Wireless Access Point (connected to pfSense) is only fast when using Double NAT?

sofakng · Nov 14, 2015, 6:55 PM

I've been troubleshooting this problem for several days now and I am completely stumped.

I have a cable modem connected directly to pfSense (dedicated hardware on SuperMicro motherboard). pfSense is then connected to a Dell PowerConnect 2420 managed switch.

My wireless access point (Apple Airport Extreme, but also tried ASUS RT-66U) is connected to the Dell switch.

When I configure the wireless access point in [Bridged] mode, I'm getting very slow speeds across my network. I'm using iperf3 from my MacBook Pro (802.11ac) to my desktop PC (wired gigabit). I also use www.speedtest.net.

However, when I enable DHCP and NAT on my wireless access point (creating a double NAT situation), my speeds are almost tripled and everything works flawless.

What's going on here? I really don't want to enable double NAT but I am completely confused…

Derelict · Nov 14, 2015, 9:14 PM

That doesn't make a lot of sense.

When in bridge mode you are using the WAN port of the AirPort Express to connect to your switch right?

Any errors on the switch port?

sofakng · Nov 16, 2015, 7:08 PM

Thanks for the reply.

I think my switch might be causing the problem. I've temporarily used a different switch and it works perfectly so it seems as though it's not related to routing or pfSense.

(If anybody is curious, I decided to purchase a Ubiquity EdgeSwitch 48 Lite so hopefully it works better than my Dell PowerConnect 2824)

mlsbraves · Nov 16, 2015, 9:04 PM

Sounds like a switch issue. Try enabling Fast Link on both ports (pfsense & AP) and see if this makes a difference. I've seen issues where DHCP is extremely slow when this feature isn't turned on which it is off by default.

sofakng · Nov 16, 2015, 9:06 PM

Thanks for the reply.

I've had the same problem with DHCP and STP/Fast Link, but I've tried it enabled and disabled but it doesn't help with this issue.

Derelict · Nov 16, 2015, 9:11 PM

That should only matter when the port is coming up. Once it's up it won't make a difference. I'd pay closer attention to ports that are hard-set to 100-full on one side and auto-neg on the other, etc.

If its a port speed/duplex problem it should show up as interface errors on one or both sides, depending on what they negotiate as.

mlsbraves · Nov 16, 2015, 9:23 PM

@sofakng:

Thanks for the reply.

I've had the same problem with DHCP and STP/Fast Link, but I've tried it enabled and disabled but it doesn't help with this issue.

Look into what Derelict suggested. Duplex mismatch can cause all sorts of connectivity issues including slow internet speeds. Do you have Dell Support with this switch? I've used their Pro-Support before and they were very helpful.

Guest · Nov 29, 2015, 2:29 AM

However, when I enable DHCP and NAT on my wireless access point (creating a double NAT
situation), my speeds are almost tripled and everything works flawless.

For sure this makes sense to me because then the both DHCP servers, one on the pfSense
and the other on the WiFi Router are separated each from another and the networks is working well.

What's going on here? I really don't want to enable double NAT but I am completely confused…

If you are setting up the WiFi Router in the so called wireless AP mode, to act only as a normal WLAN AP, you
must also turn out the DHCP server on the AP or the pfSense, or you must work it out with the DHCP relay option.
But with two DHCP servers you might be getting even this or similar trouble again and again. And if on the Switch
once more again a DHCP server or helper service is running you might be getting much more trouble that you
wont be able to get rid of this. It is the best to ensure that only one DHCP server is acting in the network or
you work it out as explained above with the DHCP relay option.