Re: PfSense + ubiquity

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMichael Butash via PLUG-discuss at <-
MMichael Butash via PLUG-discuss at ->
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Stephen Partington via PLUG-discuss
Date:  
To: Main PLUG discussion list
CC: Stephen Partington
Subject: Re: PfSense + ubiquity
I ended up with fiber to the home in my area, and Have used anywhere from
2-10 TB a month since long before its availability. Only once did I receive
a call, I explained I was doing a backup restore to cloud and that was it.
. I have heard nothing else since.

On Wed, Jun 10, 2020 at 7:58 AM Michael Butash via PLUG-discuss <
> wrote:

> Kind of a funny read, made me think of this Cox discussion. As usual,
> even when you pay for unlimited, it's not really, and if you piss off a
> random top-talker metric, you get smacked. Actually get what you pay for?
> Nah.
>
>
> https://arstechnica.com/tech-policy/2020/06/cox-slows-internet-speeds-in-entire-neighborhoods-to-punish-any-heavy-users/
>
> I don't buy the FUD about the "downgrade the whole neighborhood", unless
> the neighborhood is just overused/saturated as it is, in which case Cox
> needs to fix it with a node split per normal direction. They won't
> police/shape a whole neighborhood like that, rather they'd just
> decommission or lower the bandwidth on the offenders modem usually, ala
> this guy.
>
> May be a bit different if an actual Cox fiber/pon site, , but these seem
> still rare like hens teeth, and only was deployed as buzz during Google
> Fiber threatening them. Cox doing fiber to the home I think died with
> Google Fiber.
>
> -mb
>
>
> On Thu, May 14, 2020 at 9:32 AM Michael Butash <> wrote:
>
>> I'll agree with the CL being saturated comment - pretty sure it doesn't
>> matter whether DSL or Fiber, their peering and aggregation is the same per
>> region, and really it's where they converge that is the problem, which is
>> where said saturation occurs. CL just *feels* saturated in use, where I
>> didn't get that with Cox. Everything loads a little slower, you can just
>> sort of tell after using long enough. Cox would periodically too, but they
>> tended to already be working on a fix by the time I'd hit up someone I knew
>> there to complain. CL I have no such faith in.
>>
>> I'm paying almost half my Cox bill with CL however, and no random overage
>> charges, so I'm willing to live with it honestly, and it's never been *that
>> bad*. If I download something, it downloads quickly, be it http or
>> torrents. Just random viewing of pages in quick succession, ala scanning
>> news just always seems a bit slow to start. That usually feels like
>> buffers are blown out somewhere inline.
>>
>> -mb
>>
>>
>> On Wed, May 13, 2020 at 8:34 PM Thomas Scott via PLUG-discuss <
>> > wrote:
>>
>>> They are welcome to, but node splits are a 6 month minimum last I
>>> checked 😁 - granted we're getting faster with how many we're doing. In the
>>> next 5 years, most cable operators will implement some sort of
>>> aggressive node splitting to keep up with demand. Current employer not
>>> excluded.
>>>
>>> I've had CLink on fiber - they're upstream nodes are a little more
>>> saturated, but they do peer locally in the valley. Current employer does
>>> have peering with FAANG and a couple other heavy hitters in the valley (not
>>> any proprietary information here, any trace route from the valley to those
>>> sites will show it terminating in 2 or 3 hops), but if I recall correctly
>>> 70% of CLink traffic hits their DCs in Phoenix. Granted it's all best
>>> effort past that, but if you don't have a heavily saturated node, you'll do
>>> all right. GPON fiber is GPON fiber, regardless of Service Provider. It's
>>> just a question of how many other subscribers are on your PON port and how
>>> big the upstream links are.
>>>
>>> - Thomas Scott | <>
>>>
>>>
>>> On Tue, May 12, 2020 at 4:04 PM Stephen Partington via PLUG-discuss <
>>> > wrote:
>>>
>>>> This last bit is interesting. I have Cox Fiber (no data cap for
>>>> Gigablast fiber yet) and Century Link just announced a competing service in
>>>> my area. For about half the cost. For the same Gigabit Fiber (or 940mbps as
>>>> they are calling it).
>>>>
>>>> Anyone with any experience with them on residential fiber?
