NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Nighthawk CM2000, RAXE300, pfSense CE, XS712Tv2 12-Port 10G Managed Switch Setup
Bought the Nighthawk CM2000 and RAXE300 to replace Spectrum ISP gear needing to eliminate the double NAT as I never succeeded in direct connection of Spectrum modem to the pfSense router. Without the Spectrum Router between them the pfSense router never obtained an IP address.
The double NAT bottlenecked the network; making pointless paying for 1G ethernet. There are 2 servers, a laptop and an HP z840 workstation on which resides the pfSense router. The servers and workstation have dual 10G Intel 540 ethernet connected to a NetGear 10G Managed Pro Switch and the pfSense a 2.5GB WAN card. Setting up VLANs and remote VPN access for a globally distributed workforce so removing bottlenecks a priority.
After the Nighthawks arrived 2 weeks ago, it still wouldn't work! 30+ re-activations by Spectrum, 100s of pfSense reboots, Druidic chants, 37 pfSense alternative vms and just once a private IP address flashed up on the pfSense status dashboard; 192.168... and it was gone!
Then this afternoon, the worst conceivable thing happened. Power cycled the CM2000 yet again, connected directly to pfSense WAN which was in mid- reboot, connected the RAXE300 to the 10G Managed Pro Switch and set it to Access Point mode. Waited... pfSense WAN shows no IP. Hurled myself off the front steps, frightened a cat. In Manhattan, we have high-rises. Back to the computer and pfSense is downloading at 94 MBps. I have no idea why it is working. No idea at all.
The pfSense WAN port has a public IP address for the first time ever. The RAXE300 is providing our LAN network address to Wi-fi phones, tablets and sundry.
If anyone has a tried and true methodology for getting pfSense to successfully and reliably obtain a public IP address with recent NetGear equipment, please advise. I fear this is not success but an aberration.
I'd be more wondering if its an issue with pfsense and how its negotiating a public/private IP address setup from the ISP.
I've dabbled in a few aftermarket 3rd party software but never pfsense. They've been a bit more complicated and not as user friendly in my experience. And I didn't do it enough to be worth the time so went back to direct modem---router setups. So not much help but based on prior experience, I'd be on the pfsense forums asking assistance.
10 Replies
Zaphod-17 wrote:
Bought the Nighthawk CM2000 and RAXE300 to replace Spectrum ISP gear needing to eliminate the double NAT as I never succeeded in direct connection of Spectrum modem to the pfSense router. Without the Spectrum Router between them the pfSense router never obtained an IP address.
I'm confused, what are you trying to sort out?
If you are piling a RAXE300 router on to a pfSense router, or vice versa, then you are in classic double NAT country.
Two routers on your network can cause headaches. For example, you can end up with local problems with addresses on your network. Among other things, the other router can misdirect traffic to addresses that the Netgear router usually handles, such as routerlogin.net or the usual default IP address for a router, 192.168.1.1.
This explains some of the other drawbacks.
What is Double NAT? | Answer | NETGEAR Support
Unless you have specific reasons for using two routers – to create two separate networks for example – it is often easier to use just one router and then to set up the second router as a wifi access point (AP) with a wired connection to the main router. Netgear advises this, as does just about every site you will visit.
How do I change my NETGEAR router to AP mode? | Answer | NETGEAR Support
But that has its own drawbacks:
Disabled Features on the Router when set to AP Mode | Answer | NETGEAR SupportStart by explaining the end result that you want to achieve, and maybe someone who understands these things can unravel this rat's nest and help you out.
As to the rest of that list of kit, it helps to take things a step at a time, adding one device and then when that works the next one on the chain.
Sorry for the rat's nest. One shouldn't write at 4am.
The whole point is to avoid double NAT configuration.
My goal was to configure an Internet - NetGear CM2000 - pfSense Router - Managed Switch - NetGear RAXE300 Access Point linkage configuration with the pfSense Router presenting a WAN public IP address.
After two frustrating weeks informed by the pfSense manual, this forum, reddit and other networking forums of continual failure, success was achieved but I don't know why it suddenly worked. I fear that having snapshot the pfSense configuration and created template clones is mere folly. As of now this configuration only works occasionally so I need to understand the underlying issue.
The pfSense dashboard \ Interface WAN setting remains blank for several minutes then flashes a private IP address which then changes to a public IP address. The pfSense VM WAN IP address remains blank throughout.
Are there log files that would help understand what is going on as the NetGear CM2000 negotiates or transmits an IP address to the pfSense WAN. Any way of determining why it fails? Rebooting the CM2000 has not been a magic bullet to say the least. Should the pfSense Router be rebooted or should it be simply waiting for the CM2000 to present non-flashing indicators before taking next actions? Does when the Ethernet cord is inserted into the CM2000 and pfSense Router WAN ports bear any significance?
"NetGear CM2000 - pfSense Router - Managed Switch - NetGear RAXE300 Access Point" should work in this configuration with the RAXE in AP mode.
