Interface with my AP cuts out regularly
-
Every so often, the interface with my access point will cut in and out. A continuous ping on Windows will show 5 lines of "Request timed out" when this happens. I'm wondering how to find out what's doing it. It's not the switch hardware because I moved my access point from its original switchport to the one listed below. The same log entries showed up when it was on its original port. The AP is a UniFi connected to a POE injector, in case that's helpful/relevant.
Nov 13 12:50:04 check_reload_status Reloading filter
Nov 13 12:50:03 check_reload_status Linkup starting e6000sw0port4
Nov 13 12:50:03 kernel e6000sw0port4: link state changed to UP
Nov 13 12:49:43 check_reload_status Reloading filter
Nov 13 12:49:42 kernel e6000sw0port4: link state changed to DOWN
Nov 13 12:49:42 check_reload_status Linkup starting e6000sw0port4
Nov 13 12:35:57 check_reload_status Reloading filter
Nov 13 12:35:56 kernel e6000sw0port4: link state changed to UP
Nov 13 12:35:56 check_reload_status Linkup starting e6000sw0port4
Nov 13 12:35:37 check_reload_status Reloading filter
Nov 13 12:35:36 kernel e6000sw0port4: link state changed to DOWN
Nov 13 12:35:36 check_reload_status Linkup starting e6000sw0port4
Nov 13 12:35:11 check_reload_status Reloading filter
Nov 13 12:35:10 kernel e6000sw0port4: link state changed to UP
Nov 13 12:35:10 check_reload_status Linkup starting e6000sw0port4
Nov 13 12:34:52 check_reload_status Reloading filter
Nov 13 12:34:51 kernel e6000sw0port4: link state changed to DOWN
Nov 13 12:34:51 check_reload_status Linkup starting e6000sw0port4 -
Assuming that AP and the Windows computer are on the same subnet, pfSense would not be involved. The PoE injector could certainly be an issue or perhaps bad cables. Then again, the AP could be flaky (pardon the technical jargon
). -
@JKnott Well & that's what I'm hoping to rule out. Switching ports and having the same result tells me that it's either the setup somewhere between the cabling, the POE injector & the AP itself or it's something that the pfSense is doing to cause the interface to basically do a "shut / no shut" but I don't have good enough logs (that I can see so far) that say anything about the pfSense doing anything to administratively cause the interface to go down and then bring it back up. Looking at the dashboard for the AP, I see that it's not rebooting. Whatever it is, it's quick(ish) and I'd like to know if it's strictly something on the AP side or if it's strictly something on the pfSense side or if it's something that is on the AP side (some kind of flapping or something) that then causes the pfSense to administratively take action, which then makes the whole process take a little longer than if the pfSense would just leave it alone. I'm new to pfSense/Netgate, so I don't know how to further diagnose.
-
I'm doing a few continuous pings during this testing. Interestingly, I'm able to continue pinging the IP of the AP but when this issue happens, I'm not able to ping the Netgate box nor get to the Internet (both give me generally 5 "Request timed out"s, as I previously mentioned). So the AP stays up entirely. Why would access to the gateway, and therefore access to the Internet, go down on a regular basis?
-
Why would pfSense do anything to shut down a switch port on a different device? How could it know what's out there? All it can see is a valid Ethernet signal connected to it. It could also be a failing AC adapter that causes this. You'll just have to try to eliminate things one at a time.
-
@mh13 said in Interface with my AP cuts out regularly:
Why would access to the gateway, and therefore access to the Internet, go down on a regular basis?
Maybe the switch is going or even the computer. Only testing and isolating will tell. Since you have problems pinging both the AP and router, then the problem is probably one of those 2 or maybe a cable. Try connecting the computer directly to the Netgate and see if it fails. Again, directly to the AP. However, cables are always a prime suspect for intermittent problems.
-
@JKnott I'm not sure what you mean about a switch port on a different device. I was wondering if my netgate device was seeing something that caused it to administratively shut down & then bring back up one of its own switch ports, like how a watchdog service will restart a service once it spots an issue
-
@mh13 said in Interface with my AP cuts out regularly:
I'm not sure what you mean about a switch port on a different device.