>>>>
>>>> On Tue, May 12, 2020 at 5:59 AM Michael Butash via PLUG-discuss <
>>>> > wrote:
>>>>
>>>>> So Cox subs can reach out to you when we're having saturation issues?
>>>>> :)
>>>>>
>>>>> Having been around for the beginnings of cable modem tech at @home
>>>>> networks in the 90's dealing with almost every big MSO (Cox, Comcast, ATT,
>>>>> Intermedia, etc), I like to talk about the tech as a bit proud where it's
>>>>> gone. I liked Cox as one of the last decent hold-outs for things like
>>>>> keeping Usenet around longer than they should, not killing customers for
>>>>> mpaa/riaa abuse complaints, and keeping data caps off when the industry was
>>>>> moving in that direction, so I think they're better than the rest, but
>>>>> eventually they hopped on the money train with data caps too. And now
>>>>> they're paying for their pro-pirate stance as well with lawsuits
>>>>> against them winning
>>>>> <https://www.billboard.com/articles/business/legal-and-management/8546842/cox-1-billion-piracy-lawsuit-labels-publishers>,
>>>>> probably using that extra cap revenue to pay the trolls.
>>>>>
>>>>> Would I go back? Not as long as they have data caps, and someone else
>>>>> around me doesn't, but yes - much better network. I don't like random
>>>>> overages in my bill, I get that enough with power. If I thought the covid
>>>>> restrictions to remove caps would hold, I'd probably switch back now, but
>>>>> I'm sure they'll find a reason to reimplement them asap as that's lost
>>>>> revenue on your rsu's.
>>>>>
>>>>> It's always good to hear from other docsis speakers, welcome back!
>>>>>
>>>>> -mb
>>>>>
>>>>>
>>>>> On Mon, May 11, 2020 at 6:54 PM Thomas Scott <
>>>>> > wrote:
>>>>>
>>>>>> Day job is for a certain ISP HQ in Atlanta that supplies internet for
>>>>>> a lot of the valley - I work in Network Operations first in Phoenix and now
>>>>>> in Atlanta, and was surprised to see so much of what I talk about everyday
>>>>>> in PLUG!
>>>>>>
>>>>>> CLink trying to play FTTN as FTTH, nothing new there. I live in a
>>>>>> neighborhood outside of Atlanta that had some AT&T brownfield development
>>>>>> for FTTH, and I've had no regrets (300 up 300 down!) Cox is moving towards
>>>>>> "10G" with DOCSIS 4.0 and they are getting fiber closer to the home with
>>>>>> their node splits. If you find that you all off a sudden have an extra hop
>>>>>> in your path, that might be the seen you've been on one of those nodes that
>>>>>> have been lit and split. The amount of bandwidth going up and down will go
>>>>>> up dramatically.
>>>>>>
>>>>>> @Michael - yeah I don't think the caps are going anywhere, the
>>>>>> industry as a whole (driven by big red) has moved that direction, but I
>>>>>> think you'll see speeds and caps rise as N+0 goes to full duplex DOCSIS. I
>>>>>> do know they've been relaxed with the COVID-19 FCC initiatives, but how
>>>>>> long that lasts, I'm not sure.
>>>>>>
>>>>>> @Mac - the cox supplied modems are almost all going to "Panoramic
>>>>>> Wi-Fi" and the number of holes found in DOCSIS devices is... disturbing to
>>>>>> say the least. It was designed to be operated on a shared RF medium, and
>>>>>> like other "trusting" protocols (i.e. BGP) has a lot of issues. The more
>>>>>> virtualized it becomes, I think we'll see more of those go away - the
>>>>>> smaller the broadcast domains, and the smaller the first upstream router,
>>>>>> the better those will be able to be maintained and automated. Looking at
>>>>>> the road maps, it will be interesting what comes next.
>>>>>>
>>>>>> - Thomas Scott |
>>>>>> <>
>>>>>>
>>>>>>
>>>>>> On Wed, May 6, 2020 at 3:54 PM Michael Butash via PLUG-discuss <
>>>>>> > wrote:
>>>>>>
>>>>>>> Oddly enough, the model number of your router stuck in my head, the
>>>>>>> C3000Z, and I realized I used the same thing, but for my 150mbps dsl
>>>>>>> modem. You sure you have actual gig fiber? They tend to misrepresent
>>>>>>> their actual products in sales. Ask me how I know.
