Install on NETASQ U30 S ?

stephenw10 · Feb 12, 2020, 3:02 PM

Hmm, OK.
It looks like the Atheros AR8328 does not have a serial interface that could be used to configure it unlike the other Netasq devices. That makes things immediately 100x more difficult as you need to configure it via MDC/MDIO or
via the config eprom directly.
Netasq/Stormshield OS is built on FreeBSD though I believe, they have contributed stuff back into the base. Unfortunately though I don't see the 8328 as supported:
https://github.com/freebsd/freebsd/tree/master/sys/dev/etherswitch/arswitch
Unless it's so similar to the 8327 it might be able to use that. We are still talking about significant work to get it running.

One thing you might try here is Installing OpenWRT which does have support AR8328 switch. Even if just as a test.

Kind of curious what those jumpers might do but it's hard to recommend you change them without knowing. Are they labelled?

Steve

xobix · Feb 12, 2020, 5:33 PM

@stephenw10 said in Install on NETASQ U30 S ?:

Netasq/Stormshield OS is built on FreeBSD though I believe, they have contributed stuff back into the base. Unfortunately though I don't see the 8328 as supported:
https://github.com/freebsd/freebsd/tree/master/sys/dev/etherswitch/arswitch
Unless it's so similar to the 8327 it might be able to use that. We are still talking about significant work to get it running.

How can I try that ?

@stephenw10 said in Install on NETASQ U30 S ?:

One thing you might try here is Installing OpenWRT which does have support AR8328 switch. Even if just as a test.

I did it PM.
eth1 is a Broadcomm, but down. nothing appends when i plug a cable in one of 4 ports.
I don't know what test I have to do.

@stephenw10 said in Install on NETASQ U30 S ?:

Kind of curious what those jumpers might do but it's hard to recommend you change them without knowing. Are they labelled?

Yes they are : JP3 et JP4

stephenw10 · Feb 13, 2020, 1:35 PM

So you did install OpenWRT already?

I'm not sure exactly what you were seeing as Broadcom. The two NIC would still be Intel. It may have created a bridge as OpenWRT usually does.
You probably have to install the correct switch control modules for it to see and recognise the switch. Not entirely sire what those might be though...

xobix · Feb 16, 2020, 8:41 PM

I will search on this way

xobix · Feb 16, 2020, 8:41 PM

Nothing better...
I don't understand why cu command freez on "connected"

stephenw10 · Feb 16, 2020, 11:22 PM

The 'connected' output is generated by cu, it implies that cu is connected to the port. After that there is nothing there because there is nothing connected to the second com port. It's listening but nothing ever arrives.

You can only configure that switch chip via the MDC/MDIO bus.

Steve

xobix · Feb 17, 2020, 9:22 AM

@stephenw10 said in Install on NETASQ U30 S ?:

The 'connected' output is generated by cu, it implies that cu is connected to the port. After that there is nothing there because there is nothing connected to the second com port. It's listening but nothing ever arrives.

In bios COM1 and COM2 are mapped with physical interface. is there a relation to ?

@stephenw10 said in Install on NETASQ U30 S ?:

You can only configure that switch chip via the MDC/MDIO bus.

it's doable for me ?

stephenw10 · Feb 17, 2020, 5:24 PM

I mean anything is possible; it's a simple matter of coding.

But if I were doing this I would start by trying to get OpenWRT to work with it as that's much closer to what you need to talk to the switch. Once that is working you will know exactly how it's connected and what it can do so it would make any work in pfSense much easier.

Steve

xobix · Feb 17, 2020, 6:33 PM

Unfortunately there is no Steve to help me on openwrt .
I find many drivers for wireless Atheros but no for AR8328.

stephenw10 · Feb 17, 2020, 7:27 PM

Unfortunately there's not enough space in my head for that!

But they have support for the AR8328 it's not as a separate driver, it's probably included and you just need to configure it to know there is a switch on em0 or whatever the interface is detected as there.
https://openwrt.org/docs/techref/hardware/switch#qualcommatheros

Most x86 stuff doesn't have a switch so it's probably not enabled by default.

Steve

bolino · Mar 11, 2020, 2:56 PM

@stephenw10 : hello, i successfully intall pfsense and manage interfaces with the help of this procedure ( serial connexion ) :

Define 2 VLAN at startup : VLAN 1 et VLAN 2 both on em0 interface then,
Assign em0_vlan1 to WAN
Assign em0_vlan2 to LAN
The switch configuration hereafter has to be respected to obtain :
port 1 = WAN
port 2 to 6 = LAN

Configuration of switch NetASQ_U70 :
cu -s 9600 -l /dev/ttyu1

vlan
VLAN> aware 1 enable
VLAN> pvid 1 none
VLAN> frame type 1 Tagged
VLAN> aware 2-8 disable
VLAN> pvid 2 1
VLAN> pvid 3-8 2
VLAN> del 1-4094
VLAN> add 1 1-2
VLAN> add 2 1,3-8
VLAN> config
VLAN Configuration:
Port Aware PVID Ingress Filtering Frame Type
1: enabled none disabled Tagged
2: disabled 1 disabled All
3: disabled 2 disabled All
4: disabled 2 disabled All
5: disabled 2 disabled All
6: disabled 2 disabled All
7: disabled 2 disabled All
8: disabled 2 disabled All

Entries in permanent table:
   1:  1,2
   2:  1,3,4,5,6,7,8

VLAN>
Use the cu(1) escape sequence <Enter> then ~ (tilde) followed by . (dot)

stephenw10 · Mar 11, 2020, 3:02 PM

Yes it's possible on the larger boxes as the switch has a console to configure it.

But it appears the U30s does not.

Steve

bolino · Mar 11, 2020, 3:06 PM

@stephenw10 ok bad news : it works on U70 (mine ) : strange U30 and U70 no share the same hardware ( entry level both )

stephenw10 · Jul 14, 2022, 2:35 PM

Yup, same on the u250s I have. The Atheros AR8328 in the u30s doesn't have a console at all though. It's something more often found in SOHO routers. If I was doing it I was try with OpenWRT as I suggested. They do have support for that in their switch framework.

Steve

tedd · Jul 14, 2022, 2:35 PM

@stephenw10
The main issue is to configure the switch Atheros AR8328 somehow .
Will the idea of openwrt is to configure the switch and then move back to pfsense work?
Steve suggested to configure via MDC/MDIO bus ! But how? Can someone help?
Thank you in advance.

stephenw10 · Jul 14, 2022, 6:04 PM

That probably won't work. When you reboot between OpenWRT and pfSense the switch should be reset by the BIOS. For that not to happen would be a security issue in the original application.

It looks like the em NICs attach OK with the switch on the PHY side which igb might not.

Has anyone just tried running OpenWRT on it directly yet? That needs to happen first to confirm what we are guessing is actually how it's connected.

Steve

tedd · Jul 15, 2022, 9:24 AM

@stephenw10
Good to hear that someone is still following this project.
From my experience with other Stormshield and Netasq appliances the UART once written into it, the configuration remains.
For instance, I have done configurations on one SN250 using opensense , then changed the to Pfsense using another HD . I did not have to access the serial and change anything.
So what I mean , if there is a way to write the configuration to the switch the rest will be fluid.
I have failed so far to make this work on SN200 and SN150 (Not even able to make it boot) . Anything above 250 In Netasq and Stormshield worked fine.
Even on Arkoon I made it work.

stephenw10 · Jul 15, 2022, 11:31 AM

Well try it and see if you have the hardware. The most difficult part of that is probably going to be setting up dual booting with OpenWRT and pfSense. I'm not sure I've ever seen anyone do that.