"
Und?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#17
General Discussion / Re: Need some help setting up VLANs on my switches
November 14, 2019, 11:05:25 AM
I finally got it resolved by using correct tagged and untagged ports.
Thanks anyway!
Thanks anyway!
#18
German - Deutsch / Re: Fiber 7 via Swisscom und Opnsense
November 08, 2019, 12:04:30 PM
Bzgl. Hardware:
Wenn ich das korrekt verstehe, war vorher eine Fritzbox am Glasfaseranschluss und darüber hat der Speed gepasst.
Nun soll die opnSense Box direkt ans Glas.
Hintergrund: FreeBSD kann bei PPPoE kein Multithreading und nutzt nur einen Core der CPU.
Falls Deine Hardware alt und lahm ist, ist die opnSense Box der limitierende Faktor...
Dies ist insbesondere bei Celeron CPUS, oder auch bei pcengines APU der Fall...
Hab meine opnSense Box (WatchGuard M400) auch mal direkt am Glasanschluss gehabt. mit FTTH von iWay.
Mit einer starken Xeon CPU kein Problem das Gigabit zu erreichen...
Wenn ich das korrekt verstehe, war vorher eine Fritzbox am Glasfaseranschluss und darüber hat der Speed gepasst.
Nun soll die opnSense Box direkt ans Glas.
Hintergrund: FreeBSD kann bei PPPoE kein Multithreading und nutzt nur einen Core der CPU.
Falls Deine Hardware alt und lahm ist, ist die opnSense Box der limitierende Faktor...
Dies ist insbesondere bei Celeron CPUS, oder auch bei pcengines APU der Fall...
Hab meine opnSense Box (WatchGuard M400) auch mal direkt am Glasanschluss gehabt. mit FTTH von iWay.
Mit einer starken Xeon CPU kein Problem das Gigabit zu erreichen...
#19
German - Deutsch / Re: Fiber 7 via Swisscom und Opnsense
November 07, 2019, 02:52:27 PM
Welche Hardware? CPU?
#20
General Discussion / Need some help setting up VLANs on my switches
October 31, 2019, 11:01:46 PM
Hi there
This is not directly related to opnSense.
I'm stuck on setting up VLAN's on my switches to support a separate guest VLAN for my Unifi access points.
I have my internal Network to not use a VLAN, and my guest network will use VLAN 100 on the unifi AP's. (The AP's will add the VLAN tag!)
I want to use two ports of my opnSense firewall for this: eth1 should be default internal network, eth2 should be separated guest network.
opnSense must not set VLAN tags. The switches must do that!
Both networks feed into my first switch, a D-Link DGS-3100, which is capable of VLAN and VLAN trunking. Port 5 goes into eth1, Port 6 into eth2.
This switch is uplinked with port 1 to my Cisco SG300 switch, which is also capable of VLAN and VLAN trunking.
How do i set up tagging, untagging and trunking on the ports?
Currently I have this: (check attaced screenshots)
D-Link:
Cisco:
Part of the D-Link config file:
Part of the CISCO config file:
This is not directly related to opnSense.
I'm stuck on setting up VLAN's on my switches to support a separate guest VLAN for my Unifi access points.
I have my internal Network to not use a VLAN, and my guest network will use VLAN 100 on the unifi AP's. (The AP's will add the VLAN tag!)
Code Select
(eth1, no VLAN)
(eth0) |¯¯¯¯¯¯¯¯¯¯|-------------------|¯¯¯¯¯¯¯¯| |¯¯¯¯¯¯¯| |¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯|
WAN --------| OPNSENSE | | D-Link |--------| CISCO |--------| some devices (PC's) |
|__________|-------------------|________| |_______| |_____________________|
(eth2, no VLAN) | |
| |
|¯¯¯¯¯¯¯¯¯¯¯¯| |¯¯¯¯¯¯¯¯¯¯¯¯|
| unifi AP 1 | | unifi AP 2 |
|____________| |____________|
I want to use two ports of my opnSense firewall for this: eth1 should be default internal network, eth2 should be separated guest network.
opnSense must not set VLAN tags. The switches must do that!
