WAN connection needs windows negotiation first to be full duplex
-
Hi everyone,
I am setting up a pfsense WAN link connecting to my provider's fibre GPON. I need to have the WAN port to 100mb/full duplex but it always connects at 100mb/half duplex which seriously slows my upload speed. I have set the pfsense WAN interface to force 100baseTX full duplex. Its the ISP's (singtel's elite static ip fibre) requirement to "hard code" WAN port to 100mb / full duplex. Tried all other modes, "auto-select" and "default" seems to get it to 100mb / half only.
I was checking if its the GPON problem. I plugged my windows 7 laptop straight to the GPON using the LAN port. I statically set my WAN port settings on the Local Area connection adapter.
Configuration of my win 7 connection
–-----------------
force link speed and connection: 100mbps / full duplex
ip add: x.x.x.102
mask: 255.255.255.252
gateway: x.x.x.101
DNS: 8.8.8.8I was able to get full duplex with my lappy cos i got same 20mbps upload and download speed via speedtest.net. compared to terrible <1mb upload and 20mb download speed when i was connected through half duplex. Immediately after, i unplugged my laptop and plugged connected it back to the pfsense WAN port. I was amazed to finally get the WAN port to show 100MB FULL duplex through Status -> Dashboard. But after a restart, the pfsense WAN reverted back to half duplex despite having hard-coded the WAN port to full duplex.
everytime i restart, i need to negotiate a 100mb/full connection with my lappy first before plugging into the pfsense WAN port to enable 100mb/full.
I was wondering if there is a fix? I need to install PFsense in the data centre and its not good if i have to travel there to manually set up full duplex everytime I restart the pfsense.
Here are my ifconfig output during my half and full duplex occurences:
Half duplex
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 08:2e:5f:14:28:a1
inet 42.61.22.102 netmask 0xfffffffc broadcast 42.61.22.103
inet6 fe80::a2e:5fff:fe14:28a1%em0 prefixlen 64 scopeid 0x1
nd6 options=3 <performnud,accept_rtadv>media: Ethernet 100baseTX <full-duplex>(100baseTX <half-duplex>)
status: activeFull duplex
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 08:2e:5f:14:28:a1
inet 42.61.22.102 netmask 0xfffffffc broadcast 42.61.22.103
inet6 fe80::a2e:5fff:fe14:28a1%em0 prefixlen 64 scopeid 0x1
nd6 options=3 <performnud,accept_rtadv>media: Ethernet 100baseTX <full-duplex>status: activergds,
chris</full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></half-duplex></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast> -
Hmm, this sort of thing can be tricky. All connections should be auto negotiate if you ask me but that's just my opinion. ::)
Possibly the NIC is coming up in auto negotiate mode when the box is first powered on and is then failing to connect to the PON device and falling back to half duplex. Then as pfSense boots it sets the NIC to 100Mb full duplex but, for whatever reason, the connection is not reset.
What happens if you allow the pfSense box to boot fully before you connect it?
Is it possible to make it reset the connection by disabling/re-enabling the interface from the GUI? Or by using ifconfig DOWN / UP from the CLI?
What is the exact NIC you are using for WAN? You may be able to 'hard code' it in firmware.Steve
-
Hi everyone,
I am setting up a pfsense WAN link connecting to my provider's fibre GPON. I need to have the WAN port to 100mb/full duplex but it always connects at 100mb/half duplex which seriously slows my upload speed. I have set the pfsense WAN interface to force 100baseTX full duplex. Its the ISP's (singtel's elite static ip fibre) requirement to "hard code" WAN port to 100mb / full duplex. Tried all other modes, "auto-select" and "default" seems to get it to 100mb / half only.
It's "normal" behaviour for pfSense, em(4) and the Ericsson GPON ONT provided by Singtel. You can either switch out the NIC for another like a Realtek or you can force the NIC to go 100M FD via ShellCMD on boot-up. Using ifconfig media opts to set the 100base full-duplex will work without requiring the connection to be made with a windows machine first.
AFAIK, even if the ONT is not locked to FE, it will refuse to negotiate GBe for the em(4) NICs in FreeBSD.
I've tried it before with M1 where I specifically requested the ONT unlocked and it won't do GBe FD with pfSense on the Intel NIC. Forcing the NIC to go GBe via ifconfig will bring down the carrier link.
