Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ATT Internet AIr

    Scheduled Pinned Locked Moved General pfSense Questions
    290 Posts 5 Posters 75.0k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      ahole4sure @stephenw10
      last edited by

      @stephenw10 @Gblenn

      Just want to thank you guys again!! I'm not sure if this will convince you of how many stupid things can happen or if it helps you or others in any way lol

      So it had not ocurred to me that 2 identical modems would not work the same way OR that one could have something wrong (or be provisioned wrong).

      I did as @Gblenn suggested and I tried modem #1 on the VLAN interface --- just unpluged from the physical WAN interface and plugged into the VLAN switch port ... viola - worked exactly as it was supposed to !!

      So I started looking at modem #2 device info etc etc. What found was that it must not be provisioned fullly - it works if I leave it on the non static IP APN (that's the way ATT gives me the static IP, is by giving me a custom APN that is apparently provisoned to that IMEI only), but if I switch to the other APN - it switches to the static IP properly but does not give DHCP info even to my PC
      Then I noticed in the device info page of the 2 devices that the working one has a phone number while the non-working modem does not -- bottom - line . Modem #2 is not provisioned (or at least the account) properly and should be able to be fixed once my business rep gets back from Thanksgiving holiday.

      As far as not being able to reach modem #2 web interface - I coulldn't understand why , after using the non static IP APN that allowed for the dhcpc to work , .... then realized that I created the VIP but not for the modem 2 interface. The VIP I created was for the otehr interface.Image 11-27-24 at 5.27 PM.jpeg Image 11-27-24 at 5.29 PM.jpeg

      1 Reply Last reply Reply Quote 1
      • A Offline
        ahole4sure @stephenw10
        last edited by

        @stephenw10 @Gblenn

        The weirdness still continues
        Even though I thought I had things working correctly the dynamic ipv4 gateway would go offline and I couldn't get it to come back on
        (admitedly all this might be the provisioning issue)

        BUT -- I can get the ipv4 gateway to come online by enabling the dynamic ipv6 for the interface
        when I enable that - it immediately makes the ipv4 gateway come online!!

        I know so little about ipv6 --- does any of that sound familiar to anyone?Image 11-27-24 at 6.11 PM.jpeg Image 11-27-24 at 6.12 PM.jpeg Image 11-27-24 at 6.15 PM.jpeg

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          You can't put those two VIPs on different interfaces because they are both using the same subnet.

          You will need to change the management IP for one of the modems so it's in a different subnet,

          A 1 Reply Last reply Reply Quote 0
          • A Offline
            ahole4sure @stephenw10
            last edited by

            @stephenw10

            Ok. I know there are lots of variables in this messed up case, but I originally had modem #2 setup on 192.168.3.1 and it didn’t work
            That’s why I switched
            But I guess I shouldn’t have same subnet VIPs on different interfaces??

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Indeed you can't have the same subnet on more than one interface. Especially because the gateway for one of them is in that subnet. You have a routing conflict which is probably why it stopped responding.

              1 Reply Last reply Reply Quote 0
              • A Offline
                ahole4sure
                last edited by

                @stephenw10 @stephenw10
                Well I spoke too soon -- even modem #1 (with the presumed correct ATT provisioning ) finally started disconnecting ...

                When I watch the modem dashboard screen (and even the ethernet lights) it appears the ethernet connection intermittently disconnectsand reconnects
                And YES I was able to get into the modem interface (with appropriate creation of VIP) and set the MAC address to the pfsense interface. And I even "blocked" (on the ATT modem ethernet interface) the MAC address of the switch VLAN port.

                So my question for you guys -- have I done everything that I can do -- any other VLAN settings to change or try?
                And if I have my options are to :

                1. do as @Gblenn suggested and just modify my setup so that my pfsense has only my various LAN subnets connected via VLAN and connect the ATT modem directly to the pfsense

                or

                1. assuming I haven't done something wrong and others on the internet who have connected a WAN through VLAN succesfully -- then return my ATT modem and buy a cellular modem gateway that will work correctly with VLAN (and utilize ATT). If I go that route - any suggestions on device?

                I am attaching my VLAN settings one more time to be sure I haven't overlooked something
                where VLAN ID 10 was my modem

                Screenshot 2024-11-28 131159.png Screenshot 2024-11-28 130951.png

                G 1 Reply Last reply Reply Quote 0
                • G Offline
                  Gblenn @ahole4sure
                  last edited by

                  @ahole4sure said in ATT Internet AIr:

                  even modem #1 (with the presumed correct ATT provisioning ) finally started disconnecting ...

                  That is wierd, so when it's connected directly to the pfsense interface, it is stable and "just works"? But when connected via the TPLink, it disconnects... and reconnects?

