XG-7100 IX0 fiber to Unifi Switch as LAN connection



  • Howdy folks. I'm wondering if anyone has any advise how to configure IX0 with a fiber module to be used as the main LAN connection to a Unifi switch. RJ45 ports on my switch are limited, so I wanted to use the SFP port to connect the gateway to the main switch network instead of from XG-7100 ETH2 to the switch. And I rather need all of the Unifi POE RJ45 ports ATM.

    The fiber module I have for the XG-7100 is what I got from the original order of the gateway so I'm assuming its compatible. The modules for the Unifi i've confirm can link 2 Unifi switches.

    I think i'm not understanding how to configure the XG-7100 to establish the link from IX0... and I have to admit when it comes to this i'm a bit of noob so I'd appreciate some advise/help.

    My goal though is to use IX0 as the main LAN connection from the gateway to my network. I'd settle for now at least to just verify that the fiber module in the Netgate can communicate with the fiber module in the Unifi switch though.

    Anyone have any knowledge they can drop on the subject, would be much appreciated.

    Thanks,

    --jason



  • I'm wondering if this maybe related:

    https://forum.netgate.com/topic/131725/xg-7100-sfp-module-1gbps/6

    ... as the switch I'm trying to connect to IIUC only supports 1gbps, and this article hints that it can't negotiate 10 down to 1?

    --jason


  • LAYER 8 Netgate

    What is the output of ifconfig -v ix0 with the module inserted and patched to the switch?

    That is safe to run either in Diagnostics > Command prompt or on the ssh/console after entering the shell using menu option 8 (enter exit to get back to the menu).



  • Unfortunately my reply is marked as spam "post content was flagged as spam by Akismet.com".

    But I've saved it here:

    https://gist.github.com/jdillon/23967319d60bedf859cace4a50a41179

    I did something as well, unsure what, that required me to reset everything to establish a connection to the netgate gateway.

    Its does appear that the 10g direct-connect can't auto-negotiate down to 1g to the switch; The fiber module if I tell it to use 1g seems to make a connection though, so that is some progress.

    I was hoping to use the direct connect adapters, but since I have to fiber stuff already, as I wasn't sure what would work, its not a big deal.

    But the switch configuration for XG-7100 still confuses me a lot.

    I have for now for additional testing setup ix0 as a separate sub-net for testing



  • FTR I eventually got this working; google helped and I found:

    https://www.cyberciti.biz/faq/how-to-pfsense-configure-network-interface-as-a-bridge-network-switch/

    and once I following this, I was able to get LAN and OPT1 to work as desired.

    The only other wrinkle was I had to force the speed on the Unifi side on the SFP port to 1g else it would drop the connection every few seconds.


  • LAYER 8 Netgate

    Zero idea why you would need anything to do with a bridge to connect to a switch. LACP lagg maybe, but a bridge makes no sense.



  • Well, its not 100% happy, now none of my vlans work to flow traffic from pfsense to the swtich, so It may still not be the correct solution.

    I really just want to have ETH2-8 + OPT1 as "LAN"; where OPT1 is the main connection to my switch network via fiber module. Though I have 4 other vlans which also need to flow across the switch network; and I had that working with ETH2 connection to the switch.

    :-\

    --jason



  • @Derelict any suggestions for what I'm trying to do? Much appreciated if you can. Thx.


  • LAYER 8 Netgate

    Just forget about OPT1 being a member of the switch VLAN.

    That XG-7100 unit has a built-in switch. Bridging that with OPT1 will only slow things down as you will no longer be using switch hardware but will be using a software/CPU bridge.

    If you need OPT1 connected to a switch, connect it to a switch.

    If you absolutely need those XG-7100 ports to be on the same broadcast domain as OPT1, I would disable the trunk links back to pfSense (no 9t,10t tagged ports on the built-in switch on that VLAN) and patch it to your external switch.


Log in to reply