Previously working 10G link downgraded to 1000Mb in pfSense
-
I have a 10Gb Dual LAN Base-T PCI-e Network Card, Intel X540 Controller installed in a Supermicro 1U Supermicro Firewall Router E3-1270 V3 32GB RAM.
I have an ATT ARRIS BGW320 Modem running at AT&T FIBER — INTERNET 5000 (5Gig) speeds.
I have Fiber to the Modem, a Cat7 ethernet cable going to the WAN side of the firewall. Out of the firewall I have another Cat7 cable going to a NETGEAR 12-Port 10G Multi-Gigabit Plus Switch (XS512EM). Previously this set up was working perfectly to provide 4+ Gig speeds to all computers on my network (which all have 10Gbase-t interfaces)Recently something happened and now pfSense is showing the WAN link at 1000base-t and the LAN link at 10Gbase-T. Previously both of these were showing 10Gbase-t.
My modem is in Bridge Modem, and I have verified with the Modem tools that it is working at 5G speed up and down including connecting it directly to a PC to verify speeds in the 4+gig range.I suspect that the issue is that the WAN Interface is set to 1000base-t in pfSense but I have been unable to find a way to change it back to 10Gbase-t like it used to be. I have tried setting the WAN in pfSense to 10G, but it doesn't affect the speed or the NIC settings after being saved and applied.
Is there something that I can do to get this WAN Nic back to a 10Gbase-t so I can get my speeds back (aside from getting a new Nic or doing a factory reset on pfSense)?
-
If you set the link to 10G rather than auto-select does it fail to link?
Did this happen to coincide with a upgrade? Or maybe a firmware update on the modem?
If it's trying to link at 5GbaseT that requires enabling that for autoselect in 2.7. Though I'm only aware of that on the X550.
https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#autonegotiate-non-default-speedsSteve
-
@stephenw10 As far as I can tell there was no Modem update or Server update that occurred. I did have some power outages that we pretty sudden but all my servers are on UPS so it shouldn't have had any impact.
I followed the url you provided and set the following in the Runtime Turnable: Still need to reboot to see what happened . . .
dev.ix.1.advertise_speed
0x30 -
@dfinelli Ok, that didn't seem to work but since I did it via the GUI there is nothing to check if I entered everything correctly.
I don't know how to access the CLI on this server. I have a VGA cable plugged into it so I can get to the pfSense menu.
I also don't know anything about linux but can copy past if I can find where to go. -
Enable SSH in the GUI via System > Advanced > Admin Access then connect to that.
Then you can use the command line directly to check the current sysctl value.
Or run it from Diag > Command Prompt:
sysctl dev.ix.1.advertise_speedSetting it to 0x30 would enable only 2.5G and 5G which may not be valid. Try setting 0x26 for 10G, 5G and 1G.
-
@stephenw10 Thank you for the help and education . . .
I was able to run the command: sysctl dev.ix.1.advertise_speed and it came back: dev.ix.1.advertise_speed: 7
So apparently, I am not doing something correctly.
Am I running the correct command in the correct format:
dev.ix.1.advertise_speed
0x26I set up SSH but when I try and connect with Putty, it times out.
Secure Shell
Secure Shell ServerEnable Secure Shell
SSHd Key Only
Password or Public Key
When set to Public Key Only, SSH access requires authorized keys and these keys must be configured for each user that has been granted secure shell access. If set to Require Both Password and Public Key, the SSH daemon requires both authorized keys and valid passwords to gain access. The default Password or Public Key setting allows either a valid password or a valid authorized key to login.
Allow Agent ForwardingEnables ssh-agent forwarding support.
SSH port
22
Note: Leave this blank for the default of 22.
Login Protection
Threshold
30
Block attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10.
Blocktime
120
Block attackers for initially blocktime seconds after exceeding threshold. Subsequent blocks increase by a factor of 1.5.
Attacks are unblocked at random intervals, so actual block times will be longer.
Detection time
1800
Remember potential attackers for up to detection_time seconds before resetting their score.
Pass list
192.168.10.254/32Any thoughts On what I am doing wrong?
-
At the command line you need to run
dev.ix.1.advertise_speed=0x26however it may not allow that if the NIC doesn't support 5G.Try running
ifconfig -m ix1to see what link speeds it recognises.If SSH is enabled with the default settings you should be able to connect to it with putty as long as the firewall rules allow it.
-
@stephenw10
Just to let you know, this is fixed. The gory details are below if you care to know but thank you so much for your help! Forcing the Interface to 5000base-T finally worked (I had tried that like a dozen time before).Steps:
I ran the IPconfig and as expected it does support it (it was working previously):ix1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN
options=4e138bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
capabilities=4f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
ether 00:0a:cd:44:33:a2
inet6 fe80::20a:cdff:fe44:33a2%ix1 prefixlen 64 scopeid 0x2
inet 162.198.133.120 netmask 0xfffffe00 broadcast 162.198.133.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
supported media:
media autoselect
media 5000Base-T
media 2500Base-T
media 100baseTX
media 1000baseT
media 10Gbase-T
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>I did get access with Putty and it is the same screen I have on the Monitor attached to the server.
I went to shell and ran sysctl dev.ix.1.advertise_speed=0x26 and it showed:
dev.ix.1.advertise_speed: 7 -> 38 (??)
however, running dev.ix.1.advertise_speed still comes back with (even after a reboot) dev.ix.1.advertise_speed: 7After all this I went back and switched the Interface from AutoSelect to 5000base-t as a final hail Mary and it SWITCHED....
My speeds are back to normal . . .
Since I had tried that about a dozen times previously, I can only assume that what you had me do reset something to allow the change. Now I get: dev.ix.1.advertise_speed: 32 and my speeds are back to 4000+.THANK YOU for your help. It was greatly appreciated.
-
Nice. Yes 32 decimal is 0x20 in hex so 5G only.
