TippingPoint X506 Hardware



  • Posting some pictures of the inside of a TippingPoint.  I removed the heatsinks and applied new thermal paste.  The old paste was dried up.  Now to see if it will boot.


  • Netgate Administrator

    A number of interesting looking chips there.  :)
    No idividual NICs by the looks of it so possibly a switch chip or an ASIC (more of a problem).

    Edit: The claimed performance looks to be in line with just using the Celeron raw though.

    What are the Broadcom and Nat. Semi. chips opposite the miniPCI slot?

    Steve



  • @stephenw10:

    What the Broadcom and Nat. Semi. chips opposite the miniPCI slot?

    Steve

    Ill snap closeups for you.  Check back in a few.




  • Netgate Administrator

    Ah, OK.
    The National Semiconductor chip apperas to be a NIC. The DP83816 should be supported by the FreeBSD sis(4) driver.

    The Broadcom bcm5812kfb is a crypto accelerator chip. Possibly supported by the ubsec(4) driver? (it's not specifically mentioned). It's not necessary to run but would be nice.

    Be interesting to know what's under the other heatsink but you can read it from the logs easily enough.

    The other intersting thing is the BIOS rom, possibly the chip next to the smsc superio chip labelled 'General' something. Not a standard bios which is probably not a good sign.
    Edit: Looks like it's a 'General Software' embedded bios which were quite popular and there is a lot of info available so maybe all is not lost.  :)

    Does it boot a CF card with a Nano image on it? It wouldn't surprise me to find it only boots signed images.  :-\

    Steve


  • Netgate Administrator

    Looks like the Watchguard V60 box had a General Software BIOS, though probably an earlier version. On that box you could access the bios using Ctl-C via the serial console.

