Getting only 80mbps on a 175mbps WAN connection
-
Yes, you can bridge a tagged VLAN interface on WAN with another interface. I think you're going to have to tag VLAN 34 out your OPT1 port because the device will be expecting VLAN 34 tagged. So you'll be bridging, for example, lan0_vlan34 with lan1_vlan34.
Hi Derelict,
Yes, that's exactly what I wanted to do…
Bridge the VLAN34 part of the WAN port with the OPT1 port (which I've renamed to BELLTV).
Unfortunately, when I go to the "Bridges" tab I only see physical interfaces, not the virtual ones with the VLAN tagged. See attached.
Is there an advanced option somewhere in pfSense to allow bridging of VLANs as well as physical interfaces? (or in this case a VLAN interface to a physical interface...)
-
Did you enable the interfaces? You don't have to set an IP.
Interfaces > (assign) Click on the VLAN interface and enable it.
-
Did you enable the interfaces? You don't have to set an IP.
Interfaces > (assign) Click on the VLAN interface and enable it.
Wow, you know your stuff!
I now have added it as an interface on its own, and enabled it, and bridged it. It sure "looks" good, but unfortunately it doesn't work. I tried connecting the OPT1 physical port directly to one of the Bell receivers, and that didn't work. So then I tried connecting it to the WAN port of the Home Hub 2000 to see if it would get a TV signal (but not an internet signal). Unfortunately, it's not getting a TV signal.
Do I have to enable/create some routes somewhere in pfSense?
–---
Other questions:
I currently have the two VLAN interfaces, the bridge interface and, the physical OPT port and the physical LAN port all enabled. Should they all be enabled? The bridged, OPT and VLAN 34 are all set to IPV4 type = None, is that right? It should just pass through VLAN 34 to the bridged port and hence the Home Hub 2000?
Thanks!
Rob
-
These are the steps I would do:
Interfaces > (assign)
Create VLAN 34 on the physical interfaces for both WAN and OPT
Create two new interfaces. pfSense will name them OPTX and OPTX+1.
Assign OPTX to VLAN 34 on WAN physical
Click on the interface, enable it and name it WAN_34 or something, no IPAssign OPTX+1 to VLAN 34 on OPT physical
Click on the interface, enable it and name it OPT_34 or something, no IPCreate a bridge. Members should be WAN_34 and OPT_34.
Then I think you have to enable the new interface BRIDGE0. Don't set an IP address.
That should be it.
ETA: net.link.bridge.pfil_member Set to 0 to disable filtering on the incoming and outgoing member interfaces. default (1) enabled, put pass any any any rules on LAN_34 and OPT_34. I don't believe you want any rules on BRIDGE0, but I'm not sure. I use switches for this stuff.
ETA2: Actually, thinking about it, I would probably:
set net.link.bridge.pfil_member to 0
set net.link.bridge.pfil_bridge to 1that should eliminate the requirement for rules on the member interfaces.
Then for good measure I would probably put a reject ip any any any on BRIDGE0.
-
These are the steps I would do:
Interfaces > (assign)
Create VLAN 34 on the physical interfaces for both WAN and OPT
Create two new interfaces. pfSense will name them OPTX and OPTX+1.
Assign OPTX to VLAN 34 on WAN physical
Click on the interface, enable it and name it WAN_34 or something, no IPAssign OPTX+1 to VLAN 34 on OPT physical
Click on the interface, enable it and name it OPT_34 or something, no IPCreate a bridge. Members should be WAN_34 and OPT_34.
Then I think you have to enable the new interface BRIDGE0. Don't set an IP address.
That should be it.
ETA: net.link.bridge.pfil_member Set to 0 to disable filtering on the incoming and outgoing member interfaces. default (1) enabled, put pass any any any rules on LAN_34 and OPT_34. I don't believe you want any rules on BRIDGE0, but I'm not sure. I use switches for this stuff.
