NETGATE 7100 SFP Uplink configuration
-
Hi, i've a NETGATE 71001U and i'm trying to setup one of my SFP port to be used as an UPLINK port to connect a 10G switch and i would like to connect the netgate interal switch to the sfp port to propagate the LAN.
I know that the 8 gigabit port are part of a switch and the 2 SFP port are external to the switch and i'm trying to find a solution to bridge in some way the 2 port.
i need to use the sfp port to function as uplink because i've a 5gigabit internet connection and i would like make use of it.
My LAN is the default LAGG0 vlan 4091 and i tryed to create another VLAN 4091 on the ix1 assigned to an interface called FIBERLINKUP and then i bridged LAN e FIBERLINKUP together.
I've created a firewall rule for the FIBERLINKUP interface to allow any coming connection from FIBERLINKUP to any destination.After that if i try to use my SFP i'm not able to receive an ip from the LAN dhcp.
any advice to use the SFP port as uplink to propagate my LAN?
Thx
-
It is possible to do this but strongly not recommended due to the overhead of bridging all the traffic and various quirks you will encounter trying use a bridge as a switch.
Do you see the ix port linked correctly?
Have you set the ports where you're testing this from on the external switch as access for VLAN 4091?
Do you see blocked traffic in the firewall log?
Are the bridge sysctls still set at their defaults?
https://docs.netgate.com/pfsense/en/latest/bridges/firewall.htmlSteve
-
@stephenw10 Thanks for the very useful reply unfortunately when i bought the appliance i wrongly assumed that all ports including the SFP were part of the switch and never questioned it until i went to use them.
Unfortunately I am forced to use the bridging because I need to get the 2.5Gigabit +1 gigabit FTTH connections to the part of the LAN that is on my 10G switch.I see the ix port linked correctly but i was having problem receive an ip from the LAN dhcp through the SFP and the bridge sysctls still at default so i need to change it.
I have to create a secondary VLAN4091 also for the ix port or i need just to bridge the ix0 to the LAN with his phisical address ?
This is my first appliance using pfSense and i'm loving it.
I will try setting correctly the bridge sysctls and i will let you know :)
This is what i tryed but i can't get an ip from the dhcp server
I would like the LAN DHCP server to give IPs also to the SFP port
Claudio
-
You should be able to bridge just LAN VLAN with ixl0 directly however I would not because doing so would prevent you adding any VLANs to ixl0.
What you have set there should work as long as you have firewall rules to pass traffic. You might want to consider moving the LAN to the bridge itself instead though. That way you can switch the firewall rules to the bridge interface and the dhcp server will be valid equally for both bridge interfaces.
I note you're using ixl0 so that's an expansion card and not the on-board SFP+ port. Did you mean to use ix0 there?
Steve
-
@stephenw10 ix0 is my FTTH connection and for the uplink i was trying on ix1 and on the dual 10G extension card that i have, i can use ix1, ixl0 or ixl1 for the uplink, this ports are free.
So you say i should create a new interface for the "vlan 4091 on lagg0", bridge that with ixl0 and put the bridge on the LAN interface in order to have the dhcp server to provide ip for both and the firewall rules will be ok. did I understand correctly?
thanks for your help.
-
For ease of reading the config and understanding what's happening I would create a VLAN 4091 interface on ix1 and then bridge that with the existing VLAN 4091 on lagg0.
That does mea you need to handle the vlan in the external switch but I would take that just to keep LAN the same throughout.Then I would re-assign LAN as the bridge and move the filtering onto it so you only have to filter in one place.
However if there's any way you can avoid bridging VLANs I would do that.
Steve