                  Does it at least maintain the MAC and provide that intermittent connection only towards pfsense now? Anything in the TPLink switch that can give an indication, like stats (bad packets etc)? Does the port light turn off when the link is down?

                  I'm starting to think it could be a cable issue perhaps?

                  A 1 Reply Last reply Reply Quote 0
                  • A Offline
                    ahole4sure @Gblenn
                    last edited by

                    @Gblenn

                    Regarding cable

                    Tried 3 different ones
                    And all three pass cable tester

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      Hard to imagine the VLAN itself could be an issue. I would try to remove VLAN 1 from the interface connected to the modem. The switch admin interface is the only thing that could be interacting with the modem. Everything else is just forwarding packets.

                      I assume the switch interface is set statically? If it's set as dhcp that could be a problem.

                      A 1 Reply Last reply Reply Quote 0
                      • A Offline
                        ahole4sure @stephenw10
                        last edited by

                        @stephenw10 @Gblenn

                        So I changed all cables
                        No change
                        Currently if I connect eitehr ATT modem through port 2 of the switch with port 1 connected to the pfsense igb3 port - I get this cycling over 1 to 10 seconds fo connected (varies between 1 and 2 devices - when 2 devices connected shows on the ATT modem it reports the MAC of the pfsense port and the switch), and disconnected (see photos of the ATT device - those photos are about 5 sec apart)

                        I made changes in the switch to get rid of any members to the default VLAN (VLAN 1).

                        I ordered 2 new switch from. Amazon - a netgear and a different one to see if it has to do with the switch

                        IMG_0276.jpg IMG_0277.jpg Image 11-29-24 at 8.35 AM.jpeg Image 11-29-24 at 8.36 AM.jpeg Image 11-29-24 at 8.39 AM.jpeg

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          Port 1 should not have pvid 10. You don't want untagged traffic there ending up at the modem. Though there shouldn't be any untagged traffic arriving at port1.

                          A 1 Reply Last reply Reply Quote 0
                          • A Offline
                            ahole4sure @stephenw10
                            last edited by

                            @stephenw10

                            Would there be anything else to explore , that would make the device intermittently connect and disconnect from the Ethernet??

                            Ordered new switches to trial that

                            Could it be anything in pfsense that would cause that?

                            And I guess it could be the ATT modem, but both modem # 1 and 2 do it so it would have to be a widespread issue

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              Hard to imagine it could be the switch.

                              Just to confirm though the switch admin interface itself is configured using a static IP address?
                              If that is set to DHCP it could be leaking requests out of VLAN10 causing problems.

                              A 1 Reply Last reply Reply Quote 0
                              • A Offline
                                ahole4sure @stephenw10
                                last edited by

                                @stephenw10

                                Yes, sorry I meant to send screenshot
                                It is static

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Offline
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Hmm, well hard to say what's happening then. Is there any logging in the modem showing what the second client is?

                                  G 1 Reply Last reply Reply Quote 0
                                  • G Offline
                                    Gblenn @stephenw10
                                    last edited by

                                    I'm pretty sure it's the TPLink switch showing up as the second client...

                                    @stephenw10 said in ATT Internet AIr:

                                    Just to confirm though the switch admin interface itself is configured using a static IP address?
                                    If that is set to DHCP it could be leaking requests out of VLAN10 causing problems.

                                    I remember having an issue with a TPLink switch of similar type (TL1016D). It was changing it's management IP over to one of my VLAN's, intermittently. But I'm afraid I can't remember now how I resolved it...

                                    A 1 Reply Last reply Reply Quote 0
                                    • A Offline
                                      ahole4sure @Gblenn
                                      last edited by

                                      @Gblenn @stephenw10

                                      THIS has been an ordeal from hell .....

                                      So for sure things have been better with a Linksys Smartswitch - GS105E-200NAS
                                      However, the MAIN issue has been finding out that the second modem of the 2 that I received from ATT was not configured properly - that is one of the reasons that the gateway kept going offline.

                                      ATT is working on confiuguring modem #2
                                      With modem #1 I have succesfully gotten the DHCP for the ATT wan to go to the public IP address !

                                      The questions -- do my VLAN settings look correct?

                                      Also if I configure the ATT modem as a failover and then fail my fiber modem (by disconnecting it)
                                      My LAN internet (delivered mostly by Eero wireless) was not existent until I created a rule for the ATT modem to beable to access any source and any destination? Is that acceptable?
                                      The network seemed a bit squirrely but I wasn't sure if I needed any other settings like - should I normally be able to get by with "auto-created" Outbound NAT? Or do I need to have my Outbound rules in hybrod mode? They are a MESS currently from pst attempts to "fix" problems!

