Netgate 2100 - setup question
-
@netboy As soon as I did the above my Web GUI is VERY SLOW (I was trying to apply static address to certain MAC addresses). Has the port / switch configuration messed up something?
-
Yes, that's correct for the switch config.
As long as you have the mvneta1.4084 VLAN interface also configured and assigned it should work as expected.
Steve
-
@stephenw10
Get the following message:
Hmmm… can't reach this page
192.168.0.1
took too long to respond -
This is what I have
-
@netboy Definitely something is wrong... the web GUI is very slow......Any suggestions?
-
@netboy When I removed the ethernet jack from port 3 the web gui works normal. Is there something I am missing in configuring port 3?
-
@netboy What was plugged into port 3 exactly? And if it was a switch what was THAT plugged in to?
What it sounds like to me, after a quick glance over the thread, is you might have a loop going -- your main network feeding back into the new VLAN... but that's just an educated guess.
-
Yes, if you had the switch connected to ports 3 and 4.
The switch in the 2100 does not support STP to prevent that.Steve
-
@stephenw10 What is STP? Yes port 3 and port 4 are connected to "separate" unmanaged switches so that anything connected to the switch has the 172 subnet.
This was my idea right from beginning.
Are you telling me that I cannot connect any switch to port 3 and 4?
Please note that port 3 is disconnected right now and port 4 is connected to a unmanaged switch. This configuration does not choke up web GUI but once I connect port 3 to a switch the web GUI chokes up.
Kindly advice
-
@netboy said in Netgate 2100 - setup question:
What is STP?
Spanning Tree Protocol.
If you have a link from one network going into another, it cannot detect that and mitigate the cross-talk.
You can connect a switch to those ports, yes, but I was asking you what the rest of those are connected to -- is it possible that one of those switches is connected to port 1 or 2?
-
@rcoleman-netgate You are on the money!!! I had daisy chained the switch which was in port 1 and port 3 because my standby router had only one port and was waiting for 2100 to arrive. Newbie mistake!!! Thanks for pointing this out!
I have now removed the daisy chain ethernet cable connecting switches which were in port 3 and port 1.
Web gui works fine.
Thank you for baby sitting me!
-
@netboy Yeah, don't do that :) It does bad things -- as you have seen. :)
-
@rcoleman-netgate I need help in firewall rules.
I want 192.16.0.XXX subnet to go to internet and talk to 172.16.0.XXX subnet but I want to BLOCK 172.16.0.xxx to 192 subnet - 172 can talk to internet (allow). This is my existing firewall rules.
IoTP4 is 172.16.0.XXX
-
@netboy So block on LAN interface anything with a SOURCE address of IOTP4 Network. Put that above your "allow all traffic" rule
-
@rcoleman-netgate on the LAN firewall (192) BLOCK IoT (172) and this must be the FIRST rule. Have I got it right? On drop down there are two options IOTP4 address and IOTP4 net - which one to select as source
Below correct?
-
rcoleman-netgate Netgatelast edited by rcoleman-netgate Oct 30, 2022, 6:47 PM Oct 30, 2022, 6:47 PM
@netboy That will only block HTTP and HTTPS but not Ping or DNS
Set the traffic to ANY type, not TCP.
And, as I said, IOT Network, not IOT Address :)
-
@rcoleman-netgate
Is this correct? The order ok?
-
@netboy Needs to be IOTP4 Network, not address.
-
-
@netboy Should be. Plug into the IOTP4 network and try to access anything on the LAN network (pf GUI on that IP, ping, etc.)
it should block, and when you come back the
0 / 0 Bin the states column should increment.
