[SOLVED] I don't know how to change from RJ45 (igc1) to SFP-FO-10Gb (ix1) without breaking everything
-
Hello everyone,
I'm going round in circles with no solution. Here's the problem I'm having with my new 8200 (which is not specific to this model).
Currently, I have two RJ45 cables for my WAN (igc0) and my LAN (igc1) and a VLAN pointing to igc1.
I'd like to put a 10Gb fiber optic module on "ix1" for my LAN, but I can't, ESPECIALLY because I'd like to have a backup solution so I can go back because I don't know if the SFP FO modules and the fiber are 100% compatible (normally they are, but...).
What I'm trying to do is switch my LAN (igc0) to ix1 and use the "Activate One Time ans Reboot" function (in "Boot Environments") so that, if there's a big problem, all I have to do is "power OFF" my 8200 and then "power ON" to return (at the next boot) to a 100% functional configuration.
I'm posting a few screenshots to better explain my problem.
Thanks for your help and advice.
-
@SwissSteph I think this is the right video..it’s kinda long but they explain it well.
https://m.youtube.com/watch?v=bL3OwJh8WJ8Other options are to edit the xml file and restore, or recover from the console: https://docs.netgate.com/pfsense/en/latest/backup/restore.html#console-configuration-history
-
Thank you SteveITS for your help and the links, I'll go and check them out.
EDIT
I went to see the video (which I had already seen), it explains very well how to use boot environments, but not how to chnagement connection type (RJ45 to FO) easily. I've already tried, but so far I'm stuck with my only VLAN pointing to igc1 ... -
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
You would have to create a VLAN 200 on ix1 and reassign CAM_LAN to that also.
If I were doing this I would do from a client connected to EMERGENCY so that it doesn't get disconnected when reassigning LAN.
Steve
-
Thank you very much for these hints :-)
I still have a "sub-question", which I'm taking the liberty of asking because you're a frequent contributor to the forum with clear answers (which, even when translated into other languages, remain perfectly clear).
As I want to put my Vlan 200 on another output (igc2) and therefore on a new RJ45 cable, what should I put in the rules so that this vlan can go into LAN (where I have my UniFi_UCK_Gen2-Plus connected)?
Currently, as explained, my VLAN goes through igc1 (LAN) and everything works in my tests, but I can't get my VLAN_200 to go to LAN.
I know it's a beginner's question (I am) but I'm learning a lot thanks to the questions and answers here.
Here's what I've put as rules in a new VLAN that I've called "VLAN_200" which will be to replace my CAM_LAN, but having succeeded in one part, my cameras no longer communicate with UniFi_UCK_Gen2-Plus and I don't understand why. I managed to ping 192.168.200.1 ... but nothing behind. So I think this is a rule that's missing and maybe also in NAT / Outbound?
Your advice is most welcome, thanks again for your help.
-
You don't need rules to pass VLAN traffic on a different assigned interface. The VLAN traffic is separated to it's own interface before it hits the firewall rules.
The existing firewall rules on CAM_LAN apply to which ever interface it's assigned to. So you should need to create the new VLAN_200 interface; just re-assign CAM_LAN to igc2.200
Did you create VLAN 200 on igc2 or assign VLAN_200 to igc2 directly?
The switch will be expecting VLAN 200 tagged traffic so it should be igc2.200
Steve
-
Thank you Steve for your help.
I'm posting screenshots to better illustrate where I'm at right now.
CAM_LAN is functional, my cameras -> OK and connect well to UniFi_UCK_Gen2-Plus, but go through igc0 (which is my LAN)
What I'd like is for "VLAN_200" to pass through igc2 (i.e. a physically separate cable from another monm pfsense output).
For the time being, I haven't "broken" CAM_LAN with its 192.168.200.xxx address and I haven't yet put this same address on "VLAN_200" ... I'm preparing things according to your answers and help.
So here's the current situation on my pfsense. I'm sweating at the thought of breaking everything ....
-
I got started (thanks to "Boot Environments") with what I have ... but my cameras are no longer seen by UniFi_UCK_Gen2-Plus.
-
but
The ping on 192.168.200.1 is OK but on the IPs of my cameras, nothing :-(
-
Hmm, well I'd expect that to work so I'd look at low level issues. Is it actually in the correct port? Is the switch connected to that?
-
I've watched several of Tom Lawrence's videos, and I think I just ... except I'm not.
When my VLAN goes through my LAN interface it's OK ... when I want to go through another output of my pfsense, no.
However, Tom's video explains how to do it on an Ubiquiti, so I do as he explains by setting the port where my new cable arrives (from igc2) with the same "Vlan" tag as for the ports where the cameras are, and it doesn't work.
But without the cable from igc2, everything's OK. It's only when I want to pass my VLAN through another output that all my cameras are no longer available.
I don't know what else to do. Either I give up or I keep on digging. I have the impression that it's a parameter either in the rules or in unifi that needs to be added, but ... where?
-
view of my ubiquiti and port 13 where is the RJ45 of the igc2 port
Example of port 10 where a camera is located (which also works without this RJ45 cable)
-
I found !!!!
The problem was with the latest version of the ubiquiti interface!
Thanks to this message https://community.ui.com/questions/Can-not-deactivate-Traffic-Restriction-on-one-Port/0175f236-05a4-4a79-bfda-9348dd42f94f I deduced a possible cause.You "just" have to put the two interfaces on the same port, it looks like a bug ... because it's illogical to have to create a false VLAN just to be able to assign the right ..... days lost just for these problems.
MANY THANKS TO ALL THE USERS WHO TRIED TO HELP ME
