SG1100 having LAN and OPT on same Untagged Network
-
Hi, I am attempting to have the LAN port and OPT port on the SG1100 be in the same network. I have followed the steps in this documents with no luck. https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/switch-overview.html
I only have 2 devices to connect to the SG1100 so I am trying to do this without needing a switch.
-
@pmarq2008 As an alternative, you could leave the SG-1100 just the way it is, out of the box with default settings. Then setup both interfaces, and use firewall rules to pass traffic between them.
Jeff
-
That should be pretty easy. Just make the OPT port setting the same as LAN in the switch settings. So:
and:
Steve
-
@stephenw10
Hi Steve, That was my thought also however after 3 Factory defaults and following that process when I plug into the opt port I do not get an IP address. Even if i set the ip address on my adapter I can not get it to work. However if i create a new VLAN and assign it to OPT as tagged I am able to get an IP off of the Tagged VLAN.Thanks
Phil -
You set both the VLAN group members and and PVID?
If you did not change the port 1 PVID you would be able to get a tagged VLAN working but not untagged as you describe.
Steve
-
This is what i had.
-
Mmm, well that should work. Assuming something was connected to it and lined correctly when you tested.
-
Yeah I made the changes connected to the LAN port and the switch my connection to the OPT port.
-
Hmm, they are configured identically. Anything that works on LAN should also work in OPT.
I would be running a pcap on mvneta0.4091 to look for dhcp requests coming in from a device on OPT.
If there's nothing then run a pcap on mvneta0 dircerty and look for incorrectly tagged traffic.Steve
-
@stephenw10 Do you still want VLAN group #3?
I removed it in my setup.
-
@ahking19 I also disabled the OPT (mvneta0.4092) interface.
-
You don't need it, I removed it from my test too, but it doesn't hurt having it there. Only the internal port is a member.
I also disabled and removed the OPT interface in my test but again that shouldn't make any difference. With that switch config the OPT port is connected to the LAN interface.
Steve
-
I will run some captures tomorrow afternoon or over the weekend and let you know.
-
Has there been any resolution to this topic? I recently got an SG-1100 and now would like to make use of the OPT port. I followed the same steps as outlined above and cannot get the box to hand out an IP address to the attached computer. The LAN port works just fine. I deleted the in OPT interface, and the Interfaces / Switch / Ports and Interfaces / Switch / VLANs look exactly s shown above (and described in https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/switch-overview.html). I am at a loss. I'd greatly appreciate if someone could suggest what else to try. Thanks.
-
It works fine as outlined above. If you are not pulling a DHCP lease on LAN then the OPT port isn't configured correctly in the switch. How have you set it?
Steve
-
Hi @stephenw10 and @langrock ,
I never did get this to work. I know I said previously that I would get some captures however I just ran out of time on it. I got around by just purchasing a managed switch to plug into the LAN port. As stated previously I followed the Documentation 3 times with a factory default on each and no luck.Thanks
Phil -
If you have the switch setup as I showed here it should work.
-
@stephenw10 Thanks for the response. That's exactly how it looks like for me as well, but it clearly doesn't work. Maybe the hardware itself isn't working. I suppose @pmarq2008 got the OPT port to work using a different configuration. Is there a test I could perform to distinguish between a configuration and hardware problem?
-
@pmarq2008 I suppose that's a solution, albeit a somewhat dissatisfying one. In the end, all I want it have a single computer directly hooked up to LAN and a wireless AP to OPT. According to the documentation, that should be doable, but I haven't been able to get the configuration correct. I almost don't care anymore if the AP and the LAN port would be on the same subnet, but it'd be nicer if those two would be.
-
Hmm, that works fine for me when I test it. Can you PM me a status_file to review? Or open a ticket and attach it? (make it for my attention if so).
Steve
