Having Problems Setting Up VLAN's
-
Question - Reference setting up a VLAN switch to use a single port for both LAN and WAN.
How does this effect network performance? -
Without having actually set mine up that way, I'd guess about no effect at all on a typical connection where your WAN speed is a small fraction of the LAN speed. If your WAN speed and LAN speed were similar, there would be a significant impact. Queues on the switch end should keep collisions, etc to a minimum despite there being "two networks conjoined."
-
Can you do an experiment for me and tell me results? Can you do a speedtest on speedtest.net with a computer direct connect to internet and then with VLAN setup and give results including ping. I have not tested it this way ever.
-
If nobody gets you that before then, I can probably try it in late August or early September. My "Summer Maintenance Period" has been invaded by various groups using the campus (and student network) over the summer, which has screwed up my freedom to mess with things at my leisure, but I should have a small (hopefully not too small) window before school resumes.
-
haha - I'll take that as a "Try it yourself". Thats probably what all the people who answered your silly question should have said. "get to that in a month or so".
-
Looks like I spoke too soon - when I confirmed all was good last night, pings were going both ways but still couldn't access webgui or actually use pfSense as router.
Rebooted and went back to square one.
Did a little reading today on how to turn off hardware VLAN processing with the bge driver and apparently I'm not the first person to get unexpected behaviour with the bge driver and VLAN's, and hardware processing can't be turned off with this driver either.
Had enough fun and games, I'm now looking for a docking bay and intel mt 1000 quad port. I had a bad feeling about using the Broadcom NIC as I've always used Intel for pfSense in the past, now learnt another lesson to never deviate from Intel.
Edit: Forgot to mention I am aware the PCI bus will bottleneck a quad port as the 32 bit PCI bus in the docking station will be limited to about 1Gbs of throughput but that shouldn't be an issue for me as this is only going to be used at home with a 4Mbs WAN connection.
-
How fast is your internet connection?
I considered using laptops for pfsense routers in the past.
My thinking was that they have low power needs and have their own robust "ups" battery.
Solves lots of problems. Ultimately, because of limited space for add on NICs and poor compatibility I thought better of it.
I also like that by using a normal reliable cheap board that I could configure the machine to restart after power failures. -
I've only got a 4Mb connection , but I've had squid cache on a pfSense deliver over 700Megabit/second so I'm making sure to use gig Ethernet. That's why I'm not keen on the PC Card 10/100 NIC's.
I picked the Latitude is because I had it lying around for a while and it's worthless due to screen problems, missing keys on the keyboard and broken plastic panels, yet it's still a decent powerful machine that's optimised to use low power and has it's own UPS.
I could spend a little more than it will cost for the dock + pro MT on a newer latitude E Series with Intel NIC that I'm guessing would give me no headache, but I like the idea of turning something that otherwise will probably be scrapped into a very high spec router.
-
I was thinking use the Trendnet card on the WAN. WAN will not be fast enough to bother it.
That would free up your onboard network interface to use with a switch. So, you would have no bottlenecks anywhere.
However, that gives you 1 WAN / 1 LAN
Gigabit through and through between PFsense and the clients (Your built in port is GB right?)BUT - No real possibility of expanding beyond a simple 1 WAN 1 LAN and switches setup. (Unless you figure out VLAN later)
-
True, but I've just managed to set it up as desired in ESXi. Hopefully it performs well.
Bonus - hopefully I can run another VM with nagios.
-
On a Latitude D620?
I'm surprised thats enough machine to do that well. Cool. -
So you got VLANs working on the hardware using esxi? Must be a config/driver problem in pfSense then.
Running virtualised is probably a good option for your 4Mbps connection, your C2D is unlikely to run above idle almost any time.Steve
-
Spoke too soon again. Setup in ESXi worked much better, but kept getting random packet loss on the WAN side.
I'm guessing the FreeBSD bge0 driver has big problems with VLAN's and whatever ESXi uses works a little better but still not perfect.
Looks like I'll have to wait for the docking station and quad port mt.
-
You could still try disabling hardware vlan tagging. There loads of reports of NICs reporting capabilities they don't fully or correctly support. Surprised to see it from a Broadcom NIC though. I believe the command to do it would be:
ifconfig bge0 -vlanhwtagSteve
-
Thanks Steve although I read the bge driver doesn't support disabling hardware vlan.
Anyway just thought I would report back, thought I would forget about VLAN's and got a docking bay with intel MT dual port, still getting intermittent packet loss on WAN. Using ifconfig I realised the Draytek modem I had plugged straight into one of the MT ports only connected at 10Mb!
Connected them via a managed switch instead and noticed the Draytek only connected at half duplex! Locked the switch port to full duplex and it all started behaving itself.
I'm wondering if duplex mismatch was the problem all along - but I currently have run out of patience to try messing around any further. However my gut feeling is the the ESXi config was perfect but the native install may not have been working right.
I'll see if I've regained the will to mess around further next week to see if we can determine throughput with one port VLAN'ed.
-
A duplex auto-negotiation failure can cause all sorts of weird and wonderful issues. Normally it reduces throughput to a crawl though. Sounds like a promising lead. ;)
Steve
-
That seems to have done the trick except that every few days however it looses pppoe connection and fails to reconnect (normally reconnects quickly). Need to setup a syslog server to determine what's going on there.
However, I was thinking it would be nice to have a direct connection between the modem and pfSense to free up the managed switch for other purposes. Unfortunately the modem doesn't have facility to set autonegotiation/duplex so I thought I would do it on pfSense.
If I use
ifconfig em0 media 100baseTX mediaopt full-duplex
at command line and then unplug/replug the wan network lead it works, but if I follow the instructions on this page it doesn't http://doc.pfsense.org/index.php/Forcing_Interface_Speed_or_Duplex_SettingsI suspect this is because the <wan>section in my config.xml describes a pppoe interface rather than the em0 interface I am trying to configure.
I do realise the "proper" thing to do when autonegotiation fails and we can only set one device is to set half duplex on that device but forcing fdx is working fine with this equipment.
I could really do with something that will persist after reboots, but my *nix skills are very limited - I would be very grateful for any suggestions.</wan>
-
Setup another interface on em0 and set it as type 'none'. Then set the speed and duplex on that instead.
Steve
-
Perfect!
Just tried it out and rebooted and the change has stuck.
Thanks a million for all your advise :)
