Problem with VLAN and Metro Ethernet
-
OK, so I am brand new to pfsense. Love it so far. We had a dedicated fiber line (metro ethernet) put in at our office. We were using a sonic wall, but I could not get it to work correctly.
The ISP has provided me a customer and ISP IP address.
The ISP has also provided be with a VLAN of 151 and another set of IP addresses for the VLAN.After reading up, I understand how it is supposed to work. I set up the WAN interface and LAN interface respectively. I created a VLAN of 151 and assigned that to my WAN interface. Then created the virtual IP's for the network attached to the VLAN.
Pow, it all works correctly and as expected. I get internet access to the box I have connected to the LAN side and it is running good and fast.
I put the pfsense box into production and set up all my firewall rules. All is still good.
Everything works good, but the system log will periodically show the apinger reporting that the gateway (ISP IP address) is not reachable. This will knock the connection down anywhere from 30 seconds to 3 or 4 minutes. Then it will come back up.
To me this sounded like either a cabling problem or something with the pfsense box.
I ran a brand new cable and put the ends on myself, so I know the cable is all good. I connected the cable straight to a workstation and set up the VLAN on the workstation and it ran for hours without issues of any drops (I wrote a custom ping application myself to monitor and it works fine from the workstation).
I connect it back to pfsense and sure enough, at least once or twice an hour I get the 30 second to 3 or 4 minute drop. Very annoying to employees and the people using our internet sites.
Can someone please help me with this? I have read stuff about changing the modes on the network cards or possible running tcdump (which I am not sure what that is).
One other note, I am a windows guy, so the more stuff I can do on the web interface as opposed to command line the better.
-
tcpdump is a command-line utility for capturing traffic, similar to wireshark on Windows. But this is pfsense, so you don't need to go to the command line, you can just browse to Diagnostics: Packet capture and get the information you're looking for. If you run it during a dropout then you may be able to find the cause of it.
-
what does "Media" on that NIC show under Status>Interfaces? Did your provider say you need to force speed and duplex on that interface?
-
The interface shows 1000baseT <full duplex="">.
Not sure if ISP forces it. I know it is a gigabit connection we are connecting to, but it is only a 10 meg line. I don't have an option to change the media on the interface. autoselect is the only one available.</full>
-
Also, if I remove the VLAN and then set the interface to anything other than autoselect and add the VLAN back then I get no internet access at all.
The only combination that seems to work with media is autoselect.
-
bump
-
bump
-
The rules here say wait at least 24 hours to bump your post. creating noise isn't helping your cause.
Coming up as 1000 full seems sane. You don't have an option to change the media because you're looking at the VLAN not the parent.