Project

General

Profile

Actions

Bug #8972

closed

VLANs on LAN and no VLAN on WAN --> pfsense "crashes" respectivly not operable

Added by Peter Schovits over 5 years ago. Updated over 5 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Interfaces
Target version:
-
Start date:
09/27/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4
Affected Architecture:

Description

Maybe a bug, I don't know - found a solution too...

Hardware for pfsense (since 2.2.x):
Intel Celeron J1900 with 4 Intel Pro/1000 NICs, 8GB RAM, 32GB SSD

NIC-Configuration:
em0 = WAN
em1 = LAN
em2 = unused
em3 = unused

Both interfaces are on the same switch (Netgear GS-724Tv4) and configured with VLANs - as followed:
LAN:
VLAN 1, VLAN 6, VLAN 10 configured as tagged VLAN on the port in the switch (Netgear) and as VLAN configured in pfsense -> the interfaces are em1.1, em1.6 and em1.10

The internal port LAN in pfsense has 3 networks: LAN, DMZ and TESTLAN.

WAN:
VLAN 4, but configured in the switch (Netgear) as untagged VLAN.

The external port WAN in pfsense is only em0.

Everything worked fine until Version 2.4.3 (with a lot of packages), but what is happened in 2.4.4 - without packages, only pure 2.4.4 (upgrade and full install from USB-Image):
The WAN-interface begins to auto-negotiate with the switch every few seconds (between 3 to 5 seconds) and the pfsense WebGUI is absolutely unresponsive and a SSH-Session with putty stops after the login with a black screen. You can only use the console connected directly to the pfsense. The internet-connection is absolutely unuseable.


After a lot of hours (days) sitting and testing I found a solution (maybe a solution - I don't know):

When I also configure the WAN-Port in pfsense and the switch (Netgear) as a tagged VLAN, everything works fine!
But I think that means, that I can't connect a cable- or dsl-modem (or something else for a internet-connection) which haven't the capability to configure VLANs. I must use a switch with tagged VLAN between WAN in pfsense and the NIC of the internet-device (modem, router, etc.). Or I must use a switch on LAN which has the capability of VLAN-routing.

As I said: I don't know if this is a bug or not, maybe it is (or was) a wrong configured WAN port in the older versions of pfsense (<=2.4.4). Or it is a problem of the Intel PRO/1000 Nics in FreeBSD 11.2-RELEASEE-p3, which is used in pfsense 2.4.4 and weren't a problem in older versions of FreeBSD, which were used in older versions of pfsense.


Files

Interfaces1.jpg (85.4 KB) Interfaces1.jpg Peter Schovits, 09/28/2018 12:37 AM
Interfaces2.jpg (82.8 KB) Interfaces2.jpg Peter Schovits, 09/28/2018 12:37 AM
Actions #1

Updated by Peter Schovits over 5 years ago

Edit: Setting the network speed to a fixed value (100 half/full duplex or 1000 half/full duplex) on the ports at pfsense and/or switch (Netgear) doesn't solve the problem!

Actions #2

Updated by Jim Pingle over 5 years ago

  • Status changed from New to Not a Bug

This is most likely a hardware/chipset quirk on your environment and not a bug per se.

I run several boxes like that, with the parent NIC and tagged VLANs and they are all solid on 2.4.4

If you are interested in discussing and diagnosing the issue further, start a thread on the forum or pfSense subreddit.

Actions

Also available in: Atom PDF