OPNsense Forum
English Forums => Hardware and Performance => Topic started by: fword101 on November 17, 2018, 02:51:02 pm
-
So first before you start butchering me for running a USB nic.. We are talking about a home user here that used to run a crappy TP-Link router with OpenWRT.
I had serious issues with my previous router. Every streaming service was lagging and it was basically unusable.
So I had a J1900 based PC laying around (Q1900-ITX). Problem was that my case did not support external PCI-E cards so I could not add a nice Intel based Ethernet card to it.
Decided to give a USB nic a try since I only have 100Mbit down and 10Mbit up.
Got a RTL8153 Gigabit Ethernet USB3 Adapter and plugged it in. Works fine lag is gone but when I test my speed I only get 40Mbit down.
How could this be? USB3 is 5 Gbits right?
ue0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ugen0.3: <Realtek USB 101001000 LAN> at usbus0, cfg=1 md=HOST spd=SUPER (5.0Gbps) pwr=ON (64mA)
Anyway I'm prepared to get a new system with real nics, but it will probably be Realtek based too since I'm a home user and not willing to spend the big bucks...
Is it even worth it to buy a new system? I figure this is a driver issue and might be fixed in a newer freebsd release?
-
I was faced with the same issue when changing from a dual NIC to a single NIC hardware platform. Instead of going for an external NIC, I opted for a VLAN setup.
You basically configure a WAN port and LAN port(s) on the switch, while you trunk both traffic streams down to OPNsense on its switch port as separate VLAN's. Added benefit is that you can further carve up your network; e.g. have a guest port that can only see the internet, or an IoT segment that is more strictly monitored.
While you can spend thousands on enterprise gear, VLAN capable switches don't need to cost the earth. Check out the TP-Link managed switches like the TL-SG105E.
Bart...
-
I was faced with the same issue when changing from a dual NIC to a single NIC hardware platform. Instead of going for an external NIC, I opted for a VLAN setup.
You basically configure a WAN port and LAN port(s) on the switch, while you trunk both traffic streams down to OPNsense on its switch port as separate VLAN's. Added benefit is that you can further carve up your network; e.g. have a guest port that can only see the internet, or an IoT segment that is more strictly monitored.
While you can spend thousands on enterprise gear, VLAN capable switches don't need to cost the earth. Check out the TP-Link managed switches like the TL-SG105E.
Bart...
So I got a Cisco SG200-08 and created a VLAN 101 for WAN traffic.
Configuration:
Port 1: WAN Link (Cable from my modem)
Port 2: LAN Link (OPNSense)
Port 1: PVID 101, 101 Untagged
Port 2: PVID 1, 1 Untagged and 101 Tagged
Problem is that when I connect the WAN cable the switch still says Link Down even though the cable is connected.
Why? Sorry I'm a networking noob ::)
I have added the VLAN in OPNSense: Interfaces: Other Types: VLAN
And changed the WAN assignment to VLAN 101 in OPNSense Interfaces: Assignments
-
Can you check from the console? You'll be able to bring the WAN interface up and down and ping external hosts separately from getting your LAN up and running. I have hardly any Cisco experience, but I know that they can be slightly awkward. The first thing I would try is changing VLAN 1 on port 2 to be tagged, or remove it.
You may also want to put the modem aside for a moment and confirm that the trunk on port 2 works as you expect. E.g. connect a DHCP server on port 1 and confirm that the "WAN" interface on OPNsense picks up an IP address.
Bart...
-
Can you check from the console? You'll be able to bring the WAN interface up and down and ping external hosts separately from getting your LAN up and running. I have hardly any Cisco experience, but I know that they can be slightly awkward. The first thing I would try is changing VLAN 1 on port 2 to be tagged, or remove it.
You may also want to put the modem aside for a moment and confirm that the trunk on port 2 works as you expect. E.g. connect a DHCP server on port 1 and confirm that the "WAN" interface on OPNsense picks up an IP address.
Bart...
Alright so finally I was able to setup a DHCP server and test the VLAN.
Directly when I plugged in a cable from my DHCP server to port 1 it lit up green and I received an IP address on my WAN interface.
So it must be my ISP or switch or a combination I guess..
Could it be spanning tree or some other function that I need to disable?
