The pfSense Store

Author Topic: 802.1p/q pfsense setup  (Read 19387 times)

0 Members and 1 Guest are viewing this topic.

Offline Jeff V.

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #60 on: May 15, 2014, 08:53:21 pm »
Well, good news.  The FSM7328S works great.  The config needs a few tweaks vs the GSM7312, but it overall it's the same.

The ports are numbered 1/0/1 - 1/0/24 for the 10/100 ports, and 1/0/25 - 1/0/28 for the gig ports.

Right off the bat, this switch is meant for stacking with other compatible Netgear switches.  As best I can tell, there's no way to disable this.  Thus, ports 1/0/27 and 1/0/28 are hard coded stack ports and don't seem to be available for general purpose use.  They took the config, but I wasn't able to pass traffic.  It cleared up when I moved the pfSense box to 1/0/25 and the Google ONT to 1/0/26.    I was able to get ~930x930 Mbit when I tested directly from the switch.

This is basically the box-stock config, with the bare minimum to get it working on a Google connection.  The config is attached.  You'll be able to telnet or access the web UI at 192.168.1.4 from any of the 10/100 ports.

The other nice thing about this vs the GSM73xx box is that it's smaller, and fanless.  For $35 shipped, I couldn't be happier.

Now on to the not so good news.

I'm still seeing some IPTV issues.  It was bad enough that my wife gave up on watching TV while she worked from home today.  I may have found a partial fix though.

If you go into System > Advanced and then go to the System Tunables tab, there's an option called net.inet.ip.fastforwarding.  Edit that value, and change it from 'default' to '1'.   Then reboot your box.   I noticed a nice 10% increase in my speed tests, though the tests were hardly scientific.    I've been watching a movie for the last couple hours, and the video has been damn near perfect the entire time.   Be warned though.  I've read some posts that say this setting can break IPSEC VPN clients. That may have just been for older versions though.  The information is conflicting in some places.

I've read about people successfully using far less powerful pfSense setups on other IPTV systems, so all I can figure is that Google has very tight timing tolerances that the pfSense IGMP proxy or firewall code struggles to meet.

One last thing....IPv6 DHCP.  I tried to get an IPv6 address when I tested directly from the Netgear switch.  I wasn't able to.  Technically the switch should just pass any ethernet frames, regardless of whether they've got v4 or v6 payloads.  But clearly something is missing.  I don't know enough about IPv6 yet to really make much headway on it.

I've got access to a few other switches, so I'll see if I can't line up some more tests for the IPv6 stuff.

Offline Atlantisman

  • Jr. Member
  • **
  • Posts: 86
  • Karma: +1/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #61 on: May 15, 2014, 09:23:29 pm »
Your switch will have really nothing to do with the IPv6, i have been working on trying to get IPV6 to work without any luck.

It seems to be a problem with pfsense (tested on pfsense (2.1 (first version to completely support IP6), 2.1.2, 2.1.3, and the 2.2 beta), since i can plug literally anything else into one of the VLAN2 ports on my switch and it pulls an ipv6 address in seconds. I tested this with windows, centos linux, Ubuntu linux and more.

I was also having IPTV issues, i had given up on it for now as pfsense doesn't appear to be handling the traffic effectively. So i have my Google Router plugged into another port connected to VLAN2 on my switch and have all the TV gear plugged into that, essentially splitting my network into a data section and a tv section.

EDIT: When i am able to get IP6 working i am going to try putting the TV equipment behind pfsense again, since IP6 is more efficient and has less overhead than IP4. Based on my traffic sniffing it seems to be using IP6 for the TV service anyways.
« Last Edit: May 15, 2014, 09:28:21 pm by Atlantisman »

Offline Jeff V.

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #62 on: May 15, 2014, 11:25:56 pm »
The weird part for me is that I tried to get a v6 address when I had my MacBook connected directly to the switch, before I had hooked up the pfSense box.

If I set up VLAN 2 on my MacBook and plug directly into the fiber jack, I get both v4 and v6 addresses a v4 address only. These Netgear boxes I'm testing are pretty old, so it wouldn't surprise me if something isn't up to spec.

I like your idea of splitting the networks.  But that would break the Fiber guide app, right?  As it sits, I'm going to have to shelve this whole project because my wife is losing patience with the TV situation, and breaking the Fiber app will be the last straw.  If it was up to me, this wouldn't even be an issue.  I'd have the gigabit-only package...

EDIT:  I have to backtrack part of what I said.  I didn't actually test v6 directly to the fiber jack on the night I installed the Netgear.  My recollection of getting a v6 address directly off the fiber jack was based on an apparently incorrect memory of the first time I tried this many months ago.  I am definitely not getting a v6 address right now.

