Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Unmanaged switch between Converter and Firewall
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unmanaged switch between Converter and Firewall (Read 990 times)
snåm
Newbie
Posts: 3
Karma: 0
Unmanaged switch between Converter and Firewall
«
on:
August 30, 2023, 12:26:48 am »
Hi!
I have a very interesting problem. My firewall is running on 2.5GBE. My fiber converter from my ISP only supports up to 1GBE. I have tried everything to get the firewall port to connect to the converter on 1000baseT. Although, the converter is always rejecting the request and nothing is happening. The port is not lighting up or anything. I know and have verified several times that there is nothing wrong with the ports on my firewall. They all work great and light up if I plug them directly into my managed LAN switch for example.
So, my solution was to add a USB to Ethernet converter to my firewall and use that as my WAN port. It works, but now I have a problem in OPNsense that the USB to Ethernet converter toggles between up and down and therefore I also lose internet connectivity at home every time it does. I can force myself to lose internet by running speedtest.net and using 1Gbit/s up and down. The USB to Ethernet converter cannot handle the speed and therefore I lose internet. This seems to be a known problem (
https://github.com/opnsense/src/issues/180
,
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252165
).
I have tried talking to my ISP and asking them to give me a new fiber converter, but they do not want to do that. Therefore I am now in a situation where I do not really know what I should do. It seems like I have two options:
1. Add an unmanaged switch after the fiber converter, but before the firewall.
I will not plug ANYTHING else into this switch. I will solely use this as a way for my firewall to get internet.
2. Get a new firewall with SFP port to plug to fiber directly into my firewall.
I don't really want to buy new hardware, because the hardware I am using is quite new. Would it be possible to go with my first idea to add an unmanaged switch after the fiber converter and before my firewall? I don't want to Double-NAT and this seems like the easiest solution, although maybe I am overlooking something?
Greatly appreciate any help!
«
Last Edit: August 30, 2023, 12:44:48 am by snåm
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6854
Karma: 575
Re: Unmanaged switch between Converter and Firewall
«
Reply #1 on:
August 30, 2023, 12:10:42 pm »
This is a bit dependent on the particular switch. But since unmanaged switches are rather cheap I'd just give it a try. Buy online, make sure you have the time to test when the switch arrives, return it if it doesn't work.
Theoretically all unmanaged switches should work fine. But vendors take weird shortcuts to save money, that's why nobody can really tell in advance. On the plus side it should be binary: working or not working. If it works on day one, it will continue to do so.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
snåm
Newbie
Posts: 3
Karma: 0
Re: Unmanaged switch between Converter and Firewall
«
Reply #2 on:
August 30, 2023, 03:25:25 pm »
Thank your for your response. I decided to try with a managed switch first. I went with Unifi Flex Mini because my switch and access points are also UniFi. I guess I'll need to tag the WAN with a VLAN to my Firewall. Not really a problem for me. Since my ISP provides IPTV via VLAN I decided to go with a managed switch instead. I'll report back with the result.
Very frustrating problem...
Logged
snåm
Newbie
Posts: 3
Karma: 0
Re: Unmanaged switch between Converter and Firewall
«
Reply #3 on:
September 07, 2023, 07:37:21 pm »
For traceability. I decided to go with a Unifi Lite 8 PoE. Everything works great. The cabling is like below:
Media Convert (fiber) ----> (port 1) > Unifi Lite 8 PoE < (port 2) ----> (port 1) > OPNsense < (port 2) ----> (port 1) > Another Unifi Lite 8 PoE
Then:
Unifi Lite 8 PoE (port 8 ) --(Block all VLAN only default network)--> (port 8 ) Another Unifi Lite 8 PoE
I tagged port 1 and 2 with VLAN 999. No tagging in OPNsense. Only DHCP on the WAN. I also tagged port 8 on the first UniFi Lite 8 and port 8 on the second Unifi Lite 8 PoE just to be able to manage the first switch outside of my network.
Everything works great so far. I can saturate the whole 1 Gbit/s I pay for (950 Mbit/s) without problems.
Thanks!
«
Last Edit: September 07, 2023, 07:39:04 pm by snåm
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Unmanaged switch between Converter and Firewall