Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - NogBadTheBad

Pages: [1] 2 3 4 5 ... 34
1
Packages / Re: LLDP daemon package
« on: Yesterday at 11:28:51 am »
Ah i was trying to figure out how you were getting the output.

[lldpcli] # show nei   
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface:    igb0, via: LLDP, RID: 1, Time: 0 day, 00:30:27
  Chassis:     
    ChassisID:    mac 60:38:e0:14:a2:b7
    SysName:      switch-1
    SysDescr:     LGS308P 8-Port Gigabit PoE+ Smart Switch
    TTL:          120
    MgmtIP:       172.16.1.2
    Capability:   Bridge, on
  Port:       
    PortID:       ifname gi1
    PortDescr:    gigabitethernet1
-------------------------------------------------------------------------------
[lldpcli] #

http://manpages.ubuntu.com/manpages/trusty/man8/lldpcli.8.html

2
Packages / Re: LLDP daemon package
« on: Yesterday at 11:05:36 am »
Normally ( I'm used to output from a Cisco ) you see the port or the MAC address :-

XXXSWHXXX003>sh lldp nei Gi1/0/3
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID
XXXWAPXXX003        Gi1/0/3        120        W               1864.72c6.1eb4

Total entries displayed: 1

XXXSWHXXX003>

XXXSWHXXX003>sh lldp nei Te1/1/3
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID
XXXSWHXXX002        Te1/1/3        120        B,R             Te1/1/5

Total entries displayed: 1

XXXSWHXXX003>

[2.4.2-RELEASE][admin@pfsense]/root: tcpdump -s0 -vv -pni igb0 ether dst 01:80:c2:00:00:0e
tcpdump: listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:13:07.582944 LLDP, length 149
   Chassis ID TLV (1), length 7
     Subtype MAC address (4): 60:38:e0:14:a2:b7
     0x0000:  0460 38e0 14a2 b7
   Port ID TLV (2), length 4
     Subtype Interface Name (5): gi1
     0x0000:  0567 6931
   Time to Live TLV (3), length 2: TTL 120s
     0x0000:  0078
   Organization specific TLV (127), length 9: OUI IEEE 802.3 Private (0x00120f)
     MAC/PHY configuration/status Subtype (1)
       autonegotiation [supported, enabled] (0x03)
       PMD autoneg capability [10BASE-T hdx, 10BASE-T fdx, 100BASE-TX hdx, 100BASE-TX fdx, 1000BASE-T fdx] (0x6c01)
       MAU type 1000BASET fdx (0x001e)
     0x0000:  0012 0f01 036c 0100 1e
   Organization specific TLV (127), length 9: OUI IEEE 802.3 Private (0x00120f)
     Link aggregation Subtype (3)
       aggregation status [supported], aggregation port ID 0
     0x0000:  0012 0f03 0100 0000 00
   Organization specific TLV (127), length 6: OUI IEEE 802.3 Private (0x00120f)
     Max frame size Subtype (4)
       MTU size 1522
     0x0000:  0012 0f04 05f2
   Port Description TLV (4), length 16: gigabitethernet1
     0x0000:  6769 6761 6269 7465 7468 6572 6e65 7431
   System Name TLV (5), length 8: switch-1
     0x0000:  7377 6974 6368 2d31
   System Description TLV (6), length 40
     LGS308P 8-Port Gigabit PoE+ Smart Switch
     0x0000:  4c47 5333 3038 5020 382d 506f 7274 2047
     0x0010:  6967 6162 6974 2050 6f45 2b20 536d 6172
     0x0020:  7420 5377 6974 6368
   System Capabilities TLV (7), length 4
     System  Capabilities [Bridge] (0x0004)
     Enabled Capabilities [Bridge] (0x0004)
     0x0000:  0004 0004
   Management Address TLV (8), length 12
     Management Address length 5, AFI IPv4 (1): 172.16.1.2
     Interface Index Interface Numbering (2): 300000
     0x0000:  0501 ac10 0102 0200 0493 e000
   Organization specific TLV (127), length 6: OUI Ethernet bridged (0x0080c2)
     Port VLAN Id Subtype (1)
       port vlan id (PVID): 4093
     0x0000:  0080 c201 0ffd
   End TLV (0), length 0
^C
1 packet captured
423 packets received by filter
0 packets dropped by kernel
[2.4.2-RELEASE][admin@pfsense]/root:



It just looked a little odd :)

3
Packages / Re: LLDP daemon package
« on: Yesterday at 10:25:11 am »
I can't see ifname anywhere, wondering if it is a script error.