    https://forum.pfsense.org/index.php?topic=67300.0

    Steve



  • Booting [/boot/kernel/kernel]...
    Copyright (c) 1992-2012 The FreeBSD Project.
    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
            The Regents of the University of California. All rights reserved.
    FreeBSD is a registered trademark of The FreeBSD Foundation.
    FreeBSD 8.3-RELEASE-p11 #0: Wed Sep 11 18:43:07 EDT 2013
        root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386
    Timecounter "i8254" frequency 1193182 Hz quality 0
    CPU: Intel(R) Celeron(R) M processor         1.50GHz (1497.45-MHz 686-class CPU)
      Origin = "GenuineIntel"  Id = 0x6d8  Family = 6  Model = d  Stepping = 8
      Features=0xafe9f9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,tm,pbe>AMD Features=0x100000 <nx>real memory  = 1065353216 (1016 MB)
    avail memory = 1019756544 (972 MB)
    ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    module_register_init: MOD_LOAD (ipw_bss_fw, 0xc07330f0, 0) error 1
    ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0733190, 0) error 1
    ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0733230, 0) error 1
    wlan: mac acl policy registered
    ACPI Error: A valid RSDP was not found (20101013/tbxfroot-309)
    ACPI: Table initialisation failed: AE_NOT_FOUND
    ACPI: Try disabling either ACPI or apic support.
    cryptosoft0: <software crypto="">on motherboard
    padlock0: No ACE support.
    pcib0: <host to="" pci="" bridge="">pcibus 0 on motherboard
    pci0: <pci bus="">on pcib0
    pci0: <base peripheral=""> at device 0.1 (no driver attached)
    pci0: <base peripheral=""> at device 0.3 (no driver attached)
    vgapci0: <vga-compatible display="">port 0xf800-0xf807 mem 0x80000000-0x87ffffff,0xc0000000-0xc007ffff irq 11 at device 2.0 on pci0
    uhci0: <intel 82801db="" (ich4)="" usb="" controller="" usb-a="">port 0xf400-0xf41f irq 11 at device 29.0 on pci0
    uhci0: [ITHREAD]
    usbus0: <intel 82801db="" (ich4)="" usb="" controller="" usb-a="">on uhci0
    uhci1: <intel 82801db="" (ich4)="" usb="" controller="" usb-b="">port 0xf000-0xf01f irq 10 at device 29.1 on pci0
    uhci1: [ITHREAD]
    usbus1: <intel 82801db="" (ich4)="" usb="" controller="" usb-b="">on uhci1
    uhci2: <intel 82801db="" (ich4)="" usb="" controller="" usb-c="">port 0xec00-0xec1f irq 9 at device 29.2 on pci0
    uhci2: [ITHREAD]
    usbus2: <intel 82801db="" (ich4)="" usb="" controller="" usb-c="">on uhci2
    ehci0: <intel 82801db="" l="" m="" (ich4)="" usb="" 2.0="" controller="">mem 0xc0080000-0xc00803ff irq 7 at device 29.7 on pci0
    ehci0: [ITHREAD]
    usbus3: EHCI version 1.0
    usbus3: <intel 82801db="" l="" m="" (ich4)="" usb="" 2.0="" controller="">on ehci0
    pcib1: <pci-pci bridge="">at device 30.0 on pci0
    pci1: <pci bus="">on pcib1
    sis0: <natsemi 10="" dp8381[56]="" 100basetx="">port 0xcc00-0xccff mem 0xc0100000-0xc0100fff irq 11 at device 1.0 on pci1
    sis0: Silicon Revision: DP83816A
    miibus0: <mii bus="">on sis0
    nsphyter0: <dp83815 10="" 100="" media="" interface="">PHY 0 on miibus0
    nsphyter0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    sis0: [ITHREAD]
    ubsec0 mem 0xc0110000-0xc011ffff irq 10 at device 2.0 on pci1
    ubsec0: [ITHREAD]
    ubsec0: Broadcom 5823
    isab0: <pci-isa bridge="">at device 31.0 on pci0
    isa0: <isa bus="">on isab0
    atapci0: <intel ich4="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd800-0xd80f mem 0xc0080400-0xc00807ff irq 9 at device 31.1 on pci0
    ata0: <ata channel="">at channel 0 on atapci0
    ata0: [ITHREAD]
    ata1: <ata channel="">at channel 1 on atapci0
    ata1: [ITHREAD]
    pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
    cpu0 on motherboard
    atrtc0: <at real="" time="" clock="">at port 0x70 irq 8 on isa0
    ppc0: <parallel port="">at port 0x378-0x37f irq 7 on isa0
    ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
    ppc0: [ITHREAD]
    ppbus0: <parallel port="" bus="">on ppc0
    ppi0: <parallel i="" o="">on ppbus0
    uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
    uart0: [FILTER]
    uart0: console (9600,n,8,1)
    uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
    uart1: [FILTER]
    Timecounter "TSC" frequency 1497449541 Hz quality 800
    Timecounters tick every 10.000 msec
    IPsec: Initialized Security Association Processing.
    usbus0: 12Mbps Full Speed USB v1.0
    usbus1: 12Mbps Full Speed USB v1.0
    ugen0.1: <intel>at usbus0
    uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0
    ugen1.1: <intel>at usbus1
    uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus1
    usbus2: 12Mbps Full Speed USB v1.0
    usbus3: 480Mbps High Speed USB v2.0
    ugen2.1: <intel>at usbus2
    uhub2: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus2
    ugen3.1: <intel>at usbus3
    uhub3: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus3
    uhub0: 2 ports with 2 removable, self powered
    uhub1: 2 ports with 2 removable, self powered
    uhub2: 2 ports with 2 removable, self powered
    ad0: 3906MB <hms360404d5cf00 dn4eca2a="">at ata0-master UDMA33
    uhub3: 6 ports with 6 removable, self powered
    Trying to mount root from ufs:/dev/ad2s1a
    ROOT MOUNT ERROR:
    If you have invalid mount options, reboot, and first try the following from
    the loader prompt:
    
         set vfs.root.mountfrom.options=rw
    
    and then remove invalid mount options from /etc/fstab.
    
    Loader variables:
    vfs.root.mountfrom=ufs:/dev/ad2s1a
    vfs.root.mountfrom.options=rw
    
    Manual root filesystem specification:
      <fstype>:<device>Mount <device>using filesystem <fstype>eg. ufs:/dev/da0s1a
                           eg. cd9660:/dev/acd0
                           This is equivalent to: mount -t cd9660 /dev/acd0 /
    
      ?                  List valid disk boot devices
      <empty line="">Abort manual input
    
    mountroot>
    ø\
    panic: Root mount failed, startup aborted.
    cpuid = 0
    Uptime: 45s
    Cannot dump. Device not defined or unavailable.
    Automatic reboot in 15 seconds - press a key on the console to abort
    Rebooting...</empty></fstype></device></device></fstype></hms360404d5cf00></intel></intel></intel></intel></intel></intel></intel></intel></parallel></parallel></parallel></at></serial></ata></ata></intel></isa></pci-isa></dp83815></mii></natsemi></pci></pci-pci></intel></intel></intel></intel></intel></intel></intel></intel></vga-compatible></pci></host></software></nx></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,tm,pbe> 
    


  • @stephenw10:

    On that bios you could access the bios using Ctl-C via the serial console.