>>>>>>>
>>>>>>> <tldr>
>>>>>>>
>>>>>>> I say this because I called CL before going to them, and asked if I
>>>>>>> could get fiber in the network. They said yes. Hmm, I knew damn well they
>>>>>>> did not, as no one wants to build fiber into old peoria neighborhoods such
>>>>>>> as mine. After some conversation and calling him out, he explained that
>>>>>>> "oh, it's a gigabit network", just not fiber to your house. I could get
>>>>>>> dual-band DSL, which means 75mbps x2, for a total of 150mbps, delivered by
>>>>>>> a gigabit network! I sort of facepalmed, but ordered it anyways as it was
>>>>>>> significantly more than I had with cox (80mbps at the time I think),
>>>>>>> significantly cheaper, and no bandwidth cap.
>>>>>>>
>>>>>>> If there is anything other than fiber directly in your modem, I'd
>>>>>>> call bullocks, but FTTH is a myth to me.
>>>>>>>
>>>>>>> Crappier service, but I'll take the (usually) cheap and fast. It is
>>>>>>> most certainly not gigabit fiber to my house, even though that's what they
>>>>>>> tried to sell me I was getting. Only new house/community builds get fiber,
>>>>>>> and if even that. Cox did the same to compete with Google fiber, and as
>>>>>>> soon as Google Fiber died, so did Cox ever mentioning fiber again. Truth
>>>>>>> is Cox doesn't need it, shielded coax can deliver soon 10g over it just
>>>>>>> fine with new modulation schemas and docsis improvements. Centurylink's
>>>>>>> 100 year old 2-8 wire infrastructure cannot, all they can do is build new
>>>>>>> with fiber, but they probably won't being decrepit.
>>>>>>>
>>>>>>> I hear friends of mine mention they have fiber, and wonder just if
>>>>>>> they really do. This is why Google Fiber folded, it was unrealistic unless
>>>>>>> a net-new community build. Google fiber retrofits were a disaster
>>>>>>> <https://gizmodo.com/when-google-fiber-abandons-your-city-as-a-failed-experi-1833244198>
>>>>>>> .
>>>>>>>
>>>>>>> Fun-fact: Oddly enough the guy that built Google Fiber, Milo Medin,
>>>>>>> is the same guy that started @Home Networks back in late 90's for Cable
>>>>>>> Modem services, and pioneered current industry standards in use today
>>>>>>> globally to deliver cable internet. The last-mile regional MSO providers
>>>>>>> snuffed him/company back then, took it over themselves, and then they
>>>>>>> snuffed him out again as he tried the same incursion with Google Fiber, and
>>>>>>> realized it just cost too damn much to compete. Cable Monopolies, flawless
>>>>>>> victory.
>>>>>>>
>>>>>>> Next I expect he'll team up with Elon or Bezos to try again via
>>>>>>> terrestrial.
>>>>>>>
>>>>>>> -mb
>>>>>>>
>>>>>>>
>>>>>>> On Wed, May 6, 2020 at 10:32 AM Michael Butash <>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> I tend to find the CL network a bit wonky, having moved to DSL from
>>>>>>>> Cox (damn bandwidth caps). I find the general performance is worse than
>>>>>>>> cox, where I suspect they simply don't manage the bandwidth and are far too
>>>>>>>> oversubscribed as it feels like the internet buffers at times, literally.
>>>>>>>> Cox would occasionally get that way too, and it was easy to see in an
>>>>>>>> ongoing MTR when their peering in LA would get slammed and latency would
>>>>>>>> jump (not to mention I know the guys that manage that bandwidth, telling
>>>>>>>> them often got it fixed). Oddly Using MTR with CL, they filter icmp/udp
>>>>>>>> specifically that seems to hide responses to track well. Go figure, truth
>>>>>>>> hurts, so hide it.
