SG-3100: What in a setup can kill the switch, but not the OPT1 interface?
I've been trying for several hours to get my SG-3100 up and running again with the configuration I had. I did an upgrade to the latest version of pfSense today, and the switch part of it seems to have died! Those four ports do not work at all, there's no way to contact them. (Johnpoz, if you see this, this is not the pfSense box from the other threads that one is in my house, this is at my cabin/summer home). The switch is connected to some other equipment (because of where my automation stuff is it was logical to have four Pi's there instead of spending money on an extra, unnecessary switch). My main network goes via my Windows server and is on the OPT1 plug.
That works, but after 10 minutes I got the warning from my automation system that the Pi's were out, so I started to investigate and found out that plugging anything in there didn't work at all. Not even setting a static IP on the correct subnet under the settings of the network card helps. This is a setup that has been running 24/7 since I set it up some weeks ago (after replacing an SG-1000 that was too slow for my needs), and I have not changed anything that should be able to create such a problem.
The only extra package there is the HA Proxy for my home automation (with only two entries), and that works as it should from the OPT1 interface.
I have replaced it on my production network with my old Asus 66-ruter (good thing I didn't change the setup on that one, I was about to use it as a guest router). After a few hours trepidation I reset it to factory (fearing that it would kill my OPT1 too), and that made the main ports come back! That upgrade to the latest versin may just as well be correlation as causation, because it's the first time that thing has been rebooted in a long time.
I then tried to restore my config, and of course that made the same thing happen again, so I guess there's something in my config. What would give these symptoms? The dumb thing is that I didn't think about that the reset would kill my backups on the device, so I now don't have the stuff I used to set it up originally. I will set up the basic stuff, but before I go into the rest, it would be nice if somebody had an idea I could try so that maybe I could use my former config.
I have read about the default deny rule, but should it come this often? It just flows in here!
Weird stuff... I backed up everything bit for bit from the non-working stuff and then restored it bit for bit into a factory reset, working config. And it seems to work still. But doing a compare in Notepad++ shows me this part missing from the non-working config:
<switches> <switch> <device>/dev/etherswitch0</device> <vlanmode>PORT</vlanmode> <swports> <swport> <port>1</port> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>2</port> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>3</port> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>4</port> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>5</port> <state><![CDATA[forwarding]]></state> </swport> </swports> </switch> </switches>
Also this is missing:
cert> <refid>AFEWNUMBERSANDLETTERS</refid> <descr><![CDATA[webConfigurator default (SAMEAGAIN)]]></descr> <type>server</type> <crt>MANYNUMBERSANDLETTERS</crt> <prv>MORENUMBERSANDLETTERS</prv> </cert> <ppps></ppps> <dnsmasq> <hosts> <host>MYHOST</host> <domain>MYDOMAIN</domain> <ip>192.168.1.100</ip> <descr><![CDATA[COMPUTER NAME]]></descr> <aliases></aliases> <idx>0</idx> </hosts> <hosts> <host>MYHOST2</host> <domain>MYDOMAIN</domain> <ip>192.168.1.100</ip> <descr><![CDATA[NAME OF COMPUTER]]></descr> <aliases></aliases> <idx>1</idx> </hosts> <enable></enable> <custom_options></custom_options> <port>54</port> <interface></interface> </dnsmasq>
Glad you got it working now, however if it happens again please let us know.
Will do! I'm guessing it was the first bit of code that caused it, since it seems to define the switch. And when that's not defined no data will of course go over it.