    Steve

    
                     +---------------------------------------------+
                     |              Enter password:                |
                     +---------------------------------------------+
    
    

  • Netgate Administrator

    Awesome! Shame the bios is locked but never mind if it boot's OK. Could always try extracting the bios and looking for likely passwords later.

    Is that booting the standard NanoBSD image? Strange that it's looking for root on ad2.  :-
    Edit: Or is it a standard install with embedded kernel?

    Anyway it's actually ad0, the primary master, so at the mount root prompt enter:

    ufs:/dev/ad0s1a
    

    It should then boot.

    I only see one NIC detected, sis0. I wonder how it's connected to the others ports? VLANs via a switch chip perhaps, SOHO router style.

    ubsec is loaded, nice.

    Steve



  • I pulled a 4gig microdrive from another system that has a full install on it.

    mountroot> ufs:/dev/ad0s1a
    Trying to mount root from ufs:/dev/ad0s1a
    WARNING: / was not properly dismounted
    Configuring crash dumps...
    No suitable dump device was found.
    Mounting filesystems...
    ZFS NOTICE: Prefetch is disabled by default on i386 -- to enable,
                add "vfs.zfs.prefetch_disable=0" to /boot/loader.conf.
    ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior.
                 Consider tuning vm.kmem_size and vm.kmem_size_max
                 in /boot/loader.conf.
    ZFS filesystem version 5
    ZFS storage pool version 28
    mount: /dev/ad0s1a R/W mount of / denied. Filesystem is not clean - run fsck.: Operation not permitted
    ** /dev/ad0s1a
    ** Last Mounted on /
    ** Root file system
    ** Phase 1 - Check Blocks and Sizes
    INCORRECT BLOCK COUNT I=188460 (4 should be 0)
    CORRECT? yes
    
    ** Phase 2 - Check Pathnames
    ** Phase 3 - Check Connectivity
    ** Phase 4 - Check Reference Counts
    UNREF FILE I=188422  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188423  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188424  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188425  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188426  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188442  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188443  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188444  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188445  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188446  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188447  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188448  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188449  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188450  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE I=188451  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 13 23:48 2014
    CLEAR? yes
    
    UNREF FILE  I=188544  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 19 19:05 2014
    RECONNECT? yes
    
    NO lost+found DIRECTORY
    CREATE? yes
    
    UNREF FILE  I=188545  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 19 19:05 2014
    RECONNECT? yes
    
    UNREF FILE  I=188546  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 19 19:05 2014
    RECONNECT? yes
    
    UNREF FILE  I=188547  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 19 19:05 2014
    RECONNECT? yes
    
    UNREF FILE  I=188548  OWNER=root MODE=100644
    SIZE=0 MTIME=Feb 19 19:05 2014
    RECONNECT? yes
    
    LINK COUNT FILE I=235668  OWNER=dhcpd MODE=100644
    SIZE=673 MTIME=Feb 15 22:33 2014  COUNT 2 SHOULD BE 1
    ADJUST? yes
    
    ** Phase 5 - Check Cyl groups
    FREE BLK COUNT(S) WRONG IN SUPERBLK
    SALVAGE? yes
    
    SUMMARY INFORMATION BAD
    SALVAGE? yes
    
    BLK(S) MISSING IN BIT MAPS
    SALVAGE? yes
    
    6209 files, 95092 used, 1333071 free (159 frags, 166614 blocks, 0.0% fragmentation)
    
    ***** FILE SYSTEM MARKED CLEAN *****
    
    ***** FILE SYSTEM WAS MODIFIED *****
    Disabling APM on /dev/ad0
    
         ___
     ___/ f \
    / p \___/ Sense
    \___/   \
        \___/
    
    Welcome to pfSense 2.1-RELEASE  ...
    
