TippingPoint X506 Hardware

Sifter

Posting some pictures of the inside of a TippingPoint.  I removed the heatsinks and applied new thermal paste.  The old paste was dried up.  Now to see if it will boot.

stephenw10

A number of interesting looking chips there.  :)
No idividual NICs by the looks of it so possibly a switch chip or an ASIC (more of a problem).

Edit: The claimed performance looks to be in line with just using the Celeron raw though.

What are the Broadcom and Nat. Semi. chips opposite the miniPCI slot?

Steve

Sifter

@stephenw10:

What the Broadcom and Nat. Semi. chips opposite the miniPCI slot?

Steve

Ill snap closeups for you.  Check back in a few.

Sifter

stephenw10

Ah, OK.
The National Semiconductor chip apperas to be a NIC. The DP83816 should be supported by the FreeBSD sis(4) driver.

The Broadcom bcm5812kfb is a crypto accelerator chip. Possibly supported by the ubsec(4) driver? (it's not specifically mentioned). It's not necessary to run but would be nice.

Be interesting to know what's under the other heatsink but you can read it from the logs easily enough.

The other intersting thing is the BIOS rom, possibly the chip next to the smsc superio chip labelled 'General' something. Not a standard bios which is probably not a good sign.
Edit: Looks like it's a 'General Software' embedded bios which were quite popular and there is a lot of info available so maybe all is not lost.  :)

Does it boot a CF card with a Nano image on it? It wouldn't surprise me to find it only boots signed images.  :-\

Steve

stephenw10

Looks like the Watchguard V60 box had a General Software BIOS, though probably an earlier version. On that box you could access the bios using Ctl-C via the serial console.