This issue doesn't exist with the Huawei ONT. If you can request for a Huawei ONT (unlikely because this is only provided with the OpenNet based dynamic Fibre lines), it should resolve the issue.
Connecting a Windows Laptop with an Intel 82566DM works fine at GBe for the Ericsson ONT though.
-
thank you everyone for their replies.
I have tried the following:
- Hard-coded WAN interface to 100MB/ FD thru web interface. restarted the PFsense with WAN cable unplugged. waited until PFsense restarted fully before plugging in the WAN cable back to the WAN interface. Works! 100MB FD connection. But this is not what i need. cos i am installing PFsense in a data centre and I need a solution to get the WAN interface to full duplex without me being there physically.
fYI this is the ifconfig i got before i plugged in the WAN cable:
no WAN cable plugged in
–--
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 08:2e:5f:14:28:a1
inet 42.61.22.102 netmask 0xfffffffc broadcast 42.61.22.103
inet6 fe80::a2e:5fff:fe14:28a1%em0 prefixlen 64 scopeid 0x1
nd6 options=3 <performnud,accept_rtadv>media: Ethernet 100baseTX <full-duplex>(autoselect)
status: no carrier- Up and down the WAN interface thru shell
I restarted the pfsense and got half duplex. I connected thru shell. used the following commands:
ifconfig em0 down
*then after 15 secs
ifconfig em0 upstill it was 100MB / half duplex.
- i hard-coded the WAN interface with the following command thru the shell:
ifconfig em0 media 100baseTX mediaopt full-duplex
restarted and it still is half duplex. btw Do i need to save this config before i restart. like a "copy run start" on cisco CLI? cos i understand all configs done on the web interface is auto saved after being applied.
Yet to try the following:
-
use a realtek NIC
-
change GPON to huawei. which is very troublesome. given i have to make a special request to Singhell.
Hope my inputs help with providing more ideas to this!
Chris</full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>
-
- i hard-coded the WAN interface with the following command thru the shell:
ifconfig em0 media 100baseTX mediaopt full-duplex
restarted and it still is half duplex. btw Do i need to save this config before i restart. like a "copy run start" on cisco CLI? cos i understand all configs done on the web interface is auto saved after being applied.
Yet to try the following:
-
use a realtek NIC
-
change GPON to huawei. which is very troublesome. given i have to make a special request to Singhell.
Hope my inputs help with providing more ideas to this!
Chris
Yes, you need to save the ifconfig media-opts to the config file or use the Shellcmd package.
See: http://doc.pfsense.org/index.php/Executing_commands_at_boot_timeHonestly, if you already have an Intel NIC, don't bother with the Realtek. Just use the ShellCMD package or edit the config file by hand. I doubt you can get Stinktel to agree to the swap. Their customer service capabilities are horrendous. M1's NOC is much better but their arms are tied when it comes to infrastructure they lease.
- i hard-coded the WAN interface with the following command thru the shell:
-
Hard-coded WAN interface to 100MB/ FD thru web interface. restarted the PFsense with WAN cable unplugged. waited until PFsense restarted fully before plugging in the WAN cable back to the WAN interface. Works!
That's interesting. That implies my earlier guess may have been correct; the NIC comes up in auto negotiate mode and fails to negotiate before pfSense has a chance to set it to 100Mb FD.
Depending on the capabilities of your card you may be able to set it to come up in 100Mb FD by reprogramming it's eeprom with the Intel Boot Agent Utility. It's possible a utility exists for FreeBSD since they offer such good support but otherwise you'd have to boot to DOS somehow.
Edit: I can't find a FreeBSD specific utility.If you try the using shellcmd in the config file you need it to happen as early as possible to use the <earlyshellcmd>tag instead. Personally I don't think there's a chance of setting it early enough though. The negotiation will probably have happened before the pfSense box has finished counting it's RAM. :-\
Steve</earlyshellcmd>
-
It might help to disable any PXE or network boot options in the BIOS, then it may not attempt to use the card so soon and it may have a better chance of success.
Also you can try:
ifconfig em0 down; sleep 5; ifconfig em0 up
And if that successfully brings it up, put that in a shellcmd (with the full paths to the commands, of course…)