    Dump device does not exist.  Savecore not run.
    Creating symlinks......done.
    External config loader 1.0 is now starting... ad0s1b
    Launching the init system... done.
    Initializing............................. done.
    Starting device manager (devd)...done.
    Loading configuration......done.
    Warning: Configuration references interfaces that do not exist: rl0 rl3
    
    Network interface mismatch -- Running interface assignment option.
    sis0: link state changed to DOWN
    
    Valid interfaces are:
    
    sis0  ff:ff:ff:ff:ff:ff   (up) NatSemi DP8381[56] 10/100BaseTX
    
    Do you want to set up VLANs first?
    
    If you are not going to use VLANs, or only for optional interfaces, you should
    say no here and use the webConfigurator to configure VLANs later, if required.
    
    Do you want to set up VLANs now [y|n]?
    
    


  • The box isnt showing me any love when I put the pfSense-2.1-RELEASE-512mb-i386-nanobsd.img.gz image on a Transcend 4gig ultra cf card.

    Like literally no output on the serial, both 9600 and 115200.



  • After writing the pfSense-memstick-serial-2.1-RELEASE-i386.img.gz image to a usb stick and trying to boot from it, I got the following:

    TippingPoint OS, MFG version
    BSP: [t10 1.2] Bootloader: [15]
    Creation date: Jun  2 2006, 10:24:47
    
    Press any key to stop auto-boot...
     0
    auto-booting...
    
    boot device          : ata=0,0
    unit number          : 0
    processor number     : 0
    host name            : NDS
    file name            : auto
    flags (f)            : 0x0
    
    Could not initialize ATA.
    
    Error loading file: errno = 0x0.
    Can't load boot file!!
    
    

  • Netgate Administrator

    Hmm, OK.
    What baud rate do you see the locked BIOS at?

    Maybe it just can't boot that card for some reason.
    No booting from USB either. That's not surprising it would be big security risk if you could just plug in your own compromised OS and reboot the box without even opening it.

    Can you try setting up the NICs with the microdrive?
    First you need to find out if you can actually get any networkaccess at all. I aimagine it might be VLANs to whatever the chip under the heatsink is but they may require setting up via some out of band service like i2c which would be bad.

    Steve



  • @stephenw10:

    Hmm, OK.
    What baud rate do you see the locked BIOS at?

    Steve

    I can see the TippingPoint OS prompt and bios password prompt at 115200.  When the microdrive is in, I have to close putty and reopen it at 9600 in order to see the full boot.


  • Netgate Administrator

    Sometimes if you're running at 115200 the bootloader sees that as some random input when it gets to the F1 prompt and then waits for you to press return which you can't because your not actually connected.
    Try booting the CF card with putty at 9600 the whole time.
    Also if you've just changed the boot media you sometimes have to boot twice as the first boot halts with a message about hardware change. Only the case with some BIOSes and I wouldn't expect it on something designed for embedded but still…

    Steve



  • Interesting, it doesnt like my Transcend Compact Flash ULTRA 4GB Industrial.

    As soon as I imaged my microdrive with the pfSense-2.1-RELEASE-512mb-i386-nanobsd.img.gz image and popped it in, it booted right away.

    Here is a snippet from assigning vlan interfaces.

         ___
     ___/ f \
    / p \___/ Sense
    \___/   \
        \___/
    
    Welcome to pfSense 2.1-RELEASE  ...
    
    Creating symlinks......done.
    External config loader 1.0 is now starting... ad0s3
    Launching the init system... done.
    Initializing............................. done.
    Starting device manager (devd)...done.
    Loading configuration......done.
    
    Default interfaces not found -- Running interface assignment option.
    sis0: link state changed to DOWN
    
    Valid interfaces are:
    
    sis0  ff:ff:ff:ff:ff:ff   (up) NatSemi DP8381[56] 10/100BaseTX
    
    Do you want to set up VLANs first?
    
    If you are not going to use VLANs, or only for optional interfaces, you should
    say no here and use the webConfigurator to configure VLANs later, if required.
    
