SG-1100 Traffic loss when WAN enabled
-
I bought a SG-1100 to replace a dead ER-x and while all the links/addresses are working, I get disappearing packets as soon as I plug in the WAN link. The network configuration should be the same as the old device, so I either missed something obvious or there is some difference I am not taking into account.
The 10.99.98.1 is the sg1100 default gateway, there is nothing else in that vlan - I have an ER-X on the other side using the 10.99.99.1 gateway on another transit vlan without issue.
The 192.168.2.x is the management vlan, the er-x (2.1) is the default gateway out to the internal network for that. There is a static route on the sg-1100 for 192.168.0.0/16 -> 2.1
As soon as i plug in the wan link the management connections (web/ssh) become sporadic, and the wan initiated links also become sporadic (curl from the sg-1100, etc..) I dont comprehend why it would do this, I wasnt sure if I was missing a routing loop somewhere, but its a really simple topology and I plugged a spare er-x into the same spot with the same addresses and no issue.
I dont see anything unusual in packet captures, both sides just show no packets for a few seconds every so often, I dont have a way to capture from the switch at the moment.
Anyone have an idea what I am doing wrong?
-
guess i cant post images, i made a bad one at:
https://ibb.co/P4by566 -
It guess it's me, but after reading I would ask for an image.
I just saw the image ... I'm lost.
What happened to "the keep it simple and straight forward" method ?I can assure you, that when I plugin a WAN cable into an upstream router, my pfSense works.
(after testing this == WAN plug ok, etc) you should start VLANning ... set by step. -
It appears I just expected to much from it. I cant do any sort of commands or GUI clicking around without it dropping traffic. It looks like if I stay out of it I can get 500mb or so testing with iperf, but as soon as I click around, the throughput drops to < 100mb and packets are lost.
Guess I'll just eat the return cost for it. -
@sidiov said in SG-1100 Traffic loss when WAN enabled:
Guess I'll just eat the return cost for it.
Because of a severe routing and/or VLAN problem ?
A 10K$ box wouldn't do any better.ASG-1100 can handle a "close to a GB" - hard to beat for the price.
-
@gertjan It's not a vlan/routing issue. It happens when directly connected to the outside router as you suggested. I also have 2 other routers (er-x) that arent having the issue in the same ports, and 1,600 routers in individual locations without issues. My original thought was to use the sg-1100 to start replacing the old ubiquitis but they dont seem to handle the same amount of traffic.
--Well , they do sort of handle it.. but only as long as I dont log in and try to do anything at the same time. Thats a little excessive for me even if we dont have to log into them but rarely. -
Ah, ok.
If login into the GUI somewhat bring the device on it's knees, then that's not good at all.
-
@gertjan Just FYI, lied.. its not a performance issue. It's the fact that the SG-1100 uses a switch for all 3 interfaces, and you cant assign a different MAC to each interface or VLAN.
I thought it was because i was logging into the GUI, but that was just a symptom of the arp table updating, so no matter what device you plug it into its trouble. From searching, I guess this is a FreeBSD limitation so pfsense+switch boxes is out for me.
Sorry for the confusion. -
Limitation of mac address wouldn't be an issue unless your plugging your wan and opt/lan interface into the same L2?
-
Not exactly, the 'switch'ing device in the middle in our case is SVL and they (and all vlans) are controlled by another entity. I'd have to get some FID entries in there, but it'll just be easier to stick with devices with separate NICs (or the ability to mac spoof).
