WAn on VLAN on LAGG
-
As I am new to Pfsense and I am trying to understand it…
I have a pfsense box with four nics.
Is it possible to put all the interfaces in a lagg.
And then create some whatever VLANS and one vlan for the WAN (say id 4000).One port on the switch mapped to vlan 4000, which is connected to the fiber converter.
It looks in the configuration that it should work, but does it?
Any drawbacks?The speed of the internet connection is only 30/30 Mbps.
-
might be possible, be sure to have physical access in case it goes wrong
-
Well, :), the box is not in production yet!
But I was a little bit stupid and added three interfaces for the lagg0, but then pfsense crashes. It looks that it must have an even number of interfaces I wanted one for the emergency access…
But it works like charm with two interfaces in the lagg! 8) COOL! And it will probably make life easier for me later on!
-
I did some modifications yesterday, and now I can't get it working again…
WAN interface is trying to get an IP-address, The discover package is recieved by the DHCP-server and an offer is sent back.
It looks like something is recieved on lagg0 and blocked...
Hmm, the discover is sent on lagg0_vlan4000, but looking in the firewall log there is a packet from the dhcp server blocked on lagg0.
Then there must be something mal configured in the switch, or ?
If I reconfigure enough times, I will probably learn how to do it! ;D
-
Oh yes, it was the switch.
I think I know why it is working now :)
I also managed to make a LAN-VLAN! 8)
Works like charm!Still one problem, I cannot get the lagg working with more than two physical interfaces.
I thought first it was a problem with an odd number of interfaces, but pfsense crashes and reboots with more than two.Someone else that knows about this?
-
Any combination of the interfaces (igb0, igb1, igb2, igb3) can be used as long as it is only two involved.
Three or four makes a crash on pfsense.I downloaded a backup an modified it, so the lagg0 contains all nics. Then on the console lan seems ok, but not the wan.
But, i can not reach the box at all.
According to FreeBSD documentation this should work. -
There is no interface limit on LAGG members. Certainly not two.
What kind of LAGG? What, exactly are you doing when it crashes?
Please describe "crash" does it panic? Do you just get locked out?
-
I edit the lagg0 and marking the two remaining parent interfaces (so all four is marked).
Then saving it.I have a monitor connected directly to the box, and there is a lot of messages. then it reboots.
When booted up the old configuration is used, and when I log in there is a message of a crash report which I have uploaded.The machine is a Supermicro A1SRi-2758F with 16GB ram.
-
Forgot,
Version is:
2.3.3-RELEASE-p1 (amd64)
built on Thu Mar 09 07:17:41 CST 2017
FreeBSD 10.3-RELEASE-p17 -
What kind of LAGG?
-
Lagg is LACP.
Now I see some differens in behaivour since I loaded the modified config.
On the console I am getting several "arprequest: cannot find matching address" and it does not reboot.Then the I have:
WAN (wan) -> lagg0_vlan4000 -> LAN (lan) -> lagg0_vlan100 -> v4: 192.168.1.196/24But I cannot access the box at all.
-
Nowhere close to enough information to help you.
Specifics. What address are you trying to access the firewall from? Can that host reach other nodes on VLAN 100? Should the VLAN 4000 interface have an address? If it doesn't why not?
I would suspect your switch isn't properly configured.
What, exactly, does "cannot access the box at all" mean? Specifics, man. source/dest addresses, what you're actually trying to do.
-
Thank you for being patient with me!
I think the switch is working, but I reconfigerd it anyway, discovered that two of the ports I used
was 10/100/1000 and the other two was 10/100.But no difference.
So I started to check again which combinations worked.
igb0, igb1 => worked
igb0, igb2 => Not working
igb0, igb3 => workedAny combination with with igb2 did not work.
I tried with igb0, igb1, igb3 and it worked!
Then I added igb2, and now it is WORKING :o :o without reboot!
And it is working after a reboot! :) :)
All together it is a bit odd. I will, when I get the time, install from scratch and see if it is the same.
But in all, in the beginning pfsense was a little bit strange, but playing around with it for some weeks, I do really like it!
I really love some features!
I don't know why I was stucked for so long with Smootwall… Probably because it just was running and running and running!Have a really nice ester weekend!
