Interfaces won't pass traffic after restore from working backup on XG-7100
-
Ok, gonna try not to turn this into a novel but I'm at my wits end...
Have a single Netgate XG-7100 that's working fine with eth1 a WAN connection, eth2 the LAN connection, eth3 another WAN connection and eth4 a 4g adapter. eth1 and 3 are static IP's, while eth4 is dhcp. eth2 is running a dhcp server for the corporate lan. On the standalone unit everything is working fine but it's a loaner. I figured I'd backup the config from the loaner and restore it to unit 1 of the HA pair and just run standalone until I could add the HA config and VIP's...
So took a backup of the working unit (all 4 interfaces up and humming along as intended) and restored it to the target. Everything looked good so I moved all four connections over to the same ports as the loaner and only eth1 and 2 came up correctly. Eth3 says up with the right IP assigned but isn't passing traffic (shows a few bits of outbound traffic but not showing up under gateways and not able to ping like eth1 is) eth4 claims to be up but is not getting a DHCP address from the 4G appliance. I thought perhaps the core router was caching MAC addresses (even though eth1 comes through the same vendor router) so rebooted that as well as the 4G appliance...no affect. when I moved all the connections back to the loaner model everything just worked.
I'm at a complete loss for what to check so was hoping someone here had some inspiration...
Thanks in advance!
-
I would look at the output at the command line or
ifconfig -aandetherswitchcfg. It sounds like you have something low level missing there.It's possible the running device has some temporary setting that is not in the config allowing it to work. I would not reboot that unless you have to!
If you still have issue there I would suggest opening a ticket with us at: https://go.netgate.com where we can review the real private config.
Steve
-
@stephenw10 the uncommitted change has me on pins and needles...is there a way to force the running config to memory so I can get a complete backup? I'm not in the office today and that FW is not on the network that I can reach remotely so I'll run the command between both units to see if there's any noticeable difference.
-
It's not like an uncommited change like you might find on a switch. If there is something set that's allowing it to function it would have to have been done manually from the CLI. There's no way for the config to know about that but it seems unlikely unless maybe there was a lot of trouble-shooting on that firewall at some point.
Try running those two commands on the running firewall and compare the output with the non-running device.Did you open a ticket?
Steve