ETA2: Actually, thinking about it, I would probably:
set net.link.bridge.pfil_member to 0
set net.link.bridge.pfil_bridge to 1that should eliminate the requirement for rules on the member interfaces.
Then for good measure I would probably put a reject ip any any any on BRIDGE0.
I did everything you mentioned, except I'm not sure where to pass those custom net parameters. I'm looking around for that. Without them, the setup is still not working unfortunately. :(
Edit: Found the settings in system tunables. Set them and still no go. Very sad! :)
Edit 2: I've attached some screenshots of my setup.
-
If you set those system tunables after you created the bridge you will to reboot for them to have any effect. (Or re-create the bridge)
Steve
-
Well, I would put something on tagged 34 on WAN and tagged 34 on OPT and be sure they can talk. Again, I'd be using a switch for this, not a pfSense bridge.
Or I'd start looking at packet captures to make sure the bridge is doing what you need and that the traffic from the unit is really on tagged 34.
-
Check your firewall logs. Do you see a load of hits on WAN_34 (or whatever you called it)?
Then run a packet capture to make sure you are seeing any VLAN34 tagged traffic.
IPTV is probably multicast or broadcast so you may need to add that capability to the bridge or add IP options to any firewall rules.
I agree though to be honest this is a waste of good firewall interfaces unless you are really planning to filter the IPTV traffic in some way. Just get a cheap managed switch and use it to separate the two VLAN connections at the ONT.
Of course you may find that the homehub won't handle the IPTV traffic at all unless it has an internet connection to pass back data (like everything you ever view! ;))
Lastly you will not be the first person out there to try this. Someone else will have done it and blogged it so it's probably more productive to research first than to experiment, even though that's the fun part.Steve
-
Looks like the homehub can run just the IPTV part without any problems:
http://blog.ngpixel.com/post/104449747538/how-to-bypass-bell-fibe-hub-and-use-your-own-router
Notice that he references VLAN36 for the IPTV though. ???Steve
-
OK some more reading:
http://www.dslreports.com/forum/r29091659-Bell-IPTV-Next-Phase
Looks like you need some 802.1p settings after all if you want to keep the APU in line.Steve
-
OK so it's confirmed that IPTV traffic is on VLAN 36. Set up a VLAN 36 interface from the ONT, and did DHCP on it (which is what the Home Hub 2000 does), and it got an IP address in the range that the Home Hub 2000 gets for IPTV, so that's working.
The question is… somehow the Home Hub 2000 uses the LAN for the set top boxes but couples the IPTV VLAN in there. I'm guessing the set top boxes use VLAN 1 (untagged) for normal IP traffic (there are apps and stuff in the STBs), and then VLAN 36 for the TV stuff.
So my question is, how do I combine the normal LAN and VLAN 36 into the LAN port and then onto my network?
I currently have it "separately" in the virtual interface, but I need to combine it somehow with the LAN which is currently working perfectly for NAT.
Yes, my goal is to completely be rid of the Home Hub 2000... I couldn't get that other configuration working.
Thanks guys,
Robert
-
How does the home hub physically talk to the STBs? Are they Ethernet? Wi-Fi? MoCA?
I'm starting to get a little lost. Maybe it's time for a summary drawing populated with what we know.
ONT ethernet (outside) interface:
TAGGED VLAN 35 INTERNET
TAGGED VLAN 36 IPTV (Must be .1p >=4 ??)HOME HUB ethernet (inside) interface:
UNTAGGED INTERNET ??
TAGGED VLAN 36 IPTV ??Do the STBs use the same VLAN as your general internet or are there three? IPTV, STB internet, and general internet?
Are we talking about this with VLAN 36 instead of 34 for IPTV?
-
Yup, we're talking that.
I have the Home Hub 2000 (made by Sagemcom) instead of the Actiontec.
From that diagram, it looks like the STBs don't use the same LAN as the rest of the network, but I remember my STB did have an IP address in the same subnet as my LAN.