-
I was faced with the same issue when changing from a dual NIC to a single NIC hardware platform. Instead of going for an external NIC, I opted for a VLAN setup.
You basically configure a WAN port and LAN port(s) on the switch, while you trunk both traffic streams down to OPNsense on its switch port as separate VLAN's. Added benefit is that you can further carve up your network; e.g. have a guest port that can only see the internet, or an IoT segment that is more strictly monitored.
While you can spend thousands on enterprise gear, VLAN capable switches don't need to cost the earth. Check out the TP-Link managed switches like the TL-SG105E.
Bart...
So I got a Cisco SG200-08 and created a VLAN 101 for WAN traffic.
Configuration:
Port 1: WAN Link (Cable from my modem)
Port 2: LAN Link (OPNSense)
Port 1: PVID 101, 101 Untagged
Port 2: PVID 1, 1 Untagged and 101 Tagged
Problem is that when I connect the WAN cable the switch still says Link Down even though the cable is connected.
Why? Sorry I'm a networking noob ::)
I have added the VLAN in OPNSense: Interfaces: Other Types: VLAN
And changed the WAN assignment to VLAN 101 in OPNSense Interfaces: Assignments
I have a similar setup with similar issue. Download is limited due to usb to ethernet Dongle at ~90mbt/s down. (my Internet service plan is capable of 250mbt/s, normally)
I also own a manged switch, would like to test it.
But I am concerned by following:
I need to configure a Vlan (7) anyway for my Wan Interface, which then gets its ip over pppoe. (German Telekom Setup). Will it interfere with the other Vlan(s) which I need to setup in order to run one NIC only in combination with my modem connected to the switch?
I also want to seperate some lan, will I be able to control it with the opnsense after installation, too?
Will the setup cause unavoidable overhead (performance drop) (I mean because its all running over one NIC only)?
My current interface setup is following:
em0 (physical ethernet port) => WAN (over Vlan7)
ue1 (usb to ethernet dongle) => LAN1
ue2 (usb to ethernet dongle) => LAN2
ue3 (usb to ethernet Dongle) => LAN3
I would ditch all of my usb to ethernet interfaces, they would be obsolete if the setup via managed switch is possible....
My switch is the following: Netgear Business Insight Managed Smart Cloud Switch (8-Port Gigabit Ethernet with 2 SFP Ports) (GC110)
My setup (ASCII) : http://bitly.ws/cz8v
I run Cat. 6 - Cat. 8 Cables at home.
Thanks in advance,
Alex
-
Hi Alex,
Your dongle seems restricted by either the USB bus (2.0) or its Ethernet interface (100 Mbps).
My ISP doesn't do the VLAN thing, but you are right in setting the WAN VLAN to 7 and tag the port to your ISP gear.
All VLAN's are completely separate logically but they do of course share the same physical link. Without QoS, traffic on one VLAN can reduce the throughput on another. Given that it is all gigabit, you will have enough capacity at least at most times. It will certainly feel faster than your 90 Mbps dongles.
If congestion does become an issue, you could move the Synology to the busiest VLAN and use its firewall to restrict local access.
Bart...
-
Hi Alex,
Your dongle seems restricted by either the USB bus (2.0) or its Ethernet interface (100 Mbps).
My ISP doesn't do the VLAN thing, but you are right in setting the WAN VLAN to 7 and tag the port to your ISP gear.
All VLAN's are completely separate logically but they do of course share the same physical link. Without QoS, traffic on one VLAN can reduce the throughput on another. Given that it is all gigabit, you will have enough capacity at least at most times. It will certainly feel faster than your 90 Mbps dongles.
If congestion does become an issue, you could move the Synology to the busiest VLAN and use its firewall to restrict local access.
Bart...
It's an RTL8153, that's why it has poor performance (FreeBSD 12 / 13 thing...)
I will reorganise my setup and see if I can set it up.
One question: Which Vlan do I need to set up, like initially posted, with Vlan 101...?
I am a bid knew in this field that's why I need to make sure.
Thanks,
Alex
-
You can use any number between 1 and 4096 for your VLAN's. Apart from 7 of course due to your WAN requirement.
Make them easy to remember - e.g. my isolation VLAN has number 121 ;)
Bart...