PfSense - Watchguard x700 - Cisco Switch



  • Hi everyone…

    I have a pfSense setup which I have been working on and getting ready to go to production...
    I setup the Watchguard X700 fine at my lab using a 10/100/1000 Dlink switch for testing and the Wan is connected to my wireless in front of cable modem. (lab setup)

    Cable Modem - Wireless Router - X700Wan port(dhcp) - Lan Port(static with dhcp scope) to Dlink - Lan subnet 192.168.111.1

    When I try and use a test Cisco 3750 switch instead of Dlink in the lab the x700 Lan Port will not connect and sit there and LED Port Blink at me...
    I have defaulted the 3750 Cisco switch - write erase - and still no joy...
    The production environment does not work either with a Cisco SR224G switch yet works fine with the existing Watchguard 6...

    Straight setup:
    No Vlans
    re0 - Wan - dhcp
    re1 - Lan - 192.168.111.1 - which plugs into switch
    re2 - GuestWireless - 192.168.222.1 (working fine)
    This setup will work connected to DSL or Cable modem using the dLink consumer switch on the Lan...

    Production Network:
    The real killer is the old 10 license Watchguard 6 firebox will work with the Cisco Sr224g switch fine in the production lan!
    On the Lan Subnet 192.168.111.1 the Watchguard 6 works with the Cisco SR224g and passes DHCP.
    The Watchguard x700 just sits and blinks at me connected to the Sr224g Cisco in the production lan. (same with 3750 in lab)
    I have set Lan port to auto off default setting - no joy. I have not tried setting half / full / speed 10/100 etc.

    Any clue what I have to do or where to start with the cisco switch?
    The SR224g does not have a console port but I think I can manage it using the Cisco Config Pro.

    Thank you...

    H.



  • Does the switch port lid led if you connect pc straight to that port? if not, you may have port in shutdown or it's broken



  • Hi Metu…

    Yes, will try a "no shut" on the interface - this is on the lab 3750...

    Just got back from the production environment and everything is working except DHCP on the Lan.
    I can see the hosts in the logs
    DHCPDISCOVERY
    DHCP OFFER

    Then the host/client will just sit there and no DHCP gets passed.

    This all works with the dlink router in the lab so I am at a loss as to why the DHCP is not working with the customers Cisco unmanaged switch.
    The LAN subnet is static and the scope in pfsense is setup to address that segment...

    The only other thing I can see is there is a "No Lockout Rule" on the LAN Subnet with ports 25, 80 and 443. I did not setup this rule and think pfsense sets this up. The second rule is "any-any" on the Lan Subnet... Perhaps the first rule is giving me heartburn but I ran out of time as I had limited time today to work on this and had to put everything back for Monday.

    Thanks for the reply....

    H.



  • If that switch is unmanaged and youre having multiple vlan's? How many vlan's you're sharing to that unmanaged switch?



  • no vlans
    x700 Watchguard - pfSense 2.0
    Wan - Port 1
    Lan - Port 2
    GuestWireless - Port 3

    H.


  • Netgate Administrator

    Hmm, that's odd. So dhcp offers from pfSense are not being correctly distibuted through Cisco switches but do through others. Also DHCP works correctly through the Cisco equipment using a different dhcp server?

    I can't believe that pfSense dhcpd differs much from other routers.

    Steve



  • use portfast command on access interfaces


  • Netgate Administrator

    @Metu69salemi:

    use portfast command on access interfaces

    Nice answer!  :)
    Looks promising.

    Steve



  • Did it help? ;)



  • Sorry - I took a break - but this looks promising…
    I can do that in the lab on the 3750.... and see if this works...
    I forgot about portfast....

    Thanks for the reply and I will try this later and update...
    It still does'nt make sense on the unmanaged cisco/linksys but i will try on the 3750 and see if this makes a difference... This will shed some light on this.
    The 3750 was defaulted with write erase and works like a regular switch.

    Thanks for the reply...

    H.



  • Hi…

    int fa/1/0/1
    spanning-tree portfast
    No Joy Yet...
    Port is not trunked either...

    We have all our templates at work and copying these into our production switches...
    I took a lot for granted as our production engineers work the templates - It still is not working...
    I will have to break out my CCNA books and start working this.

    I can plug into my cable modem and plug my pc in and the 3750 switch and it will work.
    With the Watchguard x700 pfsense plugged into the 3750 all that happens is the port light on the WG blinks at me..... (ack)
    ( setting up this box has been a learning process ! ) :)



  • Were you using vlans in that port? If not then portfast is good.



  • Hi…

    Update - no vlans...
    The issue is hardware related.
    I put the hard drive in my second x700 and all is well.
    I plugged into the 3750 Cisco switch and all is well...
    When looking at the serial interface you could see the port shutting off and back on in the console.
    My other x700 does not have this symptom and works just fine in the 3750 Cisco switch...
    (head banging has stopped - thank you!)

    Thank you all for your suggestions as I just had to keep at this until the solution finally decided to show itself.

    Best Regards;

    H.


  • Netgate Administrator

    Seems unusual.  ???

    So did you try all 6 ports? Seems unlikely to have all 6 with the same fault. Did you check the jumpers that disable the ports? I guess it couldn't be disabled since it worked when connected directly.  :-\

    Steve



  • Hi Steve…

    I am pulling the Kingston memory and my guess there is something going on there. This x700 also has an upgraded used pIII processor so I may even have to look at that and put the OEM celeron back in if the symptom does not stop with the memory.

    I am building a drive copy off the working x700 and will retest this x700 again with the OEM memory to see if that changes anything.

    No, the symptom is not on all ports... And somehow this was all working on the dlink switch prior to this "On off" issue... which was really confusing. I thought this box was completed and went to the customers business to install and then the fun began. It would not pass DHCP on his unmanged Cisco switch. Since bringing the box back to my lab it is getting worse so will have to test the OEM mem and processor to see if this clears up.

    When you see this port issue happen there is no link light on the Cisco 3750 switch port and in the serial console you can see the port going up on down on the x700 re1. It started acting up and then with no link light and then shutting off and on.

    I moved this hard drive to my second x700 and it runs fine when installed.
    My guess is the memory. Will update later.
    Thx...

    H.


Locked