Both networks feed into my first switch, a D-Link DGS-3100, which is capable of VLAN and VLAN trunking. Port 5 goes into eth1, Port 6 into eth2.
This switch is uplinked with port 1 to my Cisco SG300 switch, which is also capable of VLAN and VLAN trunking.
How do i set up tagging, untagging and trunking on the ports?
Currently I have this: (check attaced screenshots)
D-Link:
Cisco:
Part of the D-Link config file:
Code Select
! VLAN
config vlan default delete 1:6
create vlan WIFI_Guest tag 100
config vlan WIFI_Guest add untagged 1:6
config gvrp 1:6 pvid 100
enable vlan_trunk
config vlan_trunk ports 1:1 state enable Part of the CISCO config file:
Code Select
vlan database
vlan 100
exit
!
interface vlan 100
name WIFI_Guest
!
interface gigabitethernet1
switchport trunk allowed vlan add 100
!
interface gigabitethernet2
switchport trunk allowed vlan add 100
!
interface gigabitethernet3
switchport trunk allowed vlan add 100
!
interface gigabitethernet4
switchport trunk allowed vlan add 100
!
interface gigabitethernet5
switchport trunk allowed vlan add 100
!
interface gigabitethernet6
switchport trunk allowed vlan add 100
!
interface gigabitethernet7
switchport trunk allowed vlan add 100
!
interface gigabitethernet8
switchport trunk allowed vlan add 100
!
interface gigabitethernet9
switchport trunk allowed vlan add 100
!
interface gigabitethernet10
switchport trunk allowed vlan add 100
!
exit #21
19.7 Legacy Series / Re: Feature request: UEFI compatible Installation of Serial Image
May 04, 2019, 02:11:13 PM
I'm interested aswell
Current appliances should all support UEFI...
Current appliances should all support UEFI...
#22
Hardware and Performance / Re: PPPoE with separate router/bridge
September 26, 2018, 02:54:14 PMQuote from: marjohn56 on September 25, 2018, 05:43:42 PM
You should be able to get a fibre modem that would bridge to ethernet AND support VLAN. That's how my VDSL works now, the modem is in bridge mode but it's using VLAN101 to connect. Opnsense then just does the PPPoE as normal.
FTTH does not require a modem but can be routed directly.
Some ISP's use PPPoE for authentification such as most here in Switzerland.
PPPoE is very slow on FreeBSD, it uses only one CPU core and therefore you will need a very powerful CPU to handle Gigabit speed.
I want to avoid upgrading my existing device and use a bridge/router in front of opnSense that manages PPPoE and outputs simple TCP/IP...
#23
Hardware and Performance / PPPoE with separate router/bridge
September 25, 2018, 05:14:45 PM
Hi there
as there is a PPPoE problem in FreeBSD and it doesn't look like it will be solved in a reasonable timeframe I'm thinking of putting a router/bridge in front of my setup like this:
Internet is provided with PPPoE and VLAN ID.
I have fixed IP's I want to use with opnSense.
Is there any cheap router/Bridge/whatever available to just do this:
"transform" the ISP's signal to use with a regular WAN port of my opnSense router?
If necessary I can also put a fiber converter in front, too.
It may even use one of my public IP's.
Thank you for all hints!
as there is a PPPoE problem in FreeBSD and it doesn't look like it will be solved in a reasonable timeframe I'm thinking of putting a router/bridge in front of my setup like this:
Code Select
WAN / Internet
:
: FTTH provider
:
.----+------------.
| PPPoE Router | (or Bridge, whatever)
'-----+-----------'
|
WAN
|
.-----+------.
| OPNsense |
'-----+------'
|
LAN
Internet is provided with PPPoE and VLAN ID.
I have fixed IP's I want to use with opnSense.
Is there any cheap router/Bridge/whatever available to just do this:
"transform" the ISP's signal to use with a regular WAN port of my opnSense router?
If necessary I can also put a fiber converter in front, too.
It may even use one of my public IP's.
Thank you for all hints!
#24
General Discussion / Re: Feature Request: Route Based VPN
January 24, 2018, 10:08:49 AM
+1 +1 +1 +1...