>>>>>>>>
>>>>>>>> Having worked for service providers numerous times over the years,
>>>>>>>> working in and building them, routers are always an issue in a metro city
>>>>>>>> or even interstate networks. No two platforms are ever the same, whether
>>>>>>>> buying all Cisco, Juniper, Nokia, or any combo of all and more, which as
>>>>>>>> you said, many do. Hardest part is usually capacity planning, particularly
>>>>>>>> with something like covid, every isp took a kick in the groin at the same
>>>>>>>> time to augment their networks, suddenly by some magnitude, when everyone
>>>>>>>> else in the world is doing the same. Slowness in networking can often be
>>>>>>>> attributed to those not having enough capacity, though they'll never admit
>>>>>>>> it.
>>>>>>>>
>>>>>>>> I'm on the 150mbps dsl, and a speed test can provide that for sure,
>>>>>>>> but general usage, which I use a lot of tabs and apps, tends to bring
>>>>>>>> things to a crawl often. I'd even go back to cox if they got rid of the
>>>>>>>> bandwidth cap. CL might as well be government, and they're run by unions,
>>>>>>>> so nothing happens fast, including capacity augments.
>>>>>>>>
>>>>>>>> Re: mac limits, having been around Cox both as a customer and
>>>>>>>> network engineer working there early 2000's, the mac security was more
>>>>>>>> about limiting the amount of hosts behind a modem that could be allowed to
>>>>>>>> a single mac and IP address. Back Circa 1998 I had my first Cox modem,
>>>>>>>> and there were no routers, you just got yourself a phat 10baset switch from
>>>>>>>> computer city and connected up your family on public ip addresses, each
>>>>>>>> with their own mac and ip's. With no limits or filters that led to
>>>>>>>> security issues (hey, I see my neighbor's c drive shared!), Cox and others
>>>>>>>> then pushed people to then buy a router, which by then around 2002, you
>>>>>>>> could buy a cheap wrt54g linksys. The advent of docsis also allowed to
>>>>>>>> both filter and restrict the macs by default, also let them reduce to now
>>>>>>>> 1:1 IP to User ratio, which was good for ip management, the abuse
>>>>>>>> departments, and fbi warrants from legal. You used to be able to buy
>>>>>>>> another ip, they'd push a new docsis config with mac-alowed=2, but not
>>>>>>>> anymore.
>>>>>>>>
>>>>>>>> Same reasons they're just building in the router functions now, it
>>>>>>>> ensures they can offer some basic customer security, plus lets them run
>>>>>>>> whatever spyware in their embedded router os they want. Better off buying
>>>>>>>> your own standalone modem and router combo, one you ideally trust.
>>>>>>>>
>>>>>>>> -mb
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, May 5, 2020 at 10:07 PM Donald Mac McCarthy via
>>>>>>>> PLUG-discuss <> wrote:
>>>>>>>>
>>>>>>>>> Putting a CL modem into a bridge mode where it only handles the
>>>>>>>>> PPPoE connection is simply checking a radial select button and hitting
>>>>>>>>> apply. If your firewall supports PPoE, even better, as you no longer need
>>>>>>>>> their Modem and router in the mix. But, that is just my experience, and it
>>>>>>>>> is limited. I have a CL fiber to the door drop, and they gave me a Zyxel
>>>>>>>>> C3000Z device for connection. I promptly ripped it out and allowed pfSense
>>>>>>>>> to maintain the PPPoE connection. I had to call support for packet loss one
>>>>>>>>> time, and they refused to help me. So goes it rolling your own I guess.
>>>>>>>>> Turns out a day later we had a several hour outage due to one of the
>>>>>>>>> multiplexing cards used to distribute the 40Gb/s core fiber to the GPON
>>>>>>>>> devices failed. Seems like that was a likely culprit for some of the packet
>>>>>>>>> loss the previous day.
>>>>>>>>>
>>>>>>>>> Having just gotten off a call in which the Senior Director of
>>>>>>>>> Security Architecture and Engineering (a friend of mine from Atlanta) for
>>>>>>>>> Cox was a participant, before he hung up I asked him about the typical Cox
>>>>>>>>> supplied modems. Very, very few of them are purely bridge devices -
>>>>>>>>> especially with the push to "Panoramic WiFi". A member of CentryLink who
>>>>>>>>> was also on the call (ISP InfoSec sharing/working group) mentioned how
>>>>>>>>> painful it was to support the number of company issued
>>>>>>>>> modems/gateway/router models there are for different infrastructure and
>>>>>>>>> connections - let alone ones that customers buy and bring to the party.
