Duplex Problem
-
I'm running a fiber connection from the ISP which requires connecting at 100B-TX Full Duplex. However, my pfSense box (2.1.5) is only connecting at 100B-TX Half Duplex and no matter what I've tried, I can't seem to specify 100B-TX FD. While running at Half Duplex, I get download speeds of ~7Mbps and upload speeds of ~40Mbps.
ifconfig -m re0 shows me that the WAN interface is indeed capable of 100B-TX FD
I have used command prompt to execute "ifconfig re0 media 100baseTX mediaopt full-duplex" and yet when I go to Status->Interfaces the WAN (re0) shows media as 100baseTX <half-duplex>Running ifconfig gives me the info as attached. Based on that, it seems that pfSense is set to 100B-TX FD but is only connecting at Half Duplex.
Yet. . .when I take the pfSense box out of the mix and directly connect my laptop it auto-negotiates at 100B-TX Half Duplex. When I change my laptop to connect at 100B-TX Full Duplex, I get speeds of ~90Mbps up and down. So it seems that the fiber connection will, in fact, negotiate at 100B-TX FD.
I have another client using the same Fiber carrier and the Meraki MX60 I have in place there connects at 100B-TX FD just fine, when specified to do so. Everything tells me that the fiber connection is configured to want 100B-TX Full Duplex. . .and yet no matter what I do, the pfSense box doesn't want to connect at anything other than Half Duplex.
I am currently using a Realtek ethernet port built into the motherboard as the WAN interface, and an Intel Gb PCI card as the LAN interface. While it shouldn't matter (since both interfaces support 100B-TX FD), I suppose I could try switching those and see if I get a different result.
Perhaps someone can provide some guidance on why I'm having so much trouble specifying 100B-TX Full Duplex.
</half-duplex> -
Have you tried changing the NIC settings under "Interfaces->WAN->Spped and Duplex->Advanced"?
You should be able to lock the NIC at 100B-TXFD from there. I don't remember if you need a reboot after making cjanges there.Failing that,as a quick test, what happens if you put 100Mb switch in between the router and the modem?
I'm guessing the modem may not behave cleanly in an autonegotiation. While not optimum, the switch inline may at least improve performance somewhat.
-
The pull-down in Interfaces->WAN->Advanced shows as 100B-TX Full Duplex. Yet the Dashboard and Status->Interfaces show as half duplex. Speed tests corroborate half duplex. And running ifconfig as in the image I attached, if I read it right, it says that it's been told to run as FD but is actually running only half duplex.
I do have a different pfsense box I could throw in to see if it lets me force the right setting.
-
In general pfSense does a good job working with a wide variety of hardware combinations but as always there are exceptions.
It's probably a good idea to try the NIC swap then, Realtek chipset NICs have been more problematic than others while Intel based are generally better.
Barring that if you have another box (different Motherboard/NICs ?) that might also be worth a try.
I still think putting a switch inline could be worthwhile as well.
I found an older thread that may give some insight into the basic issues: https://forum.pfsense.org/index.php?topic=55791.msg298136#msg298136
-
Yep, try swapping wan and lan, use em0 to connect at 100Mb FD. A switch in line will only help if you're able to fix the port speed on it, probably a waste of a managed switch.
Steve
Edit: typo
-
Thanks Stephen. That was sort of my thought too. And I don't have a spare managed switch to throw at this. I'll try moving the WAN port to the Intel card and see what happens.
-
Some Realtek NICs just refuse to disable autonegotiation, which is exactly what you're showing there. It was configured with fixed speed and duplex, but the NIC isn't using it. Switch the NICs around as Steve noted and you'll be fine. Or if you can convince your ISP it's no longer 1995 and autonegotiation works perfectly fine 99.99999999% of the time so they should just enable it, you'll be fine with the re NIC.
-
cmb> I agree that all ISPs should set their devices to autonegotiate. But in Columbus, I have a few clients using TW Telecom fiber and in every install I've ever seen from them, their box mandates the router/firewall be hard set to 100B-TX FD. I don't know what they do nationwide, but that's my experience so far. I suppose it's worth inquiring about, but in most cases asking an ISP for changes of this sort I may as well be talking to the wall.
In this instance, I built a 2U rack-mount box which allowed me to use an Intel card. But. . . if some Realtek NICs refuse to disable autonegotiation it makes me really nervous about moving to the APU2 or APU4 - which use Realtek's 8111E. My go-to board used to be the Intel D2500CC, but with Intel exiting the motherboard business there just aren't many choices left if you want a Mini ITX board with dual Intel NICs. It makes it a lot tougher to build a small form factor box.
-
Most are willing to change the CPE to auto if you ask, I've had AT&T (fiber services) and TWTelecom do that in the past in situations with customers where we couldn't or didn't want to force it.
It's something we should be able to fix for the APU at least.
https://redmine.pfsense.org/issues/3870 -
As an update to this. . .today I switched the ports and made the Intel port the WAN and the Realtek the LAN.
The Intel autonegotiated to 100B-TX Half Duplex as expected. Figured I'd try just using the GUI to set the Intel to 100B-TX Full Duplex. And lo & behold the Intel actually set to 100B-TX FD. And speed was instantly as expected.It's bittersweet because the Intel D2500CCE was my go-to motherboard and while I can still get them I don't know how long that will be true. I wish there were more options for mITX motherboards with dual Intel NICs.
Mike Castaldi
Wild Frog Consulting -
I put my cable and dsl modems on blank, untagged vlans with my WAN ports. That might enable you to go back to the realtek and hard-set the switchport to 100-Full to the cable modem.
(Security issues aside (I'd rather have a dedicated outside switch), I do it so I can put a sniffer on the outside on a mirror port.)