/Users/andy/Downloads/packetcapture.cap 1000 total packets, 2 shown
     18 15:42:46.643407    BelkinIn_14:a2:b8     LLDP_Multicast        LLDP
163    TTL = 120 System Name = switch-1 System Description = LGS308P 8-Port Gigabit PoE+ Smart
Switch
Frame 18: 163 bytes on wire (1304 bits), 163 bytes captured (1304 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 22, 2018 15:42:46.643407000 GMT
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1519314166.643407000 seconds
    [Time delta from previous captured frame: 0.017146000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.638745000 seconds]
    Frame Number: 18
    Frame Length: 163 bytes (1304 bits)
    Capture Length: 163 bytes (1304 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:lldp]
    [Coloring Rule Name: Broadcast]
    [Coloring Rule String: eth[0] & 1]
Ethernet II, Src: BelkinIn_14:a2:b8 (60:38:e0:14:a2:b8), Dst: LLDP_Multicast
(01:80:c2:00:00:0e)
    Destination: LLDP_Multicast (01:80:c2:00:00:0e)
        Address: LLDP_Multicast (01:80:c2:00:00:0e)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: BelkinIn_14:a2:b8 (60:38:e0:14:a2:b8)
        Address: BelkinIn_14:a2:b8 (60:38:e0:14:a2:b8)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: 802.1 Link Layer Discovery Protocol (LLDP) (0x88cc)
Link Layer Discovery Protocol
    Chassis Subtype = MAC address, Id: 60:38:e0:14:a2:b7
        0000 001. .... .... = TLV Type: Chassis Id (1)
        .... ...0 0000 0111 = TLV Length: 7
        Chassis Id Subtype: MAC address (4)
        Chassis Id: BelkinIn_14:a2:b7 (60:38:e0:14:a2:b7)
    Port Subtype = Interface name, Id: gi1
        0000 010. .... .... = TLV Type: Port Id (2)
        .... ...0 0000 0100 = TLV Length: 4
        Port Id Subtype: Interface name (5)
        Port Id: gi1
    Time To Live = 120 sec
        0000 011. .... .... = TLV Type: Time to Live (3)
        .... ...0 0000 0010 = TLV Length: 2
        Seconds: 120
    IEEE 802.3 - MAC/PHY Configuration/Status
        1111 111. .... .... = TLV Type: Organization Specific (127)
        .... ...0 0000 1001 = TLV Length: 9
        Organization Unique Code: IEEE 802.3 (0x00120f)
        IEEE 802.3 Subtype: MAC/PHY Configuration/Status (0x01)
        Auto-Negotiation Support/Status: 0x03
            .... ...1 = Auto-Negotiation: Supported
            .... ..1. = Auto-Negotiation: Enabled
        PMD Auto-Negotiation Advertised Capability: 0x6c01
capable
.... .... .... ...1 = 1000BASE-T (full duplex mode): Capable
.... .... .... ..0. = 1000BASE-T (half duplex mode): Not capable
.... .... .... .0.. = 1000BASE-X (-LX, -SX, -CX full duplex mode): Not capable
.... .... .... 0... = 1000BASE-X (-LX, -SX, -CX half duplex mode): Not capable
.... .... ...0 .... = Asymmetric and Symmetric PAUSE (for full-duplex links): Not
.... .... ..0. .... = Symmetric PAUSE (for full-duplex links): Not capable
.... .... .0.. .... = Asymmetric PAUSE (for full-duplex links): Not capable
.... .... 0... .... = PAUSE (for full-duplex links): Not capable
.... ...0 .... .... = 100BASE-T2 (full duplex mode): Not capable
.... ..0. .... .... = 100BASE-T2 (half duplex mode): Not capable
.... .1.. .... .... = 100BASE-TX (full duplex mode): Capable
            .... 1... .... .... = 100BASE-TX (half duplex mode): Capable
            ...0 .... .... .... = 100BASE-T4: Not capable
            ..1. .... .... .... = 10BASE-T (full duplex mode): Capable
            .1.. .... .... .... = 10BASE-T (half duplex mode): Capable
            0... .... .... .... = Other or unknown: Not capable
        Same in inverse (wrong) bitorder
            0... .... .... .... = 1000BASE-T (full duplex mode): Not capable
            .1.. .... .... .... = 1000BASE-T (half duplex mode): Capable
            ..1. .... .... .... = 1000BASE-X (-LX, -SX, -CX full duplex mode): Capable
            ...0 .... .... .... = 1000BASE-X (-LX, -SX, -CX half duplex mode): Not capable
            .... 1... .... .... = Asymmetric and Symmetric PAUSE (for full-duplex links): Capable
