Netgate SG-1000 microFirewall

Author Topic: questions about the built-in cpsw switch on the SG1000  (Read 185 times)

0 Members and 1 Guest are viewing this topic.

Offline jason0

  • Full Member
  • ***
  • Posts: 111
  • Karma: +1/-0
    • View Profile
questions about the built-in cpsw switch on the SG1000
« on: January 30, 2018, 06:08:11 pm »
Hello,

When configuring my sg1000, I noticed there are already two vlans assigned:
vlan 4071 to cpsw0 (aka WAN)
vlan 4072 to cpsw1 (aka LAN)

What sort of traffic is on these two vlans? 

Also, when digging into the switch configuration via Interfaces / switch / system, it shows:

TI Common Platform Ethernet Switch (CPSW)   
3 ports   
128 vlan groups   
DOT1Q (vlan mode)   
DOT1Q ( capabilities)

Interface / switch / vlans shows:

VLAN group   VLAN tag   Members   Description   
0                   4072          0,2          Default System VLAN   
1                   1001          0t,2t      
2                   1002          0t,2t      
3                   100            0t,2t      
4                   4071          0,1          Default System VLAN

So by inference I can see that member 1 is probably cpsw0 (the WAN port) and that member 2 is probably cpsw1  (the LAN port). 

So what is member 0?  Is it /dev/etherswitch0? 

Thanks!


Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9786
  • Karma: +1104/-311
    • View Profile
Re: questions about the built-in cpsw switch on the SG1000
« Reply #1 on: January 30, 2018, 06:12:31 pm »
Yes. Member 0 is the uplink to the SoC. You should be able to create traditional pfSense VLAN interfaces for VLAN IDs 100, 1001, and 1002 and those should be tagged on the LAN port.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline jason0

  • Full Member
  • ***
  • Posts: 111
  • Karma: +1/-0
    • View Profile
Re: questions about the built-in cpsw switch on the SG1000
« Reply #2 on: January 30, 2018, 06:33:52 pm »
Sweet!  Thanks!

Is there any significance to vlans 4071 and 4072, or are they just placeholders?

--jason

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9786
  • Karma: +1104/-311
    • View Profile
Re: questions about the built-in cpsw switch on the SG1000
« Reply #3 on: January 30, 2018, 06:43:04 pm »
Just placeholders to both untagged interfaces. Pretty sure those are hardcoded internally though I don't believe a pfSense interface has to be assigned to them if you don't want untagged traffic there.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline jason0

  • Full Member
  • ***
  • Posts: 111
  • Karma: +1/-0
    • View Profile
Re: questions about the built-in cpsw switch on the SG1000
« Reply #4 on: February 01, 2018, 12:06:59 pm »
Ok, Thank you!

--jason