Netgate SG-1000 microFirewall

Author Topic: Proper setup of switches  (Read 489 times)

0 Members and 1 Guest are viewing this topic.

Offline kcallis

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +0/-0
    • View Profile
Proper setup of switches
« on: January 01, 2018, 07:39:18 pm »
I am using a Netgate APU with three interfaces:

WAN (re1) -- DHCP
LAN (re2) --  192.168.4.1/24
OPT (re0) --  VLAN05 (re0.5)    --> 192.168.5.1/24
                    VLAN10 (re0.10)  --> 192.168.10.1/24
                    VLAN15  (re0.15) --> 192.168.15.1/24
                    VLAN20  (re0.20) --> 192.168.20.1/24

I have used the baseline guide along with nguvu's guide to making use of the Netgear GS108E switch (although, I am actually using a Tl-Link SG108E), but somewhere I am blowing it, since after I reboot, I am not able to access any of the interfaces and I have to do a factory reset.

I have connected my LAN interface as well as my OPT interface on the switch and have set the address to 192.168.5.2 (which is my MGMT VLAN05). I also have my Ubiquiti NanoStation connected to the switch (192.168.5.5). I have tagged port 2 on the switch with my VLANS 5-20 as well as port 3 as well (which is connected to the Ubiquiti NanoStation with the VLANs configured on the NS). If I am clear then the remaining ports should be untagged. But once I reboot the APU, I am not able to connect to any port.

I have a second switch, the Netgear GS108E. I am wondering if since I have the first switch set to the 192.168.5.0/24 but I have the LAN interface, plugged into the same switch, is that what might me causing the fact that my LAN interface is conflicting with the OPT interface on the same switch? Maybe I need to plug the LAN interface into the second switch?

Any pointers would be appreciated!





« Last Edit: January 01, 2018, 07:59:00 pm by kcallis »

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10260
  • Karma: +1177/-313
    • View Profile
Re: Proper setup of switches
« Reply #1 on: January 01, 2018, 07:52:52 pm »
Well you would really have something like this:


WAN (re1) -- DHCP
LAN (re2) --  192.168.4.1/24
OPT1 (re0.5)   VLAN05 --> 192.168.5.1/24
OPT2 (re0.10)  VLAN10 --> 192.168.10.1/24
OPT3 (re0.15)  VLAN15 --> 192.168.15.1/24
OPT4 (re0.20)  VLAN20 --> 192.168.20.1/24


The switch port connected to re0 would have to have VLANs 5, 10, 15, and 20 TAGGED on that switch port.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline kcallis

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +0/-0
    • View Profile
Re: Proper setup of switches
« Reply #2 on: January 01, 2018, 08:06:44 pm »
Well you would really have something like this:


WAN (re1) -- DHCP
LAN (re2) --  192.168.4.1/24
OPT1 (re0.5)   VLAN05 --> 192.168.5.1/24
OPT2 (re0.10)  VLAN10 --> 192.168.10.1/24
OPT3 (re0.15)  VLAN15 --> 192.168.15.1/24
OPT4 (re0.20)  VLAN20 --> 192.168.20.1/24


The switch port connected to re0 would have to have VLANs 5, 10, 15, and 20 TAGGED on that switch port.

I cleaned up my original posting. I have the trunk on port 2 with all of the VLANS as well as with port 3.

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1375
  • Karma: +60/-13
    • View Profile
Re: Proper setup of switches
« Reply #3 on: January 01, 2018, 09:48:40 pm »
Quote
(although, I am actually using a Tl-Link SG108E)

Bad choice.  TP-Link switches don't handle VLANs properly.  There's another thread about problems with the similar SG105E.
This page unintentionally left blank.

Offline kcallis

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +0/-0
    • View Profile
Re: Proper setup of switches
« Reply #4 on: January 01, 2018, 11:47:09 pm »
Quote
(although, I am actually using a Tl-Link SG108E)

Bad choice.  TP-Link switches don't handle VLANs properly.  There's another thread about problems with the similar SG105E.

Well, I have Netgear GS108E v2 (which is why I was using the TL-Link because of being able to access via the web interface as opposed to the configuration program for the v2) or a Mikrotik Routerboard RB951Ui (which I really didn't want to mess with because of the learning curve). Would any of these work better?

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1375
  • Karma: +60/-13
    • View Profile
Re: Proper setup of switches
« Reply #5 on: January 02, 2018, 06:01:37 am »
Probably, but the TP-Links definitely have problems.
This page unintentionally left blank.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15753
  • Karma: +1472/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Proper setup of switches
« Reply #6 on: January 02, 2018, 06:58:05 am »
I have the netgear 108ev3 and can tell that it works with vlans - unlike the tp-link pos.. The hopeful news is there is suppose to be some new "beta" firmware from tplink to fix the vlan nonsense they currently have.  You can hope that their new firmware when/if released fixes the problem.