https://forum.pfsense.org/index.php?topic=67300.0

Steve

Sifter

Booting [/boot/kernel/kernel]...
Copyright (c) 1992-2012 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.3-RELEASE-p11 #0: Wed Sep 11 18:43:07 EDT 2013
    root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) M processor         1.50GHz (1497.45-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x6d8  Family = 6  Model = d  Stepping = 8
  Features=0xafe9f9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,tm,pbe>AMD Features=0x100000 <nx>real memory  = 1065353216 (1016 MB)
avail memory = 1019756544 (972 MB)
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xc07330f0, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0733190, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0733230, 0) error 1
wlan: mac acl policy registered
ACPI Error: A valid RSDP was not found (20101013/tbxfroot-309)
ACPI: Table initialisation failed: AE_NOT_FOUND
ACPI: Try disabling either ACPI or apic support.
cryptosoft0: <software crypto="">on motherboard
padlock0: No ACE support.
pcib0: <host to="" pci="" bridge="">pcibus 0 on motherboard
pci0: <pci bus="">on pcib0
pci0: <base peripheral=""> at device 0.1 (no driver attached)
pci0: <base peripheral=""> at device 0.3 (no driver attached)
vgapci0: <vga-compatible display="">port 0xf800-0xf807 mem 0x80000000-0x87ffffff,0xc0000000-0xc007ffff irq 11 at device 2.0 on pci0
uhci0: <intel 82801db="" (ich4)="" usb="" controller="" usb-a="">port 0xf400-0xf41f irq 11 at device 29.0 on pci0
uhci0: [ITHREAD]
usbus0: <intel 82801db="" (ich4)="" usb="" controller="" usb-a="">on uhci0
uhci1: <intel 82801db="" (ich4)="" usb="" controller="" usb-b="">port 0xf000-0xf01f irq 10 at device 29.1 on pci0
uhci1: [ITHREAD]
usbus1: <intel 82801db="" (ich4)="" usb="" controller="" usb-b="">on uhci1
uhci2: <intel 82801db="" (ich4)="" usb="" controller="" usb-c="">port 0xec00-0xec1f irq 9 at device 29.2 on pci0
uhci2: [ITHREAD]
usbus2: <intel 82801db="" (ich4)="" usb="" controller="" usb-c="">on uhci2
ehci0: <intel 82801db="" l="" m="" (ich4)="" usb="" 2.0="" controller="">mem 0xc0080000-0xc00803ff irq 7 at device 29.7 on pci0
ehci0: [ITHREAD]
usbus3: EHCI version 1.0
usbus3: <intel 82801db="" l="" m="" (ich4)="" usb="" 2.0="" controller="">on ehci0
pcib1: <pci-pci bridge="">at device 30.0 on pci0
pci1: <pci bus="">on pcib1
sis0: <natsemi 10="" dp8381[56]="" 100basetx="">port 0xcc00-0xccff mem 0xc0100000-0xc0100fff irq 11 at device 1.0 on pci1
sis0: Silicon Revision: DP83816A
miibus0: <mii bus="">on sis0
nsphyter0: <dp83815 10="" 100="" media="" interface="">PHY 0 on miibus0
nsphyter0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
sis0: [ITHREAD]
ubsec0 mem 0xc0110000-0xc011ffff irq 10 at device 2.0 on pci1
ubsec0: [ITHREAD]
ubsec0: Broadcom 5823
isab0: <pci-isa bridge="">at device 31.0 on pci0
isa0: <isa bus="">on isab0
atapci0: <intel ich4="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd800-0xd80f mem 0xc0080400-0xc00807ff irq 9 at device 31.1 on pci0
ata0: <ata channel="">at channel 0 on atapci0
ata0: [ITHREAD]
ata1: <ata channel="">at channel 1 on atapci0
ata1: [ITHREAD]
pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
cpu0 on motherboard
atrtc0: <at real="" time="" clock="">at port 0x70 irq 8 on isa0
ppc0: <parallel port="">at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
ppc0: [ITHREAD]
ppbus0: <parallel port="" bus="">on ppc0
ppi0: <parallel i="" o="">on ppbus0
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
uart0: [FILTER]
uart0: console (9600,n,8,1)
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
uart1: [FILTER]
Timecounter "TSC" frequency 1497449541 Hz quality 800
Timecounters tick every 10.000 msec
IPsec: Initialized Security Association Processing.
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 12Mbps Full Speed USB v1.0
ugen0.1: <intel>at usbus0
uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0
ugen1.1: <intel>at usbus1
uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus1
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 480Mbps High Speed USB v2.0
ugen2.1: <intel>at usbus2
uhub2: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus2
ugen3.1: <intel>at usbus3
uhub3: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus3
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
uhub2: 2 ports with 2 removable, self powered
ad0: 3906MB <hms360404d5cf00 dn4eca2a="">at ata0-master UDMA33
uhub3: 6 ports with 6 removable, self powered
Trying to mount root from ufs:/dev/ad2s1a
ROOT MOUNT ERROR:
If you have invalid mount options, reboot, and first try the following from
the loader prompt:

     set vfs.root.mountfrom.options=rw

and then remove invalid mount options from /etc/fstab.

Loader variables:
vfs.root.mountfrom=ufs:/dev/ad2s1a
vfs.root.mountfrom.options=rw

Manual root filesystem specification:
  <fstype>:<device>Mount <device>using filesystem <fstype>eg. ufs:/dev/da0s1a
                       eg. cd9660:/dev/acd0
                       This is equivalent to: mount -t cd9660 /dev/acd0 /

  ?                  List valid disk boot devices
  <empty line="">Abort manual input

mountroot>
ø\
panic: Root mount failed, startup aborted.
cpuid = 0
Uptime: 45s
Cannot dump. Device not defined or unavailable.
Automatic reboot in 15 seconds - press a key on the console to abort
Rebooting...</empty></fstype></device></device></fstype></hms360404d5cf00></intel></intel></intel></intel></intel></intel></intel></intel></parallel></parallel></parallel></at></serial></ata></ata></intel></isa></pci-isa></dp83815></mii></natsemi></pci></pci-pci></intel></intel></intel></intel></intel></intel></intel></intel></vga-compatible></pci></host></software></nx></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,tm,pbe> 

Sifter

@stephenw10:

On that bios you could access the bios using Ctl-C via the serial console.

Steve

                 +---------------------------------------------+
                 |              Enter password:                |
                 +---------------------------------------------+

stephenw10

Awesome! Shame the bios is locked but never mind if it boot's OK. Could always try extracting the bios and looking for likely passwords later.