I'm still a little fuzzy on it, but I found this thread that may help explain it.

http://apple.stackexchange.com/questions/60608/does-os-x-have-a-builtin-dhcpv6-client

It's directly more towards OSX, but I think the theory could apply to pfSense too (especially since they're both based on FreeBSD).   It looks like you need certain options enabled on the upstream router in order for DHCPv6 to work.  Without those options enabled, you need to rely on other IPv6 mechanisms (router announcements?)

So my speculation is that the Google Network Box requests a v6 prefix from the upstream Google interface. The LAN facing side of the Network Box has the necessary options turned on, so DHCPv6 works on inside your network.
« Last Edit: May 16, 2014, 04:11:24 pm by Jeff V. »

Offline Jeff V.

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #63 on: May 16, 2014, 04:40:57 pm »
Also, I figured out how to disable the stack ports on the FSM73xxS series.

http://rivald.blogspot.com/2009/05/netgear-switches-fsm7352s-and-disabling.html

Quote
To disable stacking from the command line:

enable (if you aren't there already)
configure
stack
stack-port 1/0/51 ethernet
stack-port 1/0/52 ethernet

To revert them back to stack ports:

configure
stack
stack-port 1/0/51 stack
stack-port 1/0/52 stack

I had to reboot my switch to get the change to take effect.   Substitute 1/0/27 and 1/0/28 if you only have the 28 port version like I do.

Offline Jeff V.

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #64 on: June 17, 2014, 06:42:08 pm »
For anyone who's interested, I have a working IPv6 config now. 

Go here and see post 7.  Beware possible hard crashes when you have IPv4 + IGMP + IPv6 configured though.

https://forum.pfsense.org/index.php?topic=76322.0

Offline bejahnel

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #65 on: February 01, 2015, 03:10:55 am »
Hey guys, I just got GF and am looking for a way to get a firewall in place to mainly use VPN and protect my network. Thinking about trying a pfSense either Virtual machine off a Dell 2950 running ESX, or I have an older pizza box server with I believe a P4, no clue on RAM, haven't got it in my rack yet. I have a cisco ASA 5505 that worked awesome when i had comcast, but I want to take full advantage of GF. The dropbox link seems to be dead. Is there a way I can get that config to help me get pfsense setup a little faster? Much appreciated!!! Also I have a Dell 6248P, but I'd rather not have that on the perimeter just stripping off the QoS. Again, thanks for any help.


P.S. An after thought is that maybe I could use pfSense to do my firewall and have GF equipment on it's own vlan and have the 6248 route the traffic through the GF port, then I shouldn't have to worry about QoS. Also it looks like GF has a support page for using their service without their box. Doesn't say anything about needing IPv6, says it's optional and they recommend have DHCPv6 enabled, but here is the page for you to look for yourself - https://support.google.com/fiber/faq/3333053?hl=en#6032607
« Last Edit: February 01, 2015, 03:17:06 am by bejahnel »

Offline dhiltonp

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #66 on: February 11, 2015, 11:09:35 pm »
Nice find on the google fiber support page!

Atlantisman's guide can be found by searching for "GoogleFiberRouterGuide.pdf."

There is one step missing from his guide, though - you've got to create the VLAN within pfSense, too:
  • interfaces->assign->vlans
  • create a vlan for the correct interface (tag 2)
  • set vlan in interface assignments

Offline nutt318

  • Full Member
  • ***
  • Posts: 119
  • Karma: +1/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #67 on: April 14, 2015, 09:32:32 pm »
Just finished the guide from here (http://flyovercountry.org/2014/02/google-fiber-gigabit-speeds-your-router-part-1-vlans/) and just finished page 2 and the last step doesnt seem to be working for me.

My Operational Status is Down, my internet works but upload is only 10meg and my down is around 350meg which is very low from last nights test. Also my TVs are not working either, just get a black screen saying channel not available.

Anyways just trying to figure out why my status for g2 is down.

EDIT:

So I re-read the guide and somehow I missed the VLAN tag for IGMP under the QOS Class configuration. So I added VLAN2, and checked the status and now says UP.
Problem now is im getting only 40down and .4up, its gotten worse.

Any ideas?

EDIT 2:
Missed the IGMP Setting for the same Class Sections, I must of hit cancel and not apply. Anyways the internet is workign great! However my TV is not.

I'm getting a black screen with a red text saying Channel Not Available.

Any ideas on the TV side of things?

EDIT 3:
Followed this guide to get TV working - http://flyovercountry.org/wp-content/uploads/2014/02/GoogleFiberRouterGuide.pdf however only lower channels work.

1-97 come in just fine, 98 and above do not show up. Is there another subnet thats used thats not listed in the guide?

