pfSense with 3 GS108T v2 Switches Question
-
I recently built a pfSense box using a HP 730t with a I350-T4 nic, and I was hoping someone could give me a bit advice if they have time, please.
Currently, I have the pfSense box using one interface for my wan (igb0) and one interface for my lan (igb1), and everything works fine using my existing Orbi RBK50 in access point mode connected to the lan (igb1). I use the built in 4 port switch on the orbi to connect to two other TP-Link dumb switches, and with that config, I am using the internet and network fine with no issues. I have created no VLANS in pfSense. I'm assuming the default VLAN 1 is being used, but I'm not certain since I don't see it under VLANs in pfSense.
All along my plan was to start using VLANS to separate my devices so I purchased 4 used GS108T v2 smart switches to allow me to create the VLANs. I updated the GS108Ts to the latest firmware successfully, and all the ports on all switches are set to Untagged VLAN1 PVID 1 on all ports as I believe this is the default mode.
Yesterday, I decided to connect my GS108T v2 switches just to use in a "dumb" mode (no created VLANS), but things didn't work out for some reason. Since all the GS108T ports are untagged, and there are no created VLANS in pfSense, I thought I could just connect the pfSense lan port to any port on the GS108T, and then from there connect any other port on that GS108T to any port on the two other GS108Ts. However, when I did this, I didn't have internet across my wired devices. It seemed to be online for just a few minutes, but then things went offline for no apparent reason. All my devices seemed to have valid lan IP addresses too. I messed around with tagging and untagging ports, but I wouldn't think I need to do that since I am not using any VLANs now other than the defaual VLAN 1. I don't know, to be honest, and I wasn't able to get it to work.
I went back to connecting the pfSense lan port to the Orbi in AP mode, with the Oribi switch connecting to 2 GS108Ts (still using untagged VLAN 1) which is working fine. Something about using the GS108T directly connected to the pfSense lan port and then connecting the GS108T to the other GS108Ts is causing the issue.
My question is, if I hook up the GS108T (all untagged VLAN 1) to the lan port on pfSense, and then hook up the other GS108Ts to the first GS108T (also all untagged using VLAN 1), do I need to do anything in PFsense to allow that to work? I would only need to tag ports if I created new VLANS such as VLAN 20, 30, etc., right?
-
@sclawrenc said in pfSense with 3 GS108T v2 Switches Question:
GS108T
What ip range is your lan (igb1)?
Your GS108T is not a dummy switch so it needs to have an IP range from the lan (igb1).
So if that is 192.168.1.100 - 120 just assign it 192.168.1.x
I usually assign something not in the dhcp range to switches/server/etc. -
@cburbs
They are set to DHCP with the default range of 192.168.1.x, and they all get IPs successfully which I verified when I updated the firmware on all of them connected through another unmanaged switch. They also were set to use the Netgear time server which worked fine. I think the issue is potentially with my Orbis causing an ARP storm when they are connected which is bringing down my network, but I haven't confirmed that yet. I will try just using the switches connected in wired mode for 10-15 minutes before I connect the Orbis in AP mode to see if things work as expected.Thanks!
-
The orb and the Switches all have DHCP turned off on them as that should all be coming from the pfsense box?
This is what mine looks like.
-
@cburbs Yes, that is correct. When the Orbis are in AP Mode, they do not route or assign IP addresses. The GS108T switches don't have the capability to assign IP addresses, and they are getting their IP addresses from the pfSense lan without any issues. I'm going to see about the Orbis in more detail.
Please see the link below where I asked another similar question to the Netgear Orbi forum a while back regarding using an XB7 for my router, and they recently confirmed the Orbis have a known issue creating an ARP storm when they first try to sync up through backhaul. If it's wireless backhaul, it doesn't cause any issues for me, but with wired backhaul, it brings networks down. Although it seems to only bring down my network when in AP Mode, I think it's also happening with the Orbis in Router Mode, but the Orbi router must be equipped to deal with it.
https://community.netgear.com/t5/Orbi/XB7-with-Orbi-RBR50-and-RBS50-in-Access-Point-Mode-Issue/m-p/2046841#M112721
Also see this other post I created in the Netgear Smart Managed forum where someone is confirming the Orbis are not handling things correctly, but no one is exactly sure why since the code is not available to review. They stated the Orbis are using STP to find the right path to wireless or wired satellites.
https://community.netgear.com/t5/Smart-Plus-and-Smart-Pro-Managed/3-GS108T-v2-Switches-Connecting-to-pfSense-Lan/m-p/2047100#M18066
Is there a way to have the pfSense system overlook these so things can recover? I might be able to make some adjustments to the switches or the pfSense system, but I'm not sure where to start.
Either way, I might just go with other APs anyway so I don't want anyone to spend much time on this unless they are interested or have something simple I can try.
Thanks again.
-
@sclawrenc said in pfSense with 3 GS108T v2 Switches Question:
GS108T
The GS108t is a managed switch so yes it can hand out IPs.
Here is the manual - https://www.downloads.netgear.com/files/GS108T_GS110TP_SWA_5Nov10.pdf
So still verify that isn't enabled as well.
Wow those Orbi's sound like a nightmare with zero input/support.
Are you going to want to do Wireless Vlans at all? If so then you will need a different wireless ap to do it. Something to think about if you want your guest network truly seperate from the rest.
-
@sclawrenc said in pfSense with 3 GS108T v2 Switches Question:
purchased 4 used GS108T v2 smart switches
You say you purchased them used. Did you maybe "reset" them to factory defaults before you started working with them? There might be old settings in there from the previous owner(s).
-
I found the issue is with the Orbis using STP by reading Flash008's post in the link below.
https://community.netgear.com/t5/Orbi/Orbi-RBK53-ethernet-backhaul-issue/td-p/1505888
I had a couple of options to address this. Either keep the switches STP off and Enable BPDU, or turn on basic STP on the switches with the ports used by the Orbis using the default priority of 32768. I went with turning on STP and setting the ports to use the default 32768 priority which seemed to have worked. Network did go down for about 30 seconds, but then it recovered without isues since.
It's definitely not the pfSense box. On another note, I will most likely tackle some Traffic Limiters next to see if I can't get an A or A+ on dslreports for bufferbloat.
Thanks again for everyone's help. I think I'm good. :)