Netgate XG-7100 - Optional interfaces



  • Got another question thats been bugging me and my collegues.

    We have worked a lot with virtual pfsenses and feel fairly comfortable configuring and use them in large scale but recently we been getting XG-7100 boxes and some with optional interfaces, 4 extra, that seem to cause us some headache.

    I thought I could configure those interfaces like any other virtual interfaces but they dont seem to behave the same way at all.

    Our scenario is this. We want to use OPT3 to OPT6 as isolated LANs with their own IP addresses and then have DHCP enabled on them to dish out IP addresses to clients. Configuring them is no issue and all seems just fine. Example 172.10.10.1 as gateway and the DHCP set to give out 50-200 range. 24 net.

    We dont get any IPs given out from the DHCP at all from any of the ports. Firewall see no traffic at all from those OPT nics at all even though rules have been set to allow all traffic from all directions. Just for testing. The rules are set on each OPT3 to 6 nic.

    It feels a bit like the optional nics isnt allowed to talk to the firewall for some reason. I been reading up on the XG-7100 and its switch behaviour and as I can see it talks through lagg0 interface (default) via the internal components. Do I need to set the optional nics to lagg0 uplink as well for them to talk to the firewall?

    I havnt set any vlan on the optional nics as my original plan wasnt to separate them that way but rather by the physical nics and firewall rules.

    I cant find any documentation on this scenario. Any pointers would be appreciated.



  • I'm having the same issue. Were you able to get it resolved. I have vlans setup on each individual interface and from a client on LAN I am unable to ping the gateway addressed for all the VLANS even with allow all firewall rules.


  • Netgate Administrator

    This looks like two different issues potentially.

    1. Configuring an additional multi-port NIC in the expansion slot.

    2. Re-configuring the switch ports (Eth1-8) to provide separate interfaces.

    In both cases opening a support ticket is probably the quickest way to get answers.
    Otherwise posting screenshots of your config and a description of what you;re trying to achieve will allow us to help you here.

    Steve



  • https://www.netgate.com/docs/pfsense/solutions/xg-7100/switch-overview.html

    2. Re-configuring the switch ports (Eth1-8) to provide separate interfaces.

    You can't do that. The only thing you can do is to use vlan to separate ports. Vlans are not separate interfaces in my opinion.



  • I have the add-in nic and I can't get anything out of them either on 2 different units.  I went back to the basic config and just put those ports enabled with no vlans, and with just dhcp and I can't get anything either.  The interfaces report up/down correctly but that is it.

    Andy



  • From console with option 1 do you see add-in card interfaces ?
    Or during pfsense boot ?



  • Yes they show for me.

    If I try to change the IP of even the switch based lan interface then that interface even becomes inaccessible.  I can deal with the switch not working but I really need the four port interface working.



  • Hello,

    I'm in the exact same situation as ConnyLindquist... have you find any solution ?

    Thanks



  • Hi,
    some weeks ago I wanted to buy the 4 Port 1Gb Intel Addon Card for my XG-7100, but Voleatech (German Netgate Partner) told me to better keep my hands off them ATM because of very buggy drivers. :-(

    -Rico



  • It is not documented how optional interfaces connect to the XG-7100 1U Denverton SOC.

    There are four documented SOC connections.

    There are two SFP+ transceivers at 10 Gbps each. However, new at the Netgate store are alternate choices of SFP 1 Gbps transceivers. I suspect it is not as simple as just different transceivers.

    Then there are the dual LAGGs at 2.5 Gbps each which connect the Marvell switch.

    So how would optional interaces connect if the four connections are already in use?

    I already have an Intel i350-T4(V1) which I am not using. It has been around for several years so I would be surprised if there was still a FreeBSD driver problem.

    There is a message shown below at the Netgate store which makes you wonder.

    PLEASE CONTACT US IF YOU ARE ADDING YOUR OWN CARDS TO DISCUSS ADDITIONAL NECESSARY COMPONENTS.



  • Thanks for your replies.

    My additional card have been bought on the official store, supplied with the router, so I guess everything has been prepared upstream...

    It's a Supermicro AOC-SGP-i4, which has effectively an Intel i350 chipset.

    I'll check with the support, maybe the card is faulty.



  • Hi,

    I've been in touch with the support, they recognize a problem with the additionnal cards...
    Their message:
    currently there is an issue with add on NIC to the XG-7100, we are working with the manufacture to resolve this issue as quickly as possible.

    So wait and see...



  • Hi Netgate Support,

    I'm on the exact situation as well. We are also experiencing the same problem for the 4 Port 1Gb Intel Addon Card we bought, after we install it on the XG-7100 netgate hardware. After we set the WAN IP address of our ISP on the OPT interfaces, their not working or the status are offline. Please give us update when it will fix. Thank you.



  • Hello,

    I relaunched my request to the support last week, and they are not able to give me any time line of when this will be working...
    It seems to be a driver problem.

    I hesitate to send back the hardware.

    For the moment, we bought a router which is just unusable...



  • Hello,

    Just to keep you informed, I decided to send back the router to Netgate.
    I need a router and I can't wait indefinitely.

    Very disappointed...
    I work on PfSense systems since several years, installed on self-made hardware, that's why I decided to buy an "official" dedicated machine for that system.
    I'll start again making my own machine, that's ultimately the best solution.


  • Galactic Empire Netgate

    We have found the cause for this issue. Turns out it's a bug in coreboot which prevented the PCIe x4 slot from functioning properly.

    We are working on a fix, and will update this thread as soon as an updated coreboot is released.



  • @ivor On August 6th. a member of your sales team confirmed to me that the issue with the 4-port NIC add-in card should be fixed with the 2.4.4 release.
    Is that still the case?


  • Netgate Administrator

    Yes. I have tested the new Coreboot version myself and add-on cards function as expected with it.
    The new Coreboot update package with it included will be in the 2.4.4 repo.

    Steve



  • I'm having the same problems on 2.4.4-RELEASE (amd64). I received the optional 4 port card today, installed and reinstalled pfSense, allowed rules for all. Can ping inside the firewall, but nothing from/to the ports. Interface stats shows 0 packets.



  • @gruvalnyte said in Netgate XG-7100 - Optional interfaces:

    I'm having the same problems on 2.4.4-RELEASE (amd64). I received the optional 4 port card today, installed and reinstalled pfSense, allowed rules for all. Can ping inside the firewall, but nothing from/to the ports. Interface stats shows 0 packets.

    Did you update Coreboot as well? https://www.netgate.com/docs/pfsense/solutions/xg-7100-1u/adi-bios-flash.html



  • I didn't realise that was separate procedure. The pfSense image I received from support, I'll have to investigate how to update Coreboot. Cheers for the direction!

    update: Updated Coreboot from package manager and works perfectly! Thanks for the help!


  • Netgate Administrator