PfSense doesn't know what's out there. It just sees a valid Ethernet connection. The device could be anything, including a switch, computer, routers, AP, whatever. Since it doesn't know what's out there, there is nothing it could do to cause a port on that switch to shut down. There is no direct connection between ports on a switch, just the circuits that receive a frame on one port and forward it to another. There is no mechanism for one switch port to control another.
-
Yeah, pfSense does not shut down the switch ports like that. They can be set to stop forwarding or to a bad link type etc but that only happens when the switch is configured not in reaction to anything else. If it was you would see it on the internal port, mvneta1 if that's an SG-3100.
Do you have just the Windows client connected via wifi to the AP and that to the pfSense switch port via the PoE injector?
No other switches etc?Try putting a switch in between if you can. If the switch port logs stop, and nothing else is logged, in pfSense but you still lose connectivity it's something in the AP most likely.
Steve
-
While I did not put a switch in between, as suggested, I do not have the same problem when this same AP is plugged in to a different brand router/firewall of mine. I just did this today. I was streaming a video that kept cutting out (looked like it was stopping & buffering a bunch of times but the netgate was giving me those "interface down"-type messages like I posted originally during those times). When I moved the AP over to my other brand firewall, the buffering look & cutting out stopped completely. It may be something about the AP, but it's got to be [at least also] something about the netgate that is more sensitive or something.
-
Could be an issue with negotiations with the AP interface and the Nic.. What router did you plug it into? If some soho device prob just a switch port.
What box is pfsense running on?
-
It's certainly not an issue I've seen on any of our switch port devices. Putting a switch in between would be a good test.
If it is a link negotiation issue you could potentially set both sides to a fixed speed/duplex.Steve
-
@stephenw10 said in Interface with my AP cuts out regularly:
If it is a link negotiation issue you could potentially set both sides to a fixed speed/duplex.
if you he wants to set to 100 or 10 sure, but that is not something you should ever do with a gig interface... Didn't we just go over that ;)
-
Yup, indeed.
Hence I added potentially in there.Whilst you should not ever need to set fixed 1G, and
you canI would argue it's an invalid setting, if both ends allow setting that you might as well try it. Assuming it i a link neg issue at all. Prove that first with a switch in between. -
I put a switch in between, and now the issue has cleared up. Thanks for the suggestion. So @johnpoz or @stephenw10 why would one not set a fixed speed at 1000 for an interface? I can think of a time where I had to do that on a firewall that defaulted to 10000 so if you had a gig connection, you had to specify. Why under normal circumstances would someone not do that vs. being able to do it with 10/100? What am I missing? I've just not heard that line before
-
In general, the rule is to use auto-negotiate, unless you have a specific reason to lock the connection. One example is with fibre media converters, which only operate at 1 Gb. If you set one end to a fixed rate, then you must also set the other end the same way. Also, if you do that, make sure it's recorded or marked, so that someone doesn't just move the cable from one switch port to another and all of a sudden, a problem appears. Some places use different colour cables to identify special ones. However, auto-negotiate generally works as advertised, so just leave it at that.
-
@JKnott So is it mostly because it's an old school process, fixing a speed, and it was more done in the 10/100 days?
-
All gigabit copper is autonegotiate. Period.
You used to have to hard-set a port to match another hard-set port on the other end of the link or autonegotiate on one side only could mis-negotiate the correct speed/duplex. All 1000BaseT ports must have autonegotiate enabled.
Leave it set at the default, usually autonegotiate. That is almost never the incorrect setting.
Specifically setting autonegotiate can cause an extra ifconfig and a port down/up that results in a death spiral of each side going down/up in response to the other.
Chattanooga, Tennessee, USA
A comprehensive network diagram is worth 10,000 words and 15 conference calls.
DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
Do Not Chat For Help! NO_WAN_EGRESS(TM) -
@mh13 said in Interface with my AP cuts out regularly:
@JKnott So is it mostly because it's an old school process, fixing a speed, and it was more done in the 10/100 days?
I don't ever recall it being old school process. I only recall it being done when necessary. One of the advantages of multiple speed switches is you didn't have to worry about what was connected to what port. You just plugged it in and it worked.
-
@Derelict said in Interface with my AP cuts out regularly:
All gigabit copper is autonegotiate. Period.
Not quite. I have worked with some fibre media converters, as I mentioned above, that were fixed at 1 Gb.