    Do you want to set up VLANs now [y|n]? y
    
    VLAN Capable interfaces:
    
    sis0    ff:ff:ff:ff:ff:ff   (up)
    
    Enter the parent interface name for the new VLAN (or nothing if finished): sis0
    Enter the VLAN tag (1-4094): 100
    
    VLAN Capable interfaces:
    
    sis0    ff:ff:ff:ff:ff:ff   (up)
    
    Enter the parent interface name for the new VLAN (or nothing if finished): sis0
    Enter the VLAN tag (1-4094): 200
    
    VLAN Capable interfaces:
    
    sis0    ff:ff:ff:ff:ff:ff   (up)
    
    Enter the parent interface name for the new VLAN (or nothing if finished): sis0
    Enter the VLAN tag (1-4094): 300
    
    VLAN Capable interfaces:
    
    sis0    ff:ff:ff:ff:ff:ff   (up)
    
    Enter the parent interface name for the new VLAN (or nothing if finished):
    
    VLAN interfaces:
    
    sis0_vlan100    VLAN tag 100, parent interface sis0
    sis0_vlan200    VLAN tag 200, parent interface sis0
    sis0_vlan300    VLAN tag 300, parent interface sis0
    
    *NOTE*  pfSense requires *AT LEAST* 1 assigned interface(s) to function.
            If you do not have *AT LEAST* 1 interfaces you CANNOT continue.
    
            If you do not have at least 1 *REAL* network interface card(s)
            or one interface with multiple VLANs then pfSense
            *WILL NOT* function correctly.
    
    If you do not know the names of your interfaces, you may choose to use
    auto-detection. In that case, disconnect all interfaces now before
    hitting 'a' to initiate auto detection.
    
    Enter the WAN interface name or 'a' for auto-detection: sis0_vlan100
    
    Enter the LAN interface name or 'a' for auto-detection
    NOTE: this enables full Firewalling/NAT mode.
    (or nothing if finished): sis0_vlan200
    
    Enter the Optional 1 interface name or 'a' for auto-detection
    (or nothing if finished): sis0_vlan300
    
    Enter the Optional 2 interface name or 'a' for auto-detection
    (or nothing if finished):
    
    The interfaces will be assigned as follows:
    
    WAN  -> sis0_vlan100
    LAN  -> sis0_vlan200
    OPT1 -> sis0_vlan300
    
    Do you want to proceed [y|n]?y
    
    Writing configuration...done.
    Updating configuration...done.
    Cleaning backup cache...done.
    Setting up extended sysctls...done.
    Setting timezone...done.
    Configuring loopback interface...done.
    vlan0: changing name to 'sis0_vlan100'
    
    Starting Securevlan1: changing name to 'sis0_vlan200'
     Shell Services.vlan2: changing name to 'sis0_vlan300'
    ..done.
    Setting up polling defaults...done.
    Setting up interfaces microcode...done.
    Configuring loopback interface...done.
    Creating wireless clone interfaces...done.
    Configuring LAGG interfaces...done.
    Configuring VLAN interfaces...done.
    Configuring QinQ interfaces...done.
    Configuring WAN interface...Generating new MAC address.done.
    Configuring LAN interface...done.
    Syncing OpenVPN settings...done.
    Configuring firewall......done.
    Starting PFLOG...done.
    Setting up gateway monitors...done.
    Synchronizing user settings...done.
    Starting webConfigurator...done.
    Configuring CRON...done.
    Starting DNS forwarder...done.
    Starting NTP time client...done.
    Starting DHCP service...done.
    Starting DHCPv6 service...done.
    Configuring firewall......done.
    Generating RRD graphs...done.
    Starting syslog...done.
    Starting CRON... done.
    Bootup complete
    
    FreeBSD/i386 (pfSense.localdomain) (console)
    
    *** Welcome to pfSense 2.1-RELEASE-nanobsd (i386) on pfSense ***
    
     WAN (wan)       -> sis0_vlan100 ->
     LAN (lan)       -> sis0_vlan200 -> v4: 192.168.1.1/24
     OPT1 (opt1)     -> sis0_vlan300 ->
    
     0) Logout (SSH only)                  8) Shell
     1) Assign Interfaces                  9) pfTop
     2) Set interface(s) IP address       10) Filter Logs
     3) Reset webConfigurator password    11) Restart webConfigurator
     4) Reset to factory defaults         12) pfSense Developer Shell
     5) Reboot system                     13) Upgrade from console
     6) Halt system                       14) Disable Secure Shell (sshd)
     7) Ping host                         15) Restore recent configuration
    
    Enter an option:
    
    


  • @stephenw10:

    Can you try setting up the NICs with the microdrive?
    First you need to find out if you can actually get any networkaccess at all. I aimagine it might be VLANs to whatever the chip under the heatsink is but they may require setting up via some out of band service like i2c which would be bad.