I'm going to reconnect the Home Hub 2000 just to confirm that, but I'm pretty sure that's how it worked.
Is there any way to combine two VLANs together? Basically the normal LAN which gets NATed, but then I want to add the VLAN 36 from the ONT onto that. That might be a stupid question, I'm not a network expert by any means. :)
-
Is there any way to combine two VLANs together?
Combine them into what? Ethernet? Wi-Fi? MoCA? How are the STBs physically connected (for the third time?)
-
Is there any way to combine two VLANs together?
Combine them into what? Ehternet? Wi-Fi? MoCA? How are the STBs physically connected (for the third time?)
I'm sorry, you're right, I did keep asking that.
They (I actually only have one) are connected by Ethernet.
-
Two vlans are combined together on ethernet all the time with VLAN tags. It is possible for one and only one VLAN on the port to be untagged. If the pfSense interface in question was re2, you would:
Create VLAN X on re2
Assign the untagged VLAN to re2
Assign the tagged VLAN to re2_vlanXBut without knowing exactly what needs to be done it's all just a lot of guessing.
Do we know what VLAN tags are being used by the Home Hub to talk to the STBs on the private side?
Do you have a managed switch or not?
-
In one of those posts I linked to it implied that the supplied router simply bridged VLAN36 onto the LAN.
Steve
-
Two vlans are combined together on ethernet all the time with VLAN tags. It is possible for one and only one VLAN on the port to be untagged. If the pfSense interface in question was re2, you would:
Create VLAN X on re2
Assign the untagged VLAN to re2
Assign the tagged VLAN to re2_vlanXBut without knowing exactly what needs to be done it's all just a lot of guessing.
Do we know what VLAN tags are being used by the Home Hub to talk to the STBs on the private side?
Do you have a managed switch or not?
You are awesome for continuing to help me, thank you!!
So, my LAN port is re1 (that's the one where NATing occurs and gets the rest of my network out to the internet).
I have extracted VLAN 36 from re0 which is connected to the ONT, just as I have extracted VLAN 35 from re0 in order to get general internet access which works great.
So currently:
physically:
ONT (port 1) -> pfSense (re0)
pfSense (re1) -> 24-port switch (port 1)
24-port switch (port 2) -> desktop
24-port switch (port 3) -> Bell STBVLAN:
ONT (VLAN 35) -> pfSense (re0_vlan35)
ONT (VLAN 36) -> pfSense (re0_vlan36)re0_vlan35 is doing PPPoE to get a public IP and that works great. I then NAT re1 to re0_vlan35
re0_vlan36 is doing DHCP to get a private IP from Bell's data center and that is working too.I just don't know how to get that VLAN onto the re1 physical LAN and have it propagate through my switch. I also have to do QoS on it and make sure it is set to 4 somewhere…
Yes I have a fully managed switch which is currently operating in "dumb" mode except for two ports which are LAGged for a Lenovo NAS.
I don't know which VLAN tags are being sent out on the LAN by the Home Hub 2000 when it is set up as the router. I suppose I will have to connect it all together and do some packet capturing. I was just hoping to avoid that. :)
@Steve, that's exactly what I want to try. :)
-
Add a VLAN36 interface to re1.
Disable DHCP on re0_VLAN36, set it as type 'none'. The set top box needs to pull an IP from Bell not your firewall.
Make sure those sysctls are still set to remove filtering on bridge members.
Add a bridge that includes re0_VLAN36 and re1_VLAN36.Hope.
Steve
-
Add a VLAN36 interface to re1.
Disable DHCP on re0_VLAN36, set it as type 'none'. The set top box needs to pull an IP from Bell not your firewall.
Make sure those sysctls are still set to remove filtering on bridge members.
Add a bridge that includes re0_VLAN36 and re1_VLAN36.Hope.
Steve
Done (see attached). Fingers crossed. Restarting the STB now.