                                      Last question - after I reconnect my fiber modem - it took like 5 mintues or longer for my LAN (and wireless) internet to come back up properly suing my fiber ---- it seemed like it was stuck in some sort of limbo land trying to convert back to fiber from the ATT backup. Wasn't sure how to troubleshoot that - or do you have suggestions?

                                      THANK YOU GUYS AGAIN!!!Screenshot 2024-12-03 175712.png Screenshot 2024-12-03 175628.png Screenshot 2024-12-03 175537.png Screenshot 2024-12-03 175330.png

                                      IMG_0298.jpeg IMG_0303.jpeg IMG_0302.jpeg Screenshot 2024-12-03 180437.png Screenshot 2024-12-03 180422.png Screenshot 2024-12-03 180403.png

                                      G 2 Replies Last reply Reply Quote 0
                                      • G Offline
                                        Gblenn @ahole4sure
                                        last edited by Gblenn

                                        Sounds like it may have been the modem and not the switch? Once you get it working, I'd change back to the TPLink switch to see if it is also ok, which I suspect it is. I use TPLink Omada switches but have one older switch with the same interface as yours, and it's been really stable. I think the one thing that I had to do was to set it's management IP manually so it wouldn't pick up an IP from one of the VLAN's. I also have that 5-port Netgear switch and I had some problems with it where I had to restart it now and then because the UI didn't work. It was switching traffic and VLAN's worked fine but for some reason the web interface locked up.

                                        @ahole4sure said in ATT Internet AIr:

                                        The questions -- do my VLAN settings look correct?

                                        I think they do, for the most part, except that ID 1 (default) should not be changed from the std setting (untagged). It looks like you changed it to tagged on port 1? The only time you make changes involving ID 1 is when you want to exclude it from one of the ports. Like when you connect your NAS or other servers to a port in order to isolate them from the rest of the networks.

                                        During testing it could be a good idea to keep one of the other ports at default setting so you have an alternative port to access the UI...

                                        Also if I configure the ATT modem as a failover and then fail my fiber modem (by disconnecting it)
                                        My LAN internet (delivered mostly by Eero wireless) was not existent until I created a rule for the ATT modem to beable to access any source and any destination? Is that acceptable?

                                        Check your rules on your default LAN, the one at the bottom, that is your default any source to any network rule. Remember, this sits below any other blocking or routing rules, and is Internal to External. You want any devices on your LAN to be able to access the world, and that includes everything. So each VLAN needs to have that rule at the bottom. But in order to really isolate a VLAN from the rest of your networks, you have to add Blocking rules above that. One rule per the other networks that you want to block access to. So on VLAN 10 you will have a Block rule with source Any and destination VLAN 20. Another one with dest VLAN 30 and of course your LAN. On the LAN network you do want to be able to access the VLAN's I suppose, since you want to reach your NAS and whatever servers or devices you have. So typically no blocking access to the VLAN's.

                                        The network seemed a bit squirrely but I wasn't sure if I needed any other settings like - should I normally be able to get by with "auto-created" Outbound NAT? Or do I need to have my Outbound rules in hybrod mode? They are a MESS currently from pst attempts to "fix" problems!

                                        You should be able to keep your outbound rules to Auto, and not mess with hybrid and adding rules manually there.

                                        Last question - after I reconnect my fiber modem - it took like 5 mintues or longer for my LAN (and wireless) internet to come back up properly suing my fiber ---- it seemed like it was stuck in some sort of limbo land trying to convert back to fiber from the ATT backup. Wasn't sure how to troubleshoot that - or do you have suggestions?

                                        When you unplug your fiber, you should notice a short interruption. Like if you are on a Teams call, it will freeze for a few (7-10 seconds) and then get back up again when it has switched over to the failover connection.
                                        When you reattach the fiber you should not notice anything. The default setting (I think) is not to flush states, which means that connections remain on the failover gateway until you close them. So your Teams meeting will continue on the failover gateway until you close the meeting. Only when you start a new meeting, will it end up on the fiber again. You can change this so pfsense will Kill states also at recovery, which means that you will get that short interruption and reconnect when you recover from a failover.

                                        The time it takes depends on your settings under Routing where you define the "decision criteria" for switching between gateways. Packet loss or member down for example as well as the threshold numbers.

                                        THANK YOU GUYS AGAIN!!!

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S Offline
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          That looks correct. What firewall rule did you have to add though?

                                          I wouldn't expect any firewall rule to be needed. Nor any outbound NAT rules as long as outbound NAT is still in auto or hybrid mode. The new WAN is DHCP so they will be added automatically.

                                          G 1 Reply Last reply Reply Quote 0
                                          • G Offline
                                            Gblenn @stephenw10
                                            last edited by

                                            @stephenw10 said in ATT Internet AIr:

                                            I wouldn't expect any firewall rule to be needed.

                                            I'm not sure the any to any rule is actually created automatically when you create a VLAN?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.