    Steve

    So even after assigning vlan's 100, 200, and 300 to the sis0 interface, no interfaces come alive when I plug in a CAT5 cable to each of the 6 jacks.



  • And here is our mystery chip under the heatsink.


  • Netgate Administrator

    Ok so as suspected a switch IC. These are normally configured via spi in soho routers but usually (often) that's only neccessary if you need to change the default config.
    You can't just assign VLANs at random. Assign the sis interface directly. Run a packet capture on it. Whilst it's running send some traffic into external switch ports. Now look at the capture to see what vlans traffic arrived on. Of course you'll have to get the capture file off the box to analyse it, or do it the hard way.  ;)

    Steve



  • @stephenw10:

    You can't just assign VLANs at random. Assign the sis interface directly.

    Steve

    I need 2 interfaces before pfsense will proceed, do I assign one generic vlan as WAN and then assign the sis0 directly to LAN?  How would you do it?


  • Netgate Administrator

    PfSense only requires 1 interface. But yes you could use one real interface and one VLAN interface.
    The other possibility is that the default config of the switch is no vlans at all, just like an unmanaged switch.

    Steve



  • I'm keeping an eye on this thread :)




  • Netgate Administrator

    Unlikely. You need some serious power for a 48 port gig switch. You're suggesting it might have an x86 backend? Maybe if it has any firewall or routing features. I doubt it though.

    Steve



  • @stephenw10:

    You're suggesting it might have an x86 backend?
    Steve

    Its a posibility…

    And that's what I'm after :)



  • @stephenw10:

    PfSense only requires 1 interface. But yes you could use one real interface and one VLAN interface.
    The other possibility is that the default config of the switch is no vlans at all, just like an unmanaged switch.

    Steve

    Ive now assigned sis0 as LAN and since it asked for WAN first, I just filled in a random vlan name.  However, nomatter what cable or port I plug into, none of the ports light up.  They dont recognize that a cat5 cable is plugged in.

    If it doesnt see that a cat5 cable is plugged in, how is a packet capture going to work?  Dont we first have to work through getting sis0 "UP"?


  • Netgate Administrator

    Ah, well that makes things a lot more complex. If the default config of the switch is no config at all, everything off, then it needs to be configured before anything will work. Yes you need to see sis0 as UP before anything else.
    Where are you reading this though, at the console I assume. What do you see from 'ifconfig -a'? If it is vlans only at sis0 then an interface set to use no tags or vlan1 might show as down. What does is show for media and status?

    Steve



  • Im doing everything from the console at this point.

    Enter an option: 1
    
    Valid interfaces are:
    
    sis0  02:63:c0:d6:7b:7e   (up) NatSemi DP8381[56] 10/100BaseTX
    
    Do you want to set up VLANs first?
    
    If you are not going to use VLANs, or only for optional interfaces, you should
    say no here and use the webConfigurator to configure VLANs later, if required.
    
    Do you want to set up VLANs now [y|n]? y
    
    WARNING: all existing VLANs will be cleared if you proceed!
    
    Do you want to proceed [y|n]?y
    
    VLAN Capable interfaces:
    
    sis0    02:63:c0:d6:7b:7e   (up)
    
    Enter the parent interface name for the new VLAN (or nothing if finished): sis0
    Enter the VLAN tag (1-4094): 1
    
    VLAN Capable interfaces:
    
    sis0    02:63:c0:d6:7b:7e   (up)
    
    Enter the parent interface name for the new VLAN (or nothing if finished):
    
    VLAN interfaces:
    
    sis0_vlan1      VLAN tag 1, parent interface sis0
    
    *NOTE*  pfSense requires *AT LEAST* 1 assigned interface(s) to function.
            If you do not have *AT LEAST* 1 interfaces you CANNOT continue.
    
            If you do not have at least 1 *REAL* network interface card(s)
            or one interface with multiple VLANs then pfSense
            *WILL NOT* function correctly.
    
    If you do not know the names of your interfaces, you may choose to use
    auto-detection. In that case, disconnect all interfaces now before
    hitting 'a' to initiate auto detection.
    
