vlan loading/reconnect issues in one-armed setup
-
So I have an odd issue I cannot seem to figure out. I dove through the forums/bug tracker on this trying to come up with a reasonable answer but could not find anything remotely related to what I am experiencing.
The setup:
Lenovo m92p acting as a one-armed router on v2.3.2 pfsense (got it for free from work, makes for a kick ass, overkill router)
Cisco SG300-10 acting as the vlan switch to route a TWC line and soon a FIOS line to the WAN interface on the pfsense box.
TWC goes down vlan 40
Fios will go down vlan 41
LAN is vlan 1 (untagged)The setup works 100%, reboot the pfsense box and it comes back up 100% so the vlans are initiating correctly at run time.
The problem:
When rebooting the SG300-10, it comes back online just fine, the vlans on it initialize just fine as well, but the pfsense does not reconnect the vlan "hooks" (not sure the right term here).
The untagged vlan (1) comes up just fine because it is a native vlan on the SG300-10 and I am able to access the router. The router DOES get a dhcp address from the TWC modem however NO internet traffic forwards, even to the modem's local IP.
The solution:
Rebooting the pfsense router fixes the problem, but that ends up being a second task that needs to be done, and it also means i can do almost nothing remotely on the switch itself.
SG300-10 config:
interface vlan 1
ip address 192.168.1.4 255.255.255.0
no ip address dhcp
!
interface vlan 10
name MGMT
!
interface vlan 11
name MGMT2
ip address 192.168.11.1 255.255.255.0
!
interface vlan 40
name TWC
!
interface vlan 41
name FIOS
!
interface gigabitethernet7
switchport mode access
switchport access vlan 11
!
interface gigabitethernet8
switchport trunk allowed vlan add 40-41
!
interface gigabitethernet9
switchport mode access
switchport access vlan 40
!
interface gigabitethernet10
switchport mode access
switchport access vlan 41
!
exitThe question:
Has anyone else seen this kind of issue beforehand and what might be a possible solution? or avenue to look down for troubleshooting?
Additionally, I'd like to see if reloading the vlans on the router would do anything, but I do not know the right commands
-
So your saying your 1 wan connection comes up.. the TWC and your able to get an IP..
Seems more like a issue with your dual wan setup vs the switch. If their was issue with the vlans then your twc wouldn't be able to get an IP. Can pfsense ping the gateway of this connection, does it show the gateway online? How do you have your setup for your dual wan?
While you can make it work this way sure. Wouldn't it be better t get a 2nd nic.. I show that hardware supports mini pci express, which they do sell gig nics for and I know jetway makes a dual mini pci express card even.
-
So your saying your 1 wan connection comes up.. the TWC and your able to get an IP..
Seems more like a issue with your dual wan setup vs the switch. If their was issue with the vlans then your twc wouldn't be able to get an IP. Can pfsense ping the gateway of this connection, does it show the gateway online? How do you have your setup for your dual wan?
While you can make it work this way sure. Wouldn't it be better t get a 2nd nic.. I show that hardware supports mini pci express, which they do sell gig nics for and I know jetway makes a dual mini pci express card even.
I explorered the option of the mini-pcie setup for this box, however it only supports a half-height card, and if i wanted a full height, i'll need to switch to a SATA DOM and an extension ribbon, dremel out the steel case to fit the 1/2 new NIC ports. All in all i would be dropping maybe 120$ on this sort of upgrade which I do not want to do at the moment if i don't have to. There is also the other issue of this being a Lenovo box, and I'm not quite ready to drop the 120$ + battle the potential whitelist modification to get a third party mini pcie working on it, did this once already on a Y500 laptop to install a 1750AC wireless adapter :'( :'(
The gateway cannot be pinged, even though it does get an IP address, nor can it ping the modem's internal IP address (192.168.100.1). Currently, there is nothing attached to the FIOS port/vlan41 since i do not have it yet (to be installed tomorrow).
As i've said, rebooting the pfsense resolves the issue. I can try killing vlan41 on the pfsense tonight when i get home and see if that would resolve it, but the primary connection is set to the TWC connection already.
-
"All in all i would be dropping maybe 120$ "
Huh???
https://www.amazon.com/Syba-Mini-Gigabit-Ethernet-SD-MPE24031/dp/B00B524102
That looks like $24 to me…
-
"All in all i would be dropping maybe 120$ "
Huh???
https://www.amazon.com/Syba-Mini-Gigabit-Ethernet-SD-MPE24031/dp/B00B524102
That looks like $24 to me…
You are correct, however I'll still need to get a SATA DOM (about 50$ for an 8GB), and maybe the flex ribbon (about 9$); there just isnt enough room inside the case for the mini pcie gig card. I realize that there are multiple models of the M92p, I am using the M92p tiny (http://www.channelpronetwork.com/sites/default/files/ee/article_images/m92pIMG_9668.jpg) Under where the connection header is for the SATA HDD is where the mini pcie wireless card resides.
