Google Fiber is great. True symmetric gigabit speeds — both downstream and upstream — for $70/month. ComcastTimeWarner should be shaking in their market monopoly boots.
However, the Google Fiber “Network Box” (GFNB) is, to put it plainly, a piece of junk. This device is what we know as a router. Any advanced feature such as port forwarding is allowed in the advanced interface, but may or may not work. Not much else is supported. Unlike any other $20 router there is no bridge mode, no way to turn off the DHCP server, no DMZ, etc. At one point while I was trying to troubleshoot a port forwarding issue, the GFNB created a hidden (read: could-not-be-deleted-because-it-wasn’t-visible) access rule that prevented my main computer from getting online at all. A factory reset was required to fix this. A group of us on the Google Fiber product forums decided to pool our knowledge and figure out how to use our own router, despite the insistence from Google that this was either not possible, or only with a double NAT — their router had to remain between you and the Interwebs.
Following a tip which set us on the right path, Atlantisman did most of the hard work to figure out how to get pfSense set up, so all due credit to him and JeffV in the GF product forum and the pfSense forums. Atlantisman wrote up how to to set up pfSense, and gave some general guidance about the switch. This post will focus on the setting up the Netgear GS108Tv2. The switch configuration falls into two main parts: setting up the VLANs, and the QoS. pfSense is not required, most any modern router will do, but a VLAN + QoS capable switch is required. The VLAN configuration is required to get your router online. Without the proper QoS, uploads are limited to 10Mb/s.
This following assumes that you’re following Atlantisman’s guide. Specifically, you have port 1 plugged into your ONT and port 2 plugged into the WAN port for your router of choice.
One more note: I’ve had a bunch of trouble with the Google Fiber speed test lately I recommend running an initial test with the GFNB before you make any modifications to the network to get a baseline. You may wish to also get some baseline numbers from speedtest.net.
Optional: UI Session Timeout
The default idle timeout for the 108’s UI is 5 minutes. I find this annoying when I’m trying to comprehend their manual and change settings. If you want to change this, go to Security > Access > HTTP Configuration > Soft Session Timeout and set it to something more reasonable. I have mine at 30 minutes.
Part 1: The VLANs
The traffic in and out of the ONT (the Fiber Jack) must be tagged with VLAN2. The easiest way to do this is to put the ONT and your router on VLAN2, and everything else on VLAN1. In the GS108T, you must set up the VLAN in two different places.
Next, configure the port grouping. Go to Switching > VLAN. From the menu on the left, choose Advanced > VLAN Membership. Don’t bother trying to rename the first 3 VLANs. It won’t let you.
Ensure that VLAN ID 1 is selected, click the annoyingly small triangle next to the word PORT, and then click each port (3 – 8) until they all say ‘U’.
Note: I have port 3 ungrouped in the screenshot here because I am using it for other purposes.
Click the apply button in the lower right.
Select VLAN ID 2 from the drop down, click the annoyingly small triangle next to the word PORT, and then click port 1 to make it say ‘T’. Click port 2 to make it say ‘U’.
Click the apply button in the lower right.
Choose Port PVID Configuration from the menu on the left. Mark the boxes for g1 and g2, enter a value of 2 into the box PVID Configured. Click the apply button in the lower right.
Note: I have port g3 assigned to VLAN3 in the screenshot here because I am using it for other purposes.
That all there is to the VLAN configuration. Your router, pfSense or otherwise, should now be able to obtain a public address from the Google DHCP server, and you can get online. At this point, you should stop and make sure your router is functioning correctly, and that you’re able to run a speed test.
Upload speeds are limited to 10Mb/s until you get QoS configured, but it is better to get the VLAN configuration settled and confirmed working before moving on.
Next – Part 2: QoS