    Enter the WAN interface name or 'a' for auto-detection: sis0_vlan1
    
    Enter the LAN interface name or 'a' for auto-detection
    NOTE: this enables full Firewalling/NAT mode.
    (or nothing if finished): sis0
    
    Enter the Optional 1 interface name or 'a' for auto-detection
    (or nothing if finished):
    
    The interfaces will be assigned as follows:
    
    WAN  -> sis0_vlan1
    LAN  -> sis0
    
    Do you want to proceed [y|n]?y
    
    Writing configuration...done.
    One moment while we reload the settings... done!
    *** Welcome to pfSense 2.1-RELEASE-nanobsd (i386) on pfSense ***
    
     WAN (wan)       -> sis0_vlan1 ->
     LAN (lan)       -> sis0       -> v4: 10.0.0.169/24
    
     0) Logout (SSH only)                  8) Shell
     1) Assign Interfaces                  9) pfTop
     2) Set interface(s) IP address       10) Filter Logs
     3) Reset webConfigurator password    11) Restart webConfigurator
     4) Reset to factory defaults         12) pfSense Developer Shell
     5) Reboot system                     13) Upgrade from console
     6) Halt system                       14) Enable Secure Shell (sshd)
     7) Ping host                         15) Restore recent configuration
    
    Enter an option:
    
    
    [2.1-RELEASE][root@pfSense.localdomain]/root(1): ifconfig -a
    sis0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=83808 <vlan_mtu,wol_ucast,wol_mcast,wol_magic,linkstate>ether 02:63:c0:d6:7b:7e
            inet6 fe80::7422:d7c0:c46:842%sis0 prefixlen 64 scopeid 0x1
            inet 10.0.0.169 netmask 0xffffff00 broadcast 10.0.0.255
            nd6 options=1 <performnud>media: Ethernet autoselect (none)
            status: no carrier
    enc0: flags=0<> metric 0 mtu 1536
    pfsync0: flags=0<> metric 0 mtu 1460
            syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    pflog0: flags=100 <promisc>metric 0 mtu 33192
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
            options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
            nd6 options=3 <performnud,accept_rtadv>sis0_vlan100: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether 02:63:c0:d6:7b:7e
            inet6 fe80::7422:d7c0:c46:842%sis0_vlan100 prefixlen 64 scopeid 0x6
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none)
            status: no carrier
            vlan: 100 vlanpcp: 0 parent interface: sis0
    sis0_vlan200: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether 02:63:c0:d6:7b:7e
            inet6 fe80::7422:d7c0:c46:842%sis0_vlan200 prefixlen 64 scopeid 0x7
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none)
            status: no carrier
            vlan: 200 vlanpcp: 0 parent interface: sis0
    sis0_vlan300: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether 02:63:c0:d6:7b:7e
            inet6 fe80::7422:d7c0:c46:842%sis0_vlan300 prefixlen 64 scopeid 0x8
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none)
            status: no carrier
            vlan: 300 vlanpcp: 0 parent interface: sis0
    sis0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether 02:63:c0:d6:7b:7e
            inet6 fe80::7422:d7c0:c46:842%sis0_vlan1 prefixlen 64 scopeid 0x9
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none)
            status: no carrier
            vlan: 1 vlanpcp: 0 parent interface: sis0
    [2.1-RELEASE][root@pfSense.localdomain]/root(2):</performnud,accept_rtadv></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></performnud></vlan_mtu,wol_ucast,wol_mcast,wol_magic,linkstate></up,broadcast,running,simplex,multicast> 
    

  • Netgate Administrator

    @Sifter:

    
    sis0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=83808 <vlan_mtu,wol_ucast,wol_mcast,wol_magic,linkstate>ether 02:63:c0:d6:7b:7e
            inet6 fe80::7422:d7c0:c46:842%sis0 prefixlen 64 scopeid 0x1
            inet 10.0.0.169 netmask 0xffffff00 broadcast 10.0.0.255
            nd6 options=1 <performnud>media: Ethernet autoselect (none)
            status: no carrier</performnud></vlan_mtu,wol_ucast,wol_mcast,wol_magic,linkstate></up,broadcast,running,simplex,multicast> 
    

    Hmm, well that doesn't look good. I would expect that sis0 is always connected to the switch. The switch may have autonegotiation disabled on that port. You could try setting sis0 to 100Mbps FD and see if shows carrier. Though even if auto was disabled it should still fall back to 10Mb HD if a connection is detected.  :-\

    You might be able to port (if someone else hasn't done it already some roboswitch code from, for example, OpenWRT.

    Steve


Log in to reply