did not return in the interface assignment.
If I remember correctly I had to reboot to get them to return.
-
Will check the log files today. Will also check BIOS as suggested In the link you supplied.
Thanks
-
Ok, that's exactly the switch I have that is broken. If you have the later hardware version TP-Link released a firmware update to address it. The one I have cannot use it though. Shown in the gui as:
Hardware Version TL-SG1016DE 1.0Even so I didn't notice the issue until I actually checked for it. It will still work with VLANs it's just insecure as it leaks traffic between them. Discussion of the issue here: https://forum.netgate.com/topic/109686/tp-link-easy-smart-switch-security-question/
Steve
-
Here is some output to peruse.
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO>
ether MACADDRESSONE
hwaddr MACADDRESSONE
inet6 MACADDRESSTWO%igb0 prefixlen 64 scopeid 0x1
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrierigb0.10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether MACADDRESSONE
inet6 MACADDRESSTWO%igb0.10 prefixlen 64 scopeid 0xc
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: no carrier
vlan: 10 vlanpcp: 0 parent interface: igb0
groups: vlan
pcib1@pci0:0:1:0: class=0x060400 card=0x18e7103c chip=0x0c018086 rev=0x06 hdr=0x01
vendor = 'Intel Corporation'
device = 'Xeon E3-1200 v3/4th Gen Core Processor PCI Express x16 Controller'
class = bridge
subclass = PCI-PCIigb0@pci0:1:0:0: class=0x020000 card=0x03091dcf chip=0x15218086 rev=0x01 hdr=0x00
vendor = 'Intel Corporation'
device = 'I350 Gigabit Network Connection'
class = network
subclass = ethernet
igb0: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0xe060-0xe07f mem 0xf7b80000-0xf7bfffff,0xf7c0c000-0xf7c0ffff irq 16 at device 0.0 on pci1
igb0: Using MSIX interrupts with 5 vectors
igb0: Ethernet address: MACADDRESSONE
igb0: Bound queue 0 to cpu 0
igb0: Bound queue 1 to cpu 1
igb0: Bound queue 2 to cpu 2
igb0: Bound queue 3 to cpu 3
igb0: netmap queues/slots: TX 4/1024, RX 4/1024
vlan0: changing name to 'igb0.10'
On the TP-LINK TL-SG1016DE it show the following port status.
Port 9 Enabled 10M Full 802 0 0 0
Does this NIC support 802.1Q VLAN?
What is this about: "vlan0: changing name to 'igb0.10' "
Is the g10tek port order 0-3 or 3-0 from motherboard out?
-
TL-SG1016DE
Firmware Version 1.0.1 Build 20180629 Rel.58355
Hardware Version TL-SG1016DE 3.0I went to
https://www.tp-link.com/us/support/download/tl-sg1016de/v3/#Firmware
to update the firmware but it appears that my switch has the latest firmware.
The publish date says 2018-11-07 but it appears that it was built on 2018-06-29.
There is no way to delete VLAN ID 1.
I'm still within my return window on this switch. Any recommendations on a 16 port gigabit switch that does VLAN? (I do not need or want POE.) Hopefully something that is less than $200 and that the firmware is still being updated.
-
There was a beta firmware for that hardware that should resolve it. I think it was linked in that thread.
Nothing in that output looks unexpected.
There's no way to know how the ports will be assigned. Connect a cable to one and run
ifconfig, see which NIC is linked.The only odd thing there is the switch port showing 10M. That is usually because one end is set to a fixed speed/duplex and auto-negotiation fails.
Steve
-
Just rebooted pfsense.
The g10tek 4 port NIC no longer appears in the interface assignment.
igb0 - igb3 is gone from the popup list.
parent interface none
igb0.10: flags=8003<UP,BROADCAST,MULTICAST> metric 0 mtu 1500 ether 00:00:00:00:00:00 inet6 MACADDRESSTWOigb0.10 prefixlen 64 tentative scopeid 0x8 inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.xxx nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> ***vlan: 0 vlanpcp: 0 parent interface: <none>*** groups: vlanIs there a possibility that the drive for the g10tek (i350) is not on the pfsense box or that it is corrupt?
Is there anything in BIOS I should be looking at?
Also want to verify that it is possible for me to and a VLAN to a system that already has a LAN without having to put the original LAN in a VLAN as well. For example LAN 192.168.1.1 is preexisting and then add VLAN10 192.168.2.1
Thanks for your guidance.
-
Check the boot log for errors, specifically with the driver attaching to the hardware or maybe a pci bridge device on the card they are all attached through.
Try runningpciconf -lvand see if the NICs are shown there as 'noneX'.It looks more like a PCI bus error or a bad card though if that's what you're seeing. Make sure you;re running the latest BIOS.
Steve
-
Deleted the VLAN before I saw your suggestion to run pciconf -lv
After deleting VLAN rebooted pfsense.
igb0 - igb3 returned to interface assignments and shows up in pciconf and ifconfig.
so at this point I'm going in circles.
-
One other thing I noticed.
The 10Gtek card states "Built with original Intel I350 Gigabit Ethernet Controller chip"
pfsense shows the card as Pro/1000.
Is this correct or is this an issue?
What drive should it be using and does anything need to be done with any boot config file?
-
igb(4) is the correct, and only, driver it should be using and it's in kernel in pfSense. There is no need to load anything.
You need to determine how it's failing. If the card does not appear as a PCI device that's something very low level like a bad card or a BIOS fault.
If the driver fails to attach you need to see what the error it reports is in the boot log.Steve
