How to tag interface SFP+ ix0 on an XG-7100

stephenw10

The problem here is you're trying to use router interfaces as switch ports. The only way you can do that is to re-create most of the switch functionality using bridging. But a bridge is not a switch and you can only do so much with them.
You should have one VLAN trunk between the router and a core switch and other switches connected to that. That trunk could be a lagg of both 10G ports. It could be a cross-chassis lagg at the other end to two stacked switches.

The only real reason to bridge interfaces like that is to filter traffic between two segments of the same subnet. But I don't think you're doing that?

Steve

12022804

@stephenw10 I'd like to traffic flow within same subnet between interfaces, no need to filter same subnet in different segments. Just like VLANs works. Filter only when traffic leaves/enters to/from different subnet, as firewalls routers do.

I thought that just bridging between eg IXL0/1 interfaces acts like L2 LAN segment, a broadcast domain. But doing this eats resources of the device, it's not recommended?

So XG7100 device is not for switching.

I need to rethink and replan my IP/VLAN to suit for this device and buy some hw switches.

stephenw10

@12022804 said in How to tag interface SFP+ ix0 on an XG-7100:

I'd like to traffic flow within same subnet between interfaces, no need to filter same subnet in different segments. Just like VLANs works. Filter only when traffic leaves/enters to/from different subnet, as firewalls routers do.

That's what switches do not routers.

The only way to do that in pfSense is to bridge the interfaces with everything that brings in.

The situation is more complex in the 7100 that other pfSense installs because it does in fact contain a switch. If you wanted to do that with two of the Eth ports you can do so entirely within the switch config. But the SFP ports are not part of the switch, they are discrete router interfaces.

You don't necessarily need any additional switches. Just designate one the core and attached the other switches to it. You may have a physical install restriction that comes into play of course. And that also introduces an additional single point of failure if they are not stacked switches.

Steve

12022804

@stephenw10 said in How to tag interface SFP+ ix0 on an XG-7100:

The situation is more complex in the 7100 that other pfSense installs because it does in fact contain a switch.

Yes, leaving out the most capable interfaces! I'm not sure how good idea partial switch is, but maybe there is a very good hardware based reason to do that. At the customer point of view, feels like I'm fooled with VLAN capabilities of XG-7100.

Need to rethink and replan network to fit for this device and there are multiple ways to do it, won't be that big problem.

Thank you for your answers and insights.

stephenw10

I'm sorry if the info was confusing. Just for clarification if others are reading this; it's a 1G switch. The 10G ports on the 7100 are discrete router ports and not part of the switch.

Steve

thomas_br

Hi everyone, I have a working configuration in my 7100 using ix0 as trunk to a unifi switch. But now we have added a new unifi switch connected to port ETH4.

My current vlans are:

ix0 (opt13) 4084
ix0 (opt13) 4083
ix0 (opt13) 4082
ix0 (opt13) 4081
ix0 (opt13) 4080

We need the same vlans on our new unifi switch. If I change ix0 to lagg, switch #2 works as expected, but #1 not. And vice-versa. Does anyone know what i'm missing here ?

stephenw10

You can add those VLANs to ix0 but they will not be the same layer2 segment as VLANs on the other switch.

To do that in the 7100 you would need to bridge the VLAN interfaces on each NIC. That is not recommended though.
It would be better to trunk the VLANs between the two switches directly with only one trunk connection to the 7100.

Steve

thomas_br

@stephenw10 Thanks Steve. ix0/lagg Bridge is working as expected, but I'll follow what you said regarding the recommended practices. Thanks

stephenw10

You just bridged ix0 and lagg0 directly? And that passes VLANs between them? I would not expect that to work.

Engmatecadmin

Hallo @stephenw10

I have similar problem with our XG-7100 that the SPF port just doesn't work.
I'm trying to connect 2 XG-7100s together.
I've already tried all the configuration.
VLAN with and without LAGG
both side IP assigned to OPT interface
ping doesn't get through and the interface time is always "no carrier".
SFP ordered directly from Netgate with XG-7100 10Gtek ASF85-24-x2-D
What is the reason, what am I doing wrong?

Best Regards
Szabo

stephenw10

What do you see from: ifconfig -vvm ix0 on each side? Assuming you're using ix0 that is.