NETASQ U70 pfsense 2.3.2 install, network interface problem
-
Hello
I have installed pfsense 2.3.2 in my NETASQ U70 UTM but i have a problem with network interfaces.
U70 has 6 phisical network interfaces but i see only one interface em0.Network card is Intel 82573L Gigabit Ethetnet Controller.
How can I fix this problem? I must see all six interfaces.Help me please :)
-
Please help me.
My UTM NETASQ U70 has Ethernet controller : Intel 82573L Ethernet switch : BCM53115.
Intel card found and has em0 but maybe switch not found?How can I activate switch and all 6 network interfaces?
-
If it's a switch, you won't see the other ports because they are not real ports, they are switch ports. Often, they are just put in separate VLAN's. The switch is sometimes controlled via GPIO lines.
-
Ok but what must I do switch will be active?
-
Ok but what must I do switch will be active?
Program a software driver to use the switch.
-
What can I do it? Please help me.
-
What can I do it? Please help me.
You learn how to code C and C++ and you write a driver.
-
Can You help me set it?
-
-
That's something of a big ask! ;)
It's possible the switch is already configured with VLANs though by default. Try running a packet capture on the em0 interface whilst having some things connected to the front ports.
If you see the VLAN tagged packets arriving on em0 you can create VLAN interfaces to match that and use them directly.
It may also be configured with a custom ASIC for forwarding the traffic much faster, a separate control plane and data plane. If that is the case there's probably no way of accessing those ports directly.
What CPU does it have? Internal photos?
Steve
-
Short answer is that it won't work.
If it has the Broadcom switch and not the Vitesse, someone did some work on a switch framework some years ago, but nothing seems to have ever come of it. There is still some old code available, not sure if it's functional.
Get another device to run pfSense on.
If you are interested for purely academic reasons, here are some links-
https://wiki.freebsd.org/AleksandrRybalko/Switch%20Framework
http://mailing.freebsd.arch.narkive.com/JrQXZEPu/ethernet-switch-framework -
It could still be potentially configured as port based VLANs by default. Easy enough to test that with a packet capture.
I agree though that hardware is really an interesting project only at this point.
Steve
-
It seems like a crappy overpriced device to me. Still goes for 1k+ on eBay. Sell it and get proper hardware instead?
-
Really? Wow.
Then sell it on ebay and visit our shop. ;)Steve
-
That's something of a big ask! ;)
It's possible the switch is already configured with VLANs though by default. Try running a packet capture on the em0 interface whilst having some things connected to the front ports.
If you see the VLAN tagged packets arriving on em0 you can create VLAN interfaces to match that and use them directly.
It may also be configured with a custom ASIC for forwarding the traffic much faster, a separate control plane and data plane. If that is the case there's probably no way of accessing those ports directly.
What CPU does it have? Internal photos?
Steve
Thank You for answer.
How Can I running a packet capture on em0 interface?Maybe then will be found 6 network ports?
-
Indeed it won't find ports directly.
If you're lucky the eprom that configures the switch may have it setup for VLANs by default in which case you can assign VLAN interfaces in pfSense and use the ports however they are configured.
If not then you'd have to program the switch from within pfSense and that's…... challenging!Plug some stuff in to the switch ports and set some pings running. They will fail but you should generate some ARP traffic that may make it to em0.
At the CLI on the console run:
tcpdump -nei em0Cross your fingers and hope you see something like:
18:18:37.748681 00:08:a2:09:39:a9 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.20.2.10 tell 10.20.2.1, length 28Then you know the VLAN number or numbers configured.
Steve
-
Steve thank You for answer.
I check this command and I see it:
What can I do it now?
-
There are at least 2 vlans, so it's possible to get something working. Since they use very low ID's you may be able to get away with just adding VLAN's 1 to 6 or something like that. You won't be able to see interface status but you can at least try it this way.
It is possible that it has relays for bypass functionality, or maybe the switch is configured as a default pass-all switch. In that case, one port is VLAN1 and all the others are VLAN2.
-
Ok but i set IP 192.168.1.1/24 on em0_vlan1 or em0_vlan2 and not working.
I put cable to 1-6 ports and nothing. Ping not found… -
Ok, some progress. :)
However that MAC address, 00:0d:b4:04:58:1b, appears to be a Netasq MAC. Is that the interface sending DHCP requests out?
Run ifconfig em0 at the CLI and check the MAC of that.It's interesting that IPv4 traffic appears to be on VLAN1 and IPv6 on VLAN2. The fact you're seeing any VLAN traffic at all though means the switch may be configured in some useful way.
What did you have plugged into the switch ports at that time? Did you try all the switch ports?
Steve
