On 7/26/2016 8:40 PM, Chris Buechler wrote:
On Tue, Jul 26, 2016 at 7:43 PM, Volker Kuhlmann <hid...@paradise.net.nz> wrote:
On Tue 26 Jul 2016 09:41:37 NZST +1200, Karl Fife wrote:
Interesting how it failed: The fried port 'simply' broke
connectivity for the interface's LAN segment. Everything else
continued to work. I kinda didn't believe the report that Internet
was out for the one LAN, since the other was not.
I don't think this is that unusual or surprising. You get the same
effect if you plug in a real POTS line into an Ethernet port...
After some
testing, I found the system would not come up after reboot because
it had gone into port reassignment mode since the config made
reference to a non-existent interface.
I find this really really annoying of pfsense! Especially for headless
systems. Hey, why run with only one interface and some functionality
missing when one can run with functionality of zero point zero instead?
Because any fall back there is potentially unsafe. Say you have
igb0-igb5, and igb2 dies. Now your igb3 is igb2, igb4 is igb3, etc.
Any assumptions you make about what's correct are potentially
dangerous, and likely to be wrong. We've had discussions around that
in greater depth multiple times over the years. Any way you do it has
edge case bugs, is dangerous and/or wouldn't be right anyway.
Amen to that. Please don't change port behavior "automagically". This
appears to be a phenomenon now. I'm often seeing examples of ridiculous
"fail safe" hardware features (e.g. binding IPMI to eth0 on IPMI link
failure, or bridging interfaces on OS failure). Chok-full-o externalized
security risks. Certain "visionaries" needs to be taken out and beaten.
Thanks to Moshe, Jim and others for the links and musings!! I now
suspect that the isolation amplifier likely induced current on the
Ethernet controller side of the circuit, meaning that the board may need
a dual-chipectomy.
Either way, my thinking is that the low cost of fiber fiber and
transceivers may be cheap insurance in the fugure if for example there's
potential for different safety-ground reference points in the AC
wiring. In my case, I was on different panels within the same
structure. Technically they have the same safety-ground reference, but
in the event of an AC power anomaly/event, anything can happen (e.g. as
a the safety ground path begins to carry current).
I do think that if switching gear on BOTH ends of my Ethernet run *had
been* bonded to a common "Earth-ground" reference (vs the electrical
safety ground, as recommended by manufacturers), I suspect it may have
significantly reduced the probability of damage as the anomaly would
have been partly sunk through the earth-ground lug on the back of the
equipemnt, reducing the potential for errant current being induced
through the isolation transformer. As it was only one side was bonded
to a dedicated earth-ground, possibly increasing the chance of trouble
versus the chances if neither side had been earth-grounded at all.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