>>>>>>>>> BTW, the MAC address thing is because they do actually use a MAC locking
>>>>>>>>> like feature for security. Apparently it is bad for the network if you just
>>>>>>>>> go plug your modem in at several houses in the neighborhood due to the way
>>>>>>>>> DOCSIS works. I still have to dig into that and ask some more questions on
>>>>>>>>> that one.
>>>>>>>>>
>>>>>>>>> There was a collective groan among the engineers when another ISP
>>>>>>>>> spoke up about the number of critical flaws they find in their DOCIS
>>>>>>>>> devices each year.
>>>>>>>>>
>>>>>>>>> With the amount of consolidation which has happened in the past 20
>>>>>>>>> years in the broadband market, the landscape is riddled with legacy bits
>>>>>>>>> and pieces of this provider and that provider somehow being coerced into
>>>>>>>>> working together to accomplish passing traffic. One of the ISPs mentioned
>>>>>>>>> they had no less than 350 different models of core switching equipment made
>>>>>>>>> by more than a dozen manufacturers in their network. They have a team of 40
>>>>>>>>> (really 5 teams of 8) that simply monitor and ensure that the OSPF
>>>>>>>>> functions properly among the various models and brands to make sure that
>>>>>>>>> the network properly heals/manages congestion.
>>>>>>>>>
>>>>>>>>> Anyway, just throwing it out so that people can see and understand
>>>>>>>>> the picture at a higher level. The final comment on the call was from an
>>>>>>>>> engineer at a midwestern rural provider and one that I am sure many of us
>>>>>>>>> can relate to. She said she spends all day pulling her hair out trying to
>>>>>>>>> keep the network functioning at the highest of levels. The first words out
>>>>>>>>> of her kids' mouths when she gets home are "Mom, the WiFi seems slow today."
>>>>>>>>>
>>>>>>>>> I talked with Alexander this afternoon, and it looks like he has a
>>>>>>>>> functioning network again. The APs were reluctant to give up their old
>>>>>>>>> configuration, so a factory reset and new DHCP leases seem to have done the
>>>>>>>>> trick.
>>>>>>>>>
>>>>>>>>> Hopefully this sheds a bit of light on something for a few people.
>>>>>>>>>
>>>>>>>>> Mac
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Michael Butash via PLUG-discuss wrote on 5/4/20 4:59 PM:
>>>>>>>>>
>>>>>>>>> Ideally when you plug into a cable modem, it comes up, and passes
>>>>>>>>> your ethernet to the cmts in a bridge, lets one mac address dhcp/arp, and
>>>>>>>>> things work. It learns that one ip/mac, and disallows any other mac. No
>>>>>>>>> security, nat, nothing, just real dumb dhcp + default routing with a public
>>>>>>>>> ip. Routers/firewalls try to NAT you, thus double NAT if using a router
>>>>>>>>> behind it.
>>>>>>>>>
>>>>>>>>> CL sells you a dsl modem/router that does your local security
>>>>>>>>> whether you want it or not, full router/nat/firewall, and probably
>>>>>>>>> spyware. Making it a modem is possible, but takes work, and your firewall
>>>>>>>>> has to support PPPoE (not all can/do). Last time I touched a combo Cox
>>>>>>>>> router/modem, I didn't see any way to do so. I told them to buy a real
>>>>>>>>> modem, and that worked with their belkin/cisco/linksys/netgear they had.
>>>>>>>>>
>>>>>>>>> If your "modem" mentions wifi, it's a router/firewall, not a
>>>>>>>>> modem. Not all are clear about this, as they dumb it down for consumers,
>>>>>>>>> but an important point.
>>>>>>>>>
>>>>>>>>> -mb
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, May 4, 2020 at 1:53 PM Stephen Partington via PLUG-discuss
>>>>>>>>> <> wrote:
>>>>>>>>>
>>>>>>>>>> I Owned a Nighthawk Router/Modem combo, The way that Netgear
>>>>>>>>>> handled that is that the modem was hard-wired to a bridge on the router
>>>>>>>>>> side. and technically you could see it as a separate device in the router
>>>>>>>>>> configs if you rooted around enough. but the modem side was just a modem.