EDIT 4:
I've got everything working! I've created some documentation on the process of getting everything working. Links Below:

Bypass the Network Box - Part 1:
http://www.itnutt.com/how-to-bypass-google-fibers-network-box/

Setup Firewall Rules for TV Services - Part 2:
http://www.itnutt.com/how-to-get-google-fiber-tv-services-working-with-pfsense/
« Last Edit: May 11, 2015, 12:53:19 pm by nutt318 »

Offline Duncan308

  • Newbie
  • *
  • Posts: 1
  • Karma: +1/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #68 on: December 11, 2015, 02:53:16 pm »
Does anyone have this working with only pfSense. I've got 4 Gb ports on the pfSense box but not a good switch. If someone does can you point me in the right direction on the WAN setup. LAN is working fine but I cannot get out to the internet so I'm missing something on the VLAN setup I'm guessing if this is even possible directly via pfSense. I will post setup of pfSense later work has successfully blocked teamviewer some how.

Offline KingViper

  • Newbie
  • *
  • Posts: 0
  • Karma: +4/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #69 on: May 04, 2016, 03:39:06 pm »
I just got Google Fiber installed today and had a Netgear GS108T lined up for tagging and priority assignment. While the netgear worked just fine, I was able to get internet working natively within pFsense without the Netgear switch. I think in pFsense 2.3 they added some options and potentially fixed some issues with 802.1p compared to before. Here's what I did. (I do not have TV service so I can't comment there)

Step 1.

Interfaces -> Assign
VLANS
+Add
Parent Interface - WAN
VLAN Tag - 2
VLAN Priority - 3
Description - Google Fiber VLAN
Save

It should look like this. (Where em1 is your WAN interface)


Step 2.

Interfaces -> Assign
Interface Assignments
WAN - Google Fiber VLAN
Save

It should look like this.


And that's it. My internet started working at full speed both up and down!

Offline KingViper

  • Newbie
  • *
  • Posts: 0
  • Karma: +4/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #70 on: May 09, 2016, 10:54:05 am »
I also had to disable the IPv6 config on pfsense to fix some issues on my android phone when using WiFi. I had problems downloading/updating apps in the play store, watching youtube videos in the youtube app (they would work fine from chrome), downloading pictures in SMS, and accessing printers in google cloud print. There is probably a way to actually fix it, but for now disabling IPv6 resolved my issues.

Step 3.

Interfaces -> LAN
IPv6 Configuration Type - None
Save



Offline CobraGT2000

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #71 on: May 11, 2016, 09:12:55 am »
So I've followed all the steps, i get an IP address, i'm able to ping out and have internet.

The only issues I've ran across is the gateway constantly shows 90-100% packet loss and offline (even tho its working without issues). I am trying to do fail-over, however with the gateway showing packet loss and offline the fail-over will not work.

I dont have the TV service, is there something that i'm missing? Is anyone else having this issue?

Offline KingViper

  • Newbie
  • *
  • Posts: 0
  • Karma: +4/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #72 on: May 17, 2016, 12:24:30 pm »
My gateway shows 0% packet loss and online.


Offline CobraGT2000

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #73 on: May 17, 2016, 12:30:32 pm »
I had to end up changing the ICMP packet from 0 to 1 and that took care of it.
Odd that yours works without that.

Offline zhester

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: 802.1p/q pfsense setup
« Reply #74 on: May 18, 2016, 08:02:56 am »
I just got Google Fiber installed today and had a Netgear GS108T lined up for tagging and priority assignment. While the netgear worked just fine, I was able to get internet working natively within pFsense without the Netgear switch. I think in pFsense 2.3 they added some options and potentially fixed some issues with 802.1p compared to before. Here's what I did. (I do not have TV service so I can't comment there)

Step 1.

Interfaces -> Assign
VLANS
+Add
Parent Interface - WAN
VLAN Tag - 2
VLAN Priority - 3
Description - Google Fiber VLAN
Save

Step 2.

Interfaces -> Assign
Interface Assignments
WAN - Google Fiber VLAN
Save

And that's it. My internet started working at full speed both up and down!

I registered to this forum for the singular and explicit purpose of posting this message.  THANK YOU!

My Google searches kept sending me into the guts of using ALTQ (A.K.A. "Traffic Shaping") to do this.  I didn't think that the QoS priority could be set in the VLAN config page.  Plus, ALL the other tutorials and examples used a managed switch (like your first attempt) for the sole purpose of adjusting Ethernet frame headers.  That felt wrong.  I'm glad you posted this.  I updated my configs, and Google Fiber is sailing at full symmetrical bandwidth.

Now: If we could just get Google searching to hit this forum a little better, I wouldn't have spent 10 hours messing around with traffic shaping just to set an outgoing QoS field in my frames.