Trying to narrow down the culprit

  • I'm having some bandwidth issues and I'm trying to determine if it the router or the switch...or something else. I have a 1Gbs connection. At the demarc it's full throttle, and at the LAN I get the expected speed when I plug a laptop into the LAN interface. But when I test through the switch, it's <300Mbps. I'm here to see if my setup is correct.

    I have a ROAS setup with the SG-3100 and a Cisco 3560. I have a 1Gb connection on my WAN. (mvneta2). I have several VLANs off the (mvneta0) OPT1 interface. This is trunked to the switch. Everything is routed fine, but the throughput is bunk. I'm trying to see if I should create the VLANs on mvneta1 instead, or if I possibly have something missconfigured. I can't seem to find anything wrong on the switch that would cause something like this.

    I'm getting stumped when trying to trunk 6 VLANs to mvneta1 (LAN1). The Port VID doesn't seem to make sense to me.

    Edit: Also I noticed that the 3100's interfaces (mvnetaX) are not listed as interfaces with VLAN hardware support...?

  • Netgate Administrator

    So do you get the expected throughput on a non-tagged client connected to the OPT1 port directly?

    Choosing to use mvneta1 or 0 shouldn't make any difference to throughput. It just has to go through the on-board switch also if you use mvneta1.

    The PVID in the switch config determines what tag is given to untagged traffic arriving on that port. So for a trunk port carrying only tagged traffic it doesn't make any difference. You should set something there though to avoid any accidental untagged traffic being put onto a VLAN you care about.

    The omission of mvneta(4) from that list in the book is simply that it hasn't been updated.


  • I do get the expected throughput on an untagged port. But not when the traffic is tagged. It's 1/3 the speed when tagged.

  • Netgate Administrator

    So you have tested an untagged client on mvneta0?

    That would be a different interface in pfSense so potentially could have different rules applied, maybe traffic shaping.

    Other than that it looks like some issue in your switch. Do you have another switch your can test there?


  • First I noticed it doing a speed test with I got 1 Gb a the demarcation and when I plugged a laptop directly into the OPT1(mvneta0) port (my LAN connection). I have several VLANS created, and when I throw the switch in the mix, the speed drops tremendously. It doesn't seem to be affected when I use native vlan 1 however. I have a pretty straight forward setup on the switch and have been in other Cisco forums to troubleshoot the switch. It's an older 3560 but it doesn't seem to be the issue - at least from a configuration standpoint.

    When I run iperf locally, I get about the same speed <400Mbps.

  • Netgate Administrator

    iperf between where and where?

    Try setting a VLAN on the client directly an connecting it to the 3100 port. That will rule out the switch, or indicate it's is the switch.


  • @stephenw10

    I ran iperf on my laptop and on pfsense. Although it was a bit of a struggle - it seems buggy within pfSense. I had my laptop in the Cisco switch's untagged VLAN. Throughput was fine. When I move that same switch port to a tagged VLAN, speed dropped.

    Try setting a VLAN on what client?

  • Netgate Administrator

    You might try using the iperf3 CLI client on pfSense instead:
    pkg install iperf3
    But testing from the firewall is not a good test generally speaking.

    You can set a VLAN on the client directly to remove the switch entirely and still use the vlan interface in pfSense to test just that. How easy it is to do that does depend on what OS and driver your client is using though.


  • @stephenw10
    Thanks for the advice. If you know of any resources to set a vlan tag on a client, please point me in that direction. In any case, I decided to replace the switch. We'll see if this resolves the problem.

    But just to clarify, using the OPT1 (mvneta0) port as my LAN (trunk) port shouldn't be an issue, correct?

    Edit: Using iperf3 on pfSense fixed the errors I was getting. Thanks!

  • Netgate Administrator

    Ah, nice. What was the cause for reference?


  • Still not sure. I'll be bringing the new switch online later this week.

Log in to reply