>>>>>>>>>>
>>>>>>>>>> On Mon, May 4, 2020 at 11:03 AM Michael Butash via PLUG-discuss <
>>>>>>>>>> > wrote:
>>>>>>>>>>
>>>>>>>>>>> Cox modems *are* bridges first and foremost typically, unless
>>>>>>>>>>> you get a bundled router/modem, which is only what CenturyLink sells. If
>>>>>>>>>>> you got a "router/modem" combo, just buy a modem-only device for a dumb
>>>>>>>>>>> bridge and simple ethernet for a public ip. I recommend staying with an
>>>>>>>>>>> arris cable modem, originally motorola, they basically developed cable
>>>>>>>>>>> modem docsis, and are always the best.
>>>>>>>>>>>
>>>>>>>>>>> I moved from Cox to CL when Cox started adding a usage cap, and
>>>>>>>>>>> that was new to me to get my Fortinet firewall online with CL and their DSL
>>>>>>>>>>> doing PPPOE. I've seen the router/cable modem combo boxes later, but never
>>>>>>>>>>> owned one as I always have my own router/firewall.
>>>>>>>>>>>
>>>>>>>>>>> -mb
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Mon, May 4, 2020 at 8:36 AM Donald Mac McCarthy <
>>>>>>>>>>> > wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Will Cox allow for a bridge/virtual bridge mode? Xfinity does,
>>>>>>>>>>>> which allows you to put in a firewall, and use the modem only as a gateway,
>>>>>>>>>>>> therefore preventing a double NAT situation. Never lived in a Cox area
>>>>>>>>>>>> before, and currently ride CL fiber.
>>>>>>>>>>>>
>>>>>>>>>>>> Mac
>>>>>>>>>>>>
>>>>>>>>>>>> Michael Butash via PLUG-discuss wrote on 5/3/20 2:00 PM:
>>>>>>>>>>>>
>>>>>>>>>>>> Cox modems will learn and allow only 1 mac at a time (unless
>>>>>>>>>>>> business is set to allow more, but not on residential). If switching out
>>>>>>>>>>>> firewalls, I 99% of time reboot the modem first and foremost.
>>>>>>>>>>>>
>>>>>>>>>>>> -mb
>>>>>>>>>>>>
>>>>>>>>>>>> On Sun, May 3, 2020 at 12:08 PM Snyder, Alexander J via
>>>>>>>>>>>> PLUG-discuss <> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> I got it working.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I assigned the SFP+ port as my LAN and assigned it the
>>>>>>>>>>>>> 10.x.x.x/16 network. Then I had to call COX and list the WAN Mac address
>>>>>>>>>>>>> with them. Upon doing so I was able to reach external sites, and all
>>>>>>>>>>>>> downstream devices started coming alive!
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks for all the suggestions and help!
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>> Alexander
>>>>>>>>>>>>>
>>>>>>>>>>>>> Sent from my Galaxy S10+
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Sun, May 3, 2020, 03:14 Herminio Hernandez, Jr. via
>>>>>>>>>>>>> PLUG-discuss <> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Can you login to the FW via the LAN interface? Can you ping
>>>>>>>>>>>>>> the FW LAN interface? Check the routing and NAT policy on the FW. All
>>>>>>>>>>>>>> outbound traffic should NAT to the FW WAN interface and there should be a
>>>>>>>>>>>>>> default (0.0.0.0/0) route to the internet.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Sat, May 2, 2020 at 7:27 PM Seabass via PLUG-discuss <
>>>>>>>>>>>>>> > wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I'm with Mac, I think it is not the firewall, but if you
>>>>>>>>>>>>>>> have the ability to plug it into a display with a keyboard, you can use
>>>>>>>>>>>>>>> that for configuration and modify a different device at the same time.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Makes it easier to troubleshoot by giving you the ability to
>>>>>>>>>>>>>>> configure your pfSense ports at the same time.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Message: 2
>>>>>>>>>>>>>>> Date: Sat, 2 May 2020 09:04:35 -0700
>>>>>>>>>>>>>>> From: Donald Mac McCarthy <>
>>>>>>>>>>>>>>> To: "Snyder, Alexander J via PLUG-discuss"
>>>>>>>>>>>>>>> <>
>>>>>>>>>>>>>>> Subject: Re: pfSense + Ubiquity
>>>>>>>>>>>>>>> Message-ID: <
>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I can help - but I am unavailable to do so until tomorrow.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Make sure there are not any thing other than default VLANs
>>>>>>>>>>>>>>> on the
>>>>>>>>>>>>>>> interfaces to start with. Ubiquiti is famous for not
>>>>>>>>>>>>>>> havinght eSFP+
>>>>>>>>>>>>>>> ports active in the default configuration, and I believe the
>>>>>>>>>>>>>>> switch has
>>>>>>>>>>>>>>> all the ports to shutdown on default config as well.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I think it is the switch not passing traffic through - no
>>>>>>>>>>>>>>> the firewall.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Mac
>>>>>>>>>>>>>>> Snyder, Alexander J via PLUG-discuss wrote on 5/2/20 8:53 AM:
>>>>>>>>>>>>>>> > Does anyone out there have experience with pfSence and
>>>>>>>>>>>>>>> Ubiquity switches?