Is that booting the standard NanoBSD image? Strange that it's looking for root on ad2.  :-
Edit: Or is it a standard install with embedded kernel?

Anyway it's actually ad0, the primary master, so at the mount root prompt enter:

ufs:/dev/ad0s1a

It should then boot.

I only see one NIC detected, sis0. I wonder how it's connected to the others ports? VLANs via a switch chip perhaps, SOHO router style.

ubsec is loaded, nice.

Steve

Sifter

I pulled a 4gig microdrive from another system that has a full install on it.

mountroot> ufs:/dev/ad0s1a
Trying to mount root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
Configuring crash dumps...
No suitable dump device was found.
Mounting filesystems...
ZFS NOTICE: Prefetch is disabled by default on i386 -- to enable,
            add "vfs.zfs.prefetch_disable=0" to /boot/loader.conf.
ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior.
             Consider tuning vm.kmem_size and vm.kmem_size_max
             in /boot/loader.conf.
ZFS filesystem version 5
ZFS storage pool version 28
mount: /dev/ad0s1a R/W mount of / denied. Filesystem is not clean - run fsck.: Operation not permitted
** /dev/ad0s1a
** Last Mounted on /
** Root file system
** Phase 1 - Check Blocks and Sizes
INCORRECT BLOCK COUNT I=188460 (4 should be 0)
CORRECT? yes

** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
UNREF FILE I=188422  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188423  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188424  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188425  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188426  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188442  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188443  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188444  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188445  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188446  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188447  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188448  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188449  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188450  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE I=188451  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 13 23:48 2014
CLEAR? yes

UNREF FILE  I=188544  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 19 19:05 2014
RECONNECT? yes

NO lost+found DIRECTORY
CREATE? yes

UNREF FILE  I=188545  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 19 19:05 2014
RECONNECT? yes

UNREF FILE  I=188546  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 19 19:05 2014
RECONNECT? yes

UNREF FILE  I=188547  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 19 19:05 2014
RECONNECT? yes

UNREF FILE  I=188548  OWNER=root MODE=100644
SIZE=0 MTIME=Feb 19 19:05 2014
RECONNECT? yes

LINK COUNT FILE I=235668  OWNER=dhcpd MODE=100644
SIZE=673 MTIME=Feb 15 22:33 2014  COUNT 2 SHOULD BE 1
ADJUST? yes

** Phase 5 - Check Cyl groups
FREE BLK COUNT(S) WRONG IN SUPERBLK
SALVAGE? yes

SUMMARY INFORMATION BAD
SALVAGE? yes

BLK(S) MISSING IN BIT MAPS
SALVAGE? yes

6209 files, 95092 used, 1333071 free (159 frags, 166614 blocks, 0.0% fragmentation)

***** FILE SYSTEM MARKED CLEAN *****

***** FILE SYSTEM WAS MODIFIED *****
Disabling APM on /dev/ad0

     ___
 ___/ f \
/ p \___/ Sense
\___/   \
    \___/

Welcome to pfSense 2.1-RELEASE  ...

Dump device does not exist.  Savecore not run.
Creating symlinks......done.
External config loader 1.0 is now starting... ad0s1b
Launching the init system... done.
Initializing............................. done.
Starting device manager (devd)...done.
Loading configuration......done.
Warning: Configuration references interfaces that do not exist: rl0 rl3

Network interface mismatch -- Running interface assignment option.
sis0: link state changed to DOWN

Valid interfaces are:

sis0  ff:ff:ff:ff:ff:ff   (up) NatSemi DP8381[56] 10/100BaseTX

Do you want to set up VLANs first?

If you are not going to use VLANs, or only for optional interfaces, you should
say no here and use the webConfigurator to configure VLANs later, if required.

Do you want to set up VLANs now [y|n]?

Sifter

The box isnt showing me any love when I put the pfSense-2.1-RELEASE-512mb-i386-nanobsd.img.gz image on a Transcend 4gig ultra cf card.

Like literally no output on the serial, both 9600 and 115200.