The v3 has web gui if that is what your after.  Or you could go with the dlink 1100 it has web gui and also handles vlans correctly.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Offline curtisgrice

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +5/-1
    • View Profile
Re: Proper setup of switches
« Reply #7 on: January 02, 2018, 12:31:31 pm »
Yeah sorry but between the re0 (realtek) and TP-Link, your gonna have a bad day.  :P

Assuming you can pop in a PCIe card, you can ebay some new gear for less than 50 USD and have intel NICs and a Cisco gigabit 24 port switch  ;) A bit more to learn but its not that bad. Cisco has amazing documentation.
Slow code? Sounds like a good reason to buy more hardware!

Offline kcallis

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +0/-0
    • View Profile
Re: Proper setup of switches
« Reply #8 on: January 03, 2018, 01:49:03 am »
Yeah sorry but between the re0 (realtek) and TP-Link, your gonna have a bad day.  :P

Assuming you can pop in a PCIe card, you can ebay some new gear for less than 50 USD and have intel NICs and a Cisco gigabit 24 port switch  ;) A bit more to learn but its not that bad. Cisco has amazing documentation.

Well, it is what I have to work with... I could switch to equipment at the home location. But the reality is that I am trying to be a miserly as possibly on power since I am using the my travel trailer that I use when I am working. So the need for the APU, a decent low powered switch and probably the Nanostation.

Offline robi

  • Hero Member
  • *****
  • Posts: 1008
  • Karma: +78/-2
    • View Profile
Re: Proper setup of switches
« Reply #9 on: January 03, 2018, 05:54:50 am »
Quote
(although, I am actually using a Tl-Link SG108E)

Bad choice.  TP-Link switches don't handle VLANs properly.  There's another thread about problems with the similar SG105E.
Probably, but the TP-Links definitely have problems.

Not all of them. More correctly: some low-end models don't, but their majority do handle VLANs properly.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10260
  • Karma: +1177/-313
    • View Profile
Re: Proper setup of switches
« Reply #10 on: January 03, 2018, 11:50:36 am »
The re drivers and the APU work fine even with dot1q. They are workhorses.

Being miserly is fine but that switch is broken. Get a D-Link DGS-1100-08. They're about $30 and they actually work.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline kcallis

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +0/-0
    • View Profile
Re: Proper setup of switches
« Reply #11 on: January 04, 2018, 02:24:25 am »
The re drivers and the APU work fine even with dot1q. They are workhorses.

Being miserly is fine but that switch is broken. Get a D-Link DGS-1100-08. They're about $30 and they actually work.

I will go replace with the DGS-1100. I am somewhat confused, since the result of what I was trying to achieve seems to be working. On the SG108, I have the LAN interface on port 1; I have the OPT interface in port 2, which has VLAN[5, 10, 15, 20] trunked; I have my TL-Link WA901ND AP with multiple SSID using VLAN[5, 10, 15, 20] tagged on port 3 on the switch.

When I connect to a particular SSID using DHCP, I am assigned the appropriate IP address from the correct VLAN. I don't normally hard connect to the untagged ports, but if I create a static address in any of the VLANs or the LAN, I have proper connection on the subnet, I am unclear on the purpose of a untagged port as well as the PVID, but everything seems to work as I think is should be doing. So what does it mean that the TP-Link has issues?


Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15753
  • Karma: +1472/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Proper setup of switches
« Reply #12 on: January 04, 2018, 05:09:05 am »
"So what does it mean that the TP-Link has issues?"

Ports can not be removed from vlan 1.. Any broadcast traffic on vlan 1 will be seen on ALL Ports not just vlan 1 ports.. So if you have broadcast traffic on vlan 1, all your other vlan will see this traffic..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1375
  • Karma: +60/-13
    • View Profile
Re: Proper setup of switches
« Reply #13 on: January 04, 2018, 05:50:15 am »
"So what does it mean that the TP-Link has issues?"

Ports can not be removed from vlan 1.. Any broadcast traffic on vlan 1 will be seen on ALL Ports not just vlan 1 ports.. So if you have broadcast traffic on vlan 1, all your other vlan will see this traffic..

I have the same issue on a TP-Link access point.  As a result, IPv6 router advertisements are appearing on the wrong SSID, causing devices to get an address on the wrong prefix.  While other TP-Link switches may be OK, I think it's better to just stay away from any company that does things that are so incompetent.
This page unintentionally left blank.