>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>> > I have zero with either but that didn't stop me from
>>>>>>>>>>>>>>> buying both ....
>>>>>>>>>>>>>>> > how hard could it be?! LOL.
>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>> > I bought a Negate XG-1537-1U. I bought a Unifi Pro 24 PoE
>>>>>>>>>>>>>>> switch.
>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>> > I can configure the FW immediately after
>>>>>>>>>>>>>>> > firstboot/restore-default-configs, but only if i set the
>>>>>>>>>>>>>>> LAN interface
>>>>>>>>>>>>>>> > to be the cable that goes directly to my laptop. That's
>>>>>>>>>>>>>>> great, but
>>>>>>>>>>>>>>> > that does shit for the downstream switch.
>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>> > I have a 10GB SFP+ Port that I want to configure as the
>>>>>>>>>>>>>>> downstream
>>>>>>>>>>>>>>> > port to ubiquity, but any configuration other than
>>>>>>>>>>>>>>> mentioned above
>>>>>>>>>>>>>>> > fails .... and I'm now on my 12th "Reset To Factory
>>>>>>>>>>>>>>> Defaults" ... any
>>>>>>>>>>>>>>> > help on this would be greatly appreciated!
>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>> > Thanks,
>>>>>>>>>>>>>>> > Alexander
>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>> > Sent from my Galaxy S10+
>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>> > ---------------------------------------------------
>>>>>>>>>>>>>>> > PLUG-discuss mailing list -
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> > To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>>>> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Donald "Mac" McCarthy
>>>>>>>>>>>>>>> Director, Field Operations
>>>>>>>>>>>>>>> Open Source Context
>>>>>>>>>>>>>>> +1.602.584.4445
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> https://oscontext.com
>>>>>>>>>>>>>>> -------------- next part --------------
>>>>>>>>>>>>>>> An HTML attachment was scrubbed...
>>>>>>>>>>>>>>> URL: <
>>>>>>>>>>>>>>> http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20200502/aeab14b4/attachment-0001.html
>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ------------------------------
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Subject: Digest Footer
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ------------------------------
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> End of PLUG-discuss Digest, Vol 179, Issue 2
>>>>>>>>>>>>>>> ********************************************
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>
>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Donald "Mac" McCarthy
>>>>>>>>>>>> Director, Field Operations
>>>>>>>>>>>> Open Source Context
>>>>>>>>>>>> +1.602.584.4445
>>>>>>>>>>>>
>>>>>>>>>>>> https://oscontext.com
>>>>>>>>>>>>
>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> A mouse trap, placed on top of your alarm clock, will prevent you
>>>>>>>>>> from rolling over and going back to sleep after you hit the snooze button.
>>>>>>>>>>
>>>>>>>>>> Stephen
>>>>>>>>>>
>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------
>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Donald "Mac" McCarthy
>>>>>>>>> Director, Field Operations
>>>>>>>>> Open Source Context
>>>>>>>>> +1.602.584.4445
>>>>>>>>>
>>>>>>>>> https://oscontext.com
>>>>>>>>> ---------------------------------------------------
>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>
>>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list -
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list -
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>>
>>>>
>>>> --
>>>> A mouse trap, placed on top of your alarm clock, will prevent you from
>>>> rolling over and going back to sleep after you hit the snooze button.
>>>>
>>>> Stephen
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list -
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss



--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: PfSense + ubiquitylink for Thu mtg->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)