            .... .1.. .... .... = Symmetric PAUSE (for full-duplex links): Capable
            .... ..0. .... .... = Asymmetric PAUSE (for full-duplex links): Not capable
            .... ...0 .... .... = PAUSE (for full-duplex links): Not capable
            .... .... 0... .... = 100BASE-T2 (full duplex mode): Not capable
            .... .... .0.. .... = 100BASE-T2 (half duplex mode): Not capable
            .... .... ..0. .... = 100BASE-TX (full duplex mode): Not capable
            .... .... ...0 .... = 100BASE-TX (half duplex mode): Not capable
            .... .... .... 0... = 100BASE-T4: Not capable
            .... .... .... .0.. = 10BASE-T (full duplex mode): Not capable
            .... .... .... ..0. = 10BASE-T (half duplex mode): Not capable
            .... .... .... ...1 = Other or unknown: Capable
        Operational MAU Type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode (0x001e)
    IEEE 802.3 - Link Aggregation
        1111 111. .... .... = TLV Type: Organization Specific (127)
        .... ...0 0000 1001 = TLV Length: 9
        Organization Unique Code: IEEE 802.3 (0x00120f)
        IEEE 802.3 Subtype: Link Aggregation (0x03)
        Aggregation Status: 0x01
            .... ...1 = Aggregation Capability: Yes
            .... ..0. = Aggregation Status: Disabled
        Aggregated Port Id: 0
    IEEE 802.3 - Maximum Frame Size
        1111 111. .... .... = TLV Type: Organization Specific (127)
        .... ...0 0000 0110 = TLV Length: 6
        Organization Unique Code: IEEE 802.3 (0x00120f)
        IEEE 802.3 Subtype: Maximum Frame Size (0x04)
        Maximum Frame Size: 1522
    Port Description = gigabitethernet1
        0000 100. .... .... = TLV Type: Port Description (4)
        .... ...0 0001 0000 = TLV Length: 16
        Port Description: gigabitethernet1
    System Name = switch-1
        0000 101. .... .... = TLV Type: System Name (5)
        .... ...0 0000 1000 = TLV Length: 8
        System Name: switch-1
    System Description = LGS308P 8-Port Gigabit PoE+ Smart Switch
        0000 110. .... .... = TLV Type: System Description (6)
        .... ...0 0010 1000 = TLV Length: 40
        System Description: LGS308P 8-Port Gigabit PoE+ Smart Switch
    Capabilities
        0000 111. .... .... = TLV Type: System Capabilities (7)
        .... ...0 0000 0100 = TLV Length: 4
        Capabilities: 0x0004
            .... .... .... ...0 = Other: Not capable
            .... .... .... ..0. = Repeater: Not capable
            .... .... .... .1.. = Bridge: Capable
            .... .... .... 0... = WLAN access point: Not capable
            .... .... ...0 .... = Router: Not capable
            .... .... ..0. .... = Telephone: Not capable
            .... .... .0.. .... = DOCSIS cable device: Not capable
            .... .... 0... .... = Station only: Not capable
        Enabled Capabilities: 0x0004
            .... .... .... ...0 = Other: Not capable
            .... .... .... ..0. = Repeater: Not capable
        .... .... .... .1.. = Bridge: Capable
        .... .... .... 0... = WLAN access point: Not capable
        .... .... ...0 .... = Router: Not capable
        .... .... ..0. .... = Telephone: Not capable
        .... .... .0.. .... = DOCSIS cable device: Not capable
        .... .... 0... .... = Station only: Not capable
Management Address
    0001 000. .... .... = TLV Type: Management Address (8)
    .... ...0 0000 1100 = TLV Length: 12
    Address String Length: 5
    Address Subtype: IPv4 (1)
    Management Address: 172.16.1.2
    Interface Subtype: ifIndex (2)
    Interface Number: 300000
    OID String Length: 0
IEEE 802.1 - Port VLAN ID
    1111 111. .... .... = TLV Type: Organization Specific (127)
    .... ...0 0000 0110 = TLV Length: 6
    Organization Unique Code: IEEE 802.1 (0x0080c2)
    IEEE 802.1 Subtype: Port VLAN ID (0x01)
    Port VLAN Identifier: 4093 (0x0ffd)
End of LLDPDU
    0000 000. .... .... = TLV Type: End of LLDPDU (0)
    .... ...0 0000 0000 = TLV Length: 0