Sifter

After writing the pfSense-memstick-serial-2.1-RELEASE-i386.img.gz image to a usb stick and trying to boot from it, I got the following:

TippingPoint OS, MFG version
BSP: [t10 1.2] Bootloader: [15]
Creation date: Jun  2 2006, 10:24:47

Press any key to stop auto-boot...
 0
auto-booting...

boot device          : ata=0,0
unit number          : 0
processor number     : 0
host name            : NDS
file name            : auto
flags (f)            : 0x0

Could not initialize ATA.

Error loading file: errno = 0x0.
Can't load boot file!!

stephenw10

Hmm, OK.
What baud rate do you see the locked BIOS at?

Maybe it just can't boot that card for some reason.
No booting from USB either. That's not surprising it would be big security risk if you could just plug in your own compromised OS and reboot the box without even opening it.

Can you try setting up the NICs with the microdrive?
First you need to find out if you can actually get any networkaccess at all. I aimagine it might be VLANs to whatever the chip under the heatsink is but they may require setting up via some out of band service like i2c which would be bad.

Steve

Sifter

@stephenw10:

Hmm, OK.
What baud rate do you see the locked BIOS at?

Steve

I can see the TippingPoint OS prompt and bios password prompt at 115200.  When the microdrive is in, I have to close putty and reopen it at 9600 in order to see the full boot.

stephenw10

Sometimes if you're running at 115200 the bootloader sees that as some random input when it gets to the F1 prompt and then waits for you to press return which you can't because your not actually connected.
Try booting the CF card with putty at 9600 the whole time.
Also if you've just changed the boot media you sometimes have to boot twice as the first boot halts with a message about hardware change. Only the case with some BIOSes and I wouldn't expect it on something designed for embedded but still…

Steve

Sifter

Interesting, it doesnt like my Transcend Compact Flash ULTRA 4GB Industrial.

As soon as I imaged my microdrive with the pfSense-2.1-RELEASE-512mb-i386-nanobsd.img.gz image and popped it in, it booted right away.

Here is a snippet from assigning vlan interfaces.

     ___
 ___/ f \
/ p \___/ Sense
\___/   \
    \___/

Welcome to pfSense 2.1-RELEASE  ...

Creating symlinks......done.
External config loader 1.0 is now starting... ad0s3
Launching the init system... done.
Initializing............................. done.
Starting device manager (devd)...done.
Loading configuration......done.

Default interfaces not found -- Running interface assignment option.
sis0: link state changed to DOWN

Valid interfaces are:

sis0  ff:ff:ff:ff:ff:ff   (up) NatSemi DP8381[56] 10/100BaseTX

Do you want to set up VLANs first?

If you are not going to use VLANs, or only for optional interfaces, you should
say no here and use the webConfigurator to configure VLANs later, if required.

Do you want to set up VLANs now [y|n]? y

VLAN Capable interfaces:

sis0    ff:ff:ff:ff:ff:ff   (up)

Enter the parent interface name for the new VLAN (or nothing if finished): sis0
Enter the VLAN tag (1-4094): 100

VLAN Capable interfaces:

sis0    ff:ff:ff:ff:ff:ff   (up)

Enter the parent interface name for the new VLAN (or nothing if finished): sis0
Enter the VLAN tag (1-4094): 200

VLAN Capable interfaces:

sis0    ff:ff:ff:ff:ff:ff   (up)

Enter the parent interface name for the new VLAN (or nothing if finished): sis0
Enter the VLAN tag (1-4094): 300

VLAN Capable interfaces:

sis0    ff:ff:ff:ff:ff:ff   (up)

Enter the parent interface name for the new VLAN (or nothing if finished):

VLAN interfaces:

sis0_vlan100    VLAN tag 100, parent interface sis0
sis0_vlan200    VLAN tag 200, parent interface sis0
sis0_vlan300    VLAN tag 300, parent interface sis0

*NOTE*  pfSense requires *AT LEAST* 1 assigned interface(s) to function.
        If you do not have *AT LEAST* 1 interfaces you CANNOT continue.

