[SOLVED] SG-1000 needs Switch for WAN Static IP?
-
We have a new SG-1000. Works great until we try to deploy it with a WAN static IP with our ISP.
Our ISP provides us with a Cisco 2950 (gateway I believe). Our previous router was connected to it and configured with a static IP address. Connecting the SG-1000 in the same way with the same configuration and it will not make a successful connection.
We have a SG-2220 and SG-2440. Both work fine setup and configured the same way.
In testing, we found that if we put a switch between the SG-1000 and the ISP's gateway, it will work.
Connecting the SG-1000 behind our current router (Fortigate) it will work with both DHCP and static IP.
In diagnosing, we did a packet capture on the WAN interface as it starts, when connected to the gateway router, we can see ARP packets arriving and leaving (correct MAC's). SG-1000 asks "who-has". We see the reply "is-at" from the gateway. Followed by yet another "who-has" and "is-at" from the gateway. The SG-1000 seems to not hear the "is-at" but the packet capture is happening on the SG-1000 so we know it has reached the interface โ it just does not register with the SG-1000.
I am at a loss as to the next step. Buying a switch to sit in front of the SG-1000 does not seem like a long-term work around.
Some things we have tried
- re-entering settings
- rebooting
- factory reset
- changed cables
- OS update (twice)
Any assistance would be appreciated.
-
What interface settings are you using on the SG-1000? Are you sure you didn't miss something like a hardcoded speed/duplex setting?
-
Hi jimp,
Thank you for your reply. I have little experience with speed/duplex settings (things usually just work with autoneg) โ could that result in some but not all traffic? My assumption was it would not work at all if there was a mismatch.
Is there a reason why the SG-1000 would not work but all the other pf/Negate devices work?
It may explain why the switch makes it work but the SG-1000 does not.
I will give it a try and let you know. Thanks again.
-
A duplex mismatch would result in interface errors, which could mean dropped packets, slow speed, missing traffic, anything of that nature.
We have heard of a couple cases when they have been sensitive to dodgy cables that appear to work fine in other gear, and on rare occasions we've also seen it have trouble talking to a port on other devices, though not usually a switch. Most commonly it comes back to a duplex mismatch or a flaky cable though.
-
Connecting other devices to the Cisco switch, it appears to be running at "10baseT/UTP, full-duplex" and is auto-neg.
So, we tested on all the settings in the SG-1000 including "10baseT/UTP" and "10baseT/UTP, full-duplex". We have also swapped all the cables. The issue persists.
The fact it runs fine when connected through a intermediate switch and the fact the Cisco is running at 10, does suggest the issue is the SG-1000 sensitivity.
Not sure how to diagnose further.
-
There have been other reports of the SG-1000 having difficulty with switches forcefully using 10baseT. One notable example here in the forums (https://forum.pfsense.org/index.php?topic=124518.0) was someone who installed the SG1000 in a datacenter, and the datacenter was only giving 10baseT as a way to limit bandwidth. Sounds pretty cheap by the ISP/datacenter.
This would be why jumping through an intermediary switch will help the negotiation, because the SG1000 will negotiate at 10/100 to the switch, and the switch negotiates the 10baseT to the ISP handoff. Solution 1.
Solution 2 would be to request a "normal" 100baseT connection from your ISP.
-
Try a crossover cable.ย ;)
-
chpalmer, funny you should say that. The existing connection was a cross over cable. Used it because it happened to be red. My first thought was that was the issue โ it got swapped out very early.
moikerz, thanks. We are going to talk with the ISP. However, it would seem better to figure out what is wrong with the SG-1000. And, as far as using another switch, that erodes the economics of the SG-1000 if you need to buffer it with another switch.
-
Sounds like a funny question but how long are the cables you're using?
We had a couple issues come up like this that were also due to under-spec cables, less than 1m/3ft in some cases, and some very long cables that were poorly made. I think that was more of a loss issue than negotiation but it's still worth checking.
-
We have confirmed the issue is the SG-1000 not liking the Cisco's switch being fixed to 10Mbps Full Duplex. The ISP changed their device to autonegotiate and the SG-1000 works as expected.
Thank you to everyone for the assistance.