4
Packages / Re: LLDP daemon package
« on: Yesterday at 09:47:59 am »
Looking good, one slight issue, marked in red :-

-------------------------------------------------------------------------------
Local chassis:
-------------------------------------------------------------------------------
Chassis:     
  ChassisID:    mac 00:08:a2:0a:9d:cb
  SysName:      pfsense.xxxxxxxxxx.net
  SysDescr:      FreeBSD 11.1-RELEASE-p6 FreeBSD 11.1-RELEASE-p6 #5 r313908+a5b33c9d1c4(RELENG_2_4): Tue Dec 12 13:20:18 CST 2017
  root@buildbot2.netgate.com:/xbuilder/crossbuild-242/pfSense/tmp/obj/xbuilder/crossbuild-242/pfSense/tmp/FreeBSD-src/sys/pfSense amd64
  TTL:          120
  MgmtIP:       172.16.1.1
  MgmtIP:       2a02:xxxx:xxxx:1::1
  Capability:   Bridge, off
  Capability:   Router, on
  Capability:   Wlan, off
  Capability:   Station, off
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface:    igb0, via: LLDP, RID: 1, Time: 0 day, 00:02:27
  Chassis:     
    ChassisID:    mac 60:38:e0:14:a2:b7
    SysName:      switch-1
    SysDescr:     LGS308P 8-Port Gigabit PoE+ Smart Switch
    TTL:          120
    MgmtIP:       172.16.1.2
    Capability:   Bridge, on
  Port:       
    PortID:       ifname gi1
    PortDescr:    gigabitethernet1
    MFS:          1522
    PMD autoneg:  supported: yes, enabled: yes
      Adv:          10Base-T, HD: yes, FD: yes
      Adv:          100Base-TX, HD: yes, FD: yes
      Adv:          1000Base-T, HD: no, FD: yes
      MAU oper type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode
  VLAN:         4093, pvid: yes
-------------------------------------------------------------------------------

Attached a Wireshark screenshot.

5
Packages / Re: LLDP daemon package
« on: Yesterday at 09:31:13 am »
Now showing up as a package.

lldpd provies support for the 802.1ab Link Layer Discovery Protocol (LLDP), as well as support for several proprietary discovery protocols including Cisco Discovery Protocol (CDP), Extreme Discovery Protocol (EDP), Foundry Discovery Protocol (FDP), and Nortel Discovery Protocol (NDP / SONMP).

6
Messages from the pfSense Team / Re: QNAP to add pfSense to its products
« on: February 20, 2018, 08:58:51 am »
On a serious note, if you don't have anything nice to say then it's probably better to keep it to yourself. This forum doesn't exist so you can vent.

Indeed 3 posts since July 26, 2016

Date Registered: July 26, 2016, 10:36:47 am
Local Time:February 20, 2018, 08:56:52 am
Last Active: Today at 02:23:42 pm

7
Packages / Re: Managed Switch Configuration with Avahi
« on: February 20, 2018, 02:24:18 am »
Should I add MyPrivateNet to the Avahi domain field?

No it needs to be different local is fine.