        If you do not have at least 1 *REAL* network interface card(s)
        or one interface with multiple VLANs then pfSense
        *WILL NOT* function correctly.

If you do not know the names of your interfaces, you may choose to use
auto-detection. In that case, disconnect all interfaces now before
hitting 'a' to initiate auto detection.

Enter the WAN interface name or 'a' for auto-detection: sis0_vlan100

Enter the LAN interface name or 'a' for auto-detection
NOTE: this enables full Firewalling/NAT mode.
(or nothing if finished): sis0_vlan200

Enter the Optional 1 interface name or 'a' for auto-detection
(or nothing if finished): sis0_vlan300

Enter the Optional 2 interface name or 'a' for auto-detection
(or nothing if finished):

The interfaces will be assigned as follows:

WAN  -> sis0_vlan100
LAN  -> sis0_vlan200
OPT1 -> sis0_vlan300

Do you want to proceed [y|n]?y

Writing configuration...done.
Updating configuration...done.
Cleaning backup cache...done.
Setting up extended sysctls...done.
Setting timezone...done.
Configuring loopback interface...done.
vlan0: changing name to 'sis0_vlan100'

Starting Securevlan1: changing name to 'sis0_vlan200'
 Shell Services.vlan2: changing name to 'sis0_vlan300'
..done.
Setting up polling defaults...done.
Setting up interfaces microcode...done.
Configuring loopback interface...done.
Creating wireless clone interfaces...done.
Configuring LAGG interfaces...done.
Configuring VLAN interfaces...done.
Configuring QinQ interfaces...done.
Configuring WAN interface...Generating new MAC address.done.
Configuring LAN interface...done.
Syncing OpenVPN settings...done.
Configuring firewall......done.
Starting PFLOG...done.
Setting up gateway monitors...done.
Synchronizing user settings...done.
Starting webConfigurator...done.
Configuring CRON...done.
Starting DNS forwarder...done.
Starting NTP time client...done.
Starting DHCP service...done.
Starting DHCPv6 service...done.
Configuring firewall......done.
Generating RRD graphs...done.
Starting syslog...done.
Starting CRON... done.
Bootup complete

FreeBSD/i386 (pfSense.localdomain) (console)

*** Welcome to pfSense 2.1-RELEASE-nanobsd (i386) on pfSense ***

 WAN (wan)       -> sis0_vlan100 ->
 LAN (lan)       -> sis0_vlan200 -> v4: 192.168.1.1/24
 OPT1 (opt1)     -> sis0_vlan300 ->

 0) Logout (SSH only)                  8) Shell
 1) Assign Interfaces                  9) pfTop
 2) Set interface(s) IP address       10) Filter Logs
 3) Reset webConfigurator password    11) Restart webConfigurator
 4) Reset to factory defaults         12) pfSense Developer Shell
 5) Reboot system                     13) Upgrade from console
 6) Halt system                       14) Disable Secure Shell (sshd)
 7) Ping host                         15) Restore recent configuration

Enter an option:

Sifter

@stephenw10:

Can you try setting up the NICs with the microdrive?
First you need to find out if you can actually get any networkaccess at all. I aimagine it might be VLANs to whatever the chip under the heatsink is but they may require setting up via some out of band service like i2c which would be bad.

Steve

So even after assigning vlan's 100, 200, and 300 to the sis0 interface, no interfaces come alive when I plug in a CAT5 cable to each of the 6 jacks.

Sifter

And here is our mystery chip under the heatsink.

stephenw10

Ok so as suspected a switch IC. These are normally configured via spi in soho routers but usually (often) that's only neccessary if you need to change the default config.
You can't just assign VLANs at random. Assign the sis interface directly. Run a packet capture on it. Whilst it's running send some traffic into external switch ports. Now look at the capture to see what vlans traffic arrived on. Of course you'll have to get the capture file off the box to analyse it, or do it the hard way.  ;)

Steve

Sifter

@stephenw10:

You can't just assign VLANs at random. Assign the sis interface directly.

Steve

I need 2 interfaces before pfsense will proceed, do I assign one generic vlan as WAN and then assign the sis0 directly to LAN?  How would you do it?