The assumption was 2 additional ports, not a single additional port since i want to practice with load balancing/failover between the TWC line i have now, and the new FIOS line im getting tomorrow. The easiest way to achieve this is through the managed switch I have already and vlans.
Getting back to the original issue at hand, the vlan configuration works, except it doesnt work correctly after a reboot of the switch feeding the modem and pfsense, and rebooting pfsense clears the issue.
-
What I can tell you is I have a sg300-10 with multiple vlans on it, and have rebooted it many times and never had any issues with any of the vlans not working after the switch was back online.
If your saying the interface gets an IP via dhcp.. That tells me the vlan is working via the switch. You would have to troubleshoot why you do not have connectivity. What firmware are you running on your sg300.. 1.4.5.02 is current and what I am running.
I am not running router on stick mode. But I have multiple vlans on interface without any issues..
-
What I can tell you is I have a sg300-10 with multiple vlans on it, and have rebooted it many times and never had any issues with any of the vlans not working after the switch was back online.
If your saying the interface gets an IP via dhcp.. That tells me the vlan is working via the switch. You would have to troubleshoot why you do not have connectivity. What firmware are you running on your sg300.. 1.4.5.02 is current and what I am running.
I am not running router on stick mode. But I have multiple vlans on interface without any issues..
Running the same version. I usually only update when i encounter issues for cisco appliances (the saying "if it aint broke, dont fix it" applies to all enterprise level cisco devices, mainly pointing at catalyst switches that break functionality with major revisions). I've recently reset the switch pertaining to this issue in hopes of resolving it.
Its very odd, but I reset the switch just now and it worked just fine. Oddly enough it didn't work at first (see attached screenshot, cut it off by accident, top left is switch IP, top right is 8.8.8.8), but then it started to respond after several seconds.
I'll keep an eye on it for now, and see what happens going forward, but as a curious thought, is there a way to tell pfsense "hey, if you dont hear back from the internet after 10 minutes, restart yourself"?
SG300-10 top config
switchd22d97#sh run
config-file-header
switchd22d97
v1.4.5.02 / R800_NIK_1_4_194_194
CLI v1.0
set system mode routerfile SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end <snip>!
vlan database
vlan 10-11,40-41
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp pool network managementPool
address low 192.168.11.100 high 192.168.11.254 255.255.255.0
exit
bonjour interface range vlan 1
hostname switchd22d97
management access-list ALL
permit
exit
management access-class ALL
username cisco password encrypted <snip>ip ssh server
ip ssh password-auth
ip telnet server
!
</snip></snip>
-
You do understand that the sg300 is not a fast booter ;) It takes a bit for it to be fully booted..
Oh another thing might be different, you seem to be in layer 3 mode.. But your only using it as layer 2? I saw no reason to put mine in layer 3 - I am not using it as router, have no plans on using it as a router, etc. so mine is in layer 2 mode.
sg300#sho run
config-file-header
sg300
v1.4.5.02 / R800_NIK_1_4_194_194
CLI v1.0
set system mode switchYour running dhcp server off your sg300? Why would you not just use pfsense for that?
-
You do understand that the sg300 is not a fast booter ;) It takes a bit for it to be fully booted..
Oh another thing might be different, you seem to be in layer 3 mode.. But your only using it as layer 2? I saw no reason to put mine in layer 3 - I am not using it as router, have no plans on using it as a router, etc. so mine is in layer 2 mode.
sg300#sho run
config-file-header
sg300
v1.4.5.02 / R800_NIK_1_4_194_194
CLI v1.0
set system mode switchYour running dhcp server off your sg300? Why would you not just use pfsense for that?
It was originally the gateway at some point, an experiment with using it as a router. I have 2x domain controllers handling DHCP for the house off two windows servers redundant to each other (overkill, i know, but hey thats what happens when you're learning), that DHCP server on the switch is just there to handle the assigned management port on the switch should i need to physically connect to it to fix/change a setting.
I do know that is isnt a fast booter, my c3560e is even slower and makes me more fearful that it died (the sg300-10 feels very fast by comparison to a 6 minute boot) I've only rebooted the c3560e twice i think, once shortly after i got it when i was rearranging the power cables (non-redundant), and just recently when i was trying to figure out why the setup using the c3560e wasn't working at all.
Anywho, today's the day FIOS comes in, so i get to have a bit more fun with load balancing :)
-
You want a slow booter, the 3850's are like waiting for a pot to boil while watching it..