Re the packet capture, Diagnostics -> Packet Capture and select the interface you want to capture on and hit start.

You can download the packet capture and open it in wireshark.

8
Packages / Re: Managed Switch Configuration with Avahi
« on: February 19, 2018, 04:22:19 pm »
Something tells me that the multicast from the WLAN may not be making it to the LAN?  According to Ubiquiti, the Unifi AC allows broadcast from LAN to WLAN by default, but I have not found if it is true from WLAN to LAN.

Thats easy to work out do a packet capture on VLAN/subnet B, open it up in wireshark and use ip.addr >= 224.0.0.0 as a display filter or ip.addr >= 224.0.0.0  || ipv6.addr >= ff00:: if you run IPv4 & IPv6 :)

9
General Questions / Re: Setting display columns
« on: February 19, 2018, 10:29:17 am »
Think its the netstat command rather than the terminal, you can tell how many columns the terminal thinks is available via a stty -a

[2.4.2-RELEASE][admin@pfsense]/root: stty -a
speed 9600 baud; 24 rows; 132 columns;
lflags: icanon isig iexten echo echoe -echok echoke -echonl echoctl
   -echoprt -altwerase -noflsh -tostop -flusho -pendin -nokerninfo
   -extproc
iflags: -istrip icrnl -inlcr -igncr ixon -ixoff ixany imaxbel -ignbrk
   brkint -inpck -ignpar -parmrk
oflags: opost onlcr -ocrnl tab0 -onocr -onlret
cflags: cread cs8 -parenb -parodd hupcl -clocal -cstopb -crtscts -dsrflow
   -dtrflow -mdmbuf
cchars: discard = ^O; dsusp = ^Y; eof = ^D; eol = <undef>;
   eol2 = <undef>; erase = ^?; erase2 = ^H; intr = ^C; kill = ^U;
   lnext = ^V; min = 1; quit = ^\; reprint = ^R; start = ^Q;
   status = ^T; stop = ^S; susp = ^Z; time = 0; werase = ^W;
[2.4.2-RELEASE][admin@pfsenset]/root:

I default to a terminal 24 x 132, the output from stty -a changes if I resize the terminal window

Actually try a netstat -r -W, a man netstat on my Mac shows :-

"−W In certain displays, avoid truncating addresses even if this causes some fields to overflow."

10
Packages / Re: Managed Switch Configuration with Avahi
« on: February 19, 2018, 08:32:14 am »
Have a look in the firewall logs, do you see any multicast packets being blocked ?

Also there are multicast options in the UniFi software, its under wireless networks.

11
IPv6 / Re: Setup Dual Stack with NAT on v4
« on: February 19, 2018, 08:15:36 am »

12
Installation and Upgrades / Re: Can i install pfsense on a macmini
« on: February 17, 2018, 05:06:11 am »
VMware ESXi

https://www.vmware.com/products/esxi-and-esx.html

You'll need to run it as a router on a stick as there's only 1 ethernet port unless tou get a thunderbolt to ethernet adaptor, not even sure if the adaptor would be seen under the VMware hypervisor.

https://en.wikipedia.org/wiki/One-armed_router

13
General Questions / Re: Multi-Static IP configuration using bridged Hitron
« on: February 16, 2018, 10:22:00 am »
Quote
The target IP address is, I think .62.x.x.176 (at the far end of the tunnel), with the Hitron sat on .177.

What address do they give you for your default route?

When setting up a laptop plugged into one of the Hitron LAN ports to test connectivity, they suggested an IP address of 62.x.x.178, a netmask of 255.255.255.248 and a Default GW of 62.x.x.177

If you do an arp -a from the laptop does the mac address of 62.x.x.177 tie in with anything marked on the Hitron ?

15
General Questions / Re: Multi-Static IP configuration using bridged Hitron
« on: February 16, 2018, 08:49:56 am »
How is this any different from what I do on IPv6?  I get a /56 prefix from my ISP.

He's just got a single IPv4 subnet from his ISP and the /29 is allocated to his WAN interface, so there's no choice other than to NAT public to private.

Check out page 220 of the pfSense book, the Example Single IP Address 1:1 Configuration section.

Pages: [1] 2 3 4 5 ... 34