LAGG and VPNs
-
I have now assigned LAN to lagg0 and it has the right ip address of 192.168.0.1 but the link is obviously down due to the LAG not working
-
looking at the log i get:-
Aug 25 21:31:30 check_reload_status 420 Reloading filter
Aug 25 21:31:30 check_reload_status 420 Linkup starting igb2
Aug 25 21:31:30 kernel igb2: link state changed to DOWN
Aug 25 21:31:30 check_reload_status 420 Reloading filter
Aug 25 21:31:30 check_reload_status 420 Linkup starting igb3
Aug 25 21:31:30 kernel igb3: link state changed to DOWNSo it looks as though pfsense is starting the LAGG but it is shutting down straight away, presumably because the interfaces do not match somehow!
-
Hi,
No idea what I have done but the LAG is now up but running at 100M not 1G. It looks as though flow control has been disabled for some reason, even though it is enabled on the switch?
-
Can't seem to get the LAG to run at 1G.
However, although there is a LAG set up between the 1st switch and the 2nd switch which has a connection if I plug a laptop directly into switch 2 port on DHCP it does not get an ip address on any port, although the server which is connected to switch 2 on a separate LAG does! Clearly there is an issue with VLANs but they are all set up as per the guides with DHCP servers assigned and firewall rules set for all access.
I can ping all the dhcp servers from switch 1
-
Hmm, odd that the links still only come up as 100M.
If you can pull a lease on a client at switch 2 there must be a problem with the VLAN config on the link between the switches. or on Switch2 directly.
-
It is only the link from router to switch 1 that is 100M. The link from switch 1 to switch 2 is 1G as it always has been, no config changes have been done in switch 2. The VLANs in pfsense are the same as the existing ones in switch 2 but not sure why the NAS can be accessed (LAG on switch 2 to NAS) but no other client as VLANSs in pf sense are set up the same way. Unless it is the fact that the NAS is on a trunk (ie the LAG)??
-
A trunk would usually imply a link carrying multiple VLANs. If the NAS is on one or more VLANs dircetly then that could be different to any other clients which likely are using access ports (untagged).
But I would be trying to solve the 100M link negotiation problem. A lagg of two 100M links is of questionable benefit IMO. The fact that is behaving oddly implies other unexpected behaviour could be related.
-
The NAS was intended to be accessible from at least a couple of VLANs so that may explain that. However, the remaining VLANs should be on their own, which is why they are down as 'access' rather than 'trunk' I assume. I would have thought pfsense would still handle that though.
-
Sure if all the vlans are configured correctly pfSense will route between them.
But if the NAS is multihomed on several VLANs directly and you are able to reach it but not untagged clients that implies a VLAN error somewhere. -
AS nothing has changed on switch 2 where all these are connected and I can connect to them currently i.e through the Draytek router, then when I replace the Draytek with pfsense does that not imply the issue is somewhere in the pfsense vlan config rather than the switch?
-
Also, is there a way to get to the port details of the NICs that are used in the pfsense box as I think I've been through every conceivable config on the switch to solve the 100M LAG speed issue. Was going to try and force the speed of both the switch and pfsense NIC port to 1000M
-
If you run
ifconfig -vvvmayou will see the full status of all the NICs and interfaces.I agree it seems unlikely that the switch config would be wrong if it worked previously. I would be running pcaps to see what's actually on the wire.
I would also try connecting to the switch without a lagg configured to rule that out.
-
cheers, I'll go and have another play with it!
-
I used ifconfig -vvma and got the following:-
igb2: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4e100bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP> capabilities=4f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP> ether 98:b7:85:00:fd:44 media: Ethernet autoselect status: no carrier supported media: media autoselect media 1000baseT media 1000baseT mediaopt full-duplex media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> igb3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4e100bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP> capabilities=4f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP> ether 98:b7:85:00:fd:44 hwaddr 98:b7:85:00:fd:45 media: Ethernet autoselect status: no carrier supported media: media autoselect media 1000baseT media 1000baseT mediaopt full-duplex media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>Note : I have set the LAG at 1000M to try but it causes it to fail.
I notice that there is no option to set igb2 & igb3 speeds to 1000M, at least not whilst they are in the LAG or is there?
-
The interfaces in the LAGG should inherit settings if you set it. That output above show those links are not linked at all though, were they even connected?
-
so I will need to delete the LAGG and set both interfaces to 1000M manually and then re-create the LAGG.
The LAGG was working but it always syncs to 100M. It is currently failed because I have set the switch manually to 1000M for those ports - something Draytek tech support asked me to try
-
It should inherit that setting from lagg0 but it's set as autoselect there.
Unconfiguring the lagg and then configuring it again would be no change. It is possible to make changes to links in a lagg with a manual command that can be run at boot.
As a test just run:
ifconfig igb2 media 1000baseTHowever I would get a single link working at 1G first and then add the lagg back.
-
trying to get a single link but unsuccessful so far!
-
I have now tried every possible combination available to force the port to 1G (no LAG) but unable get it. If I connect the same cable from laptop to pfsense NIC I get 1G so not card or cable. Looks like I will have to go back to draytek to sort it as I'm now out of ideas!
-
What about if you use the em0 NIC?
