6100 initial setup problems - enabling DHCP on all 4 LAN ports
-
@stephenw10
ok - so something isn't making sense. What is the order of operations?LAN1 = static IP with the DHCP Server
Setup bridge interface - and added LAN2-4, setting 2 with RSTP, and 3/4 as edge because they will be plugged directly into devices.Save changes - and I find myself back in console to restore settings. because now LAN 1 doesn't work.
I can't be the only person who has wanted to do this, I'm surprised there isn't a here's a step-by-step detailed guide on what to click and when to apply. The online docs are more of an overview. I understand that the firewall has to be set to enable traffic - but seems like I am at chicken/egg crossroads where I can't do the firewall until the bridge is created and when I do that - I get locked out.
-
@Username00 said in 6100 initial setup problems - enabling DHCP on all 4 LAN ports:
So the plan is to have 2 of the ports feed those switches and the other 2 will be used for direct connects to 2 boxes in the rack.
So those two boxes and traffic across the switches will send/receive all traffic through pfSense (software)…?
There’s probably not a guide because it’s usually a poor solution to a problem so few people actually do it. One has to be OK with slower performance to avoid purchasing a 5 or 8 port switch.
-
<rant>
just seems dumb to have to buy another switch because this thing cant use the other 3 ports on a same flat LAN.The device is already overkill for what we need based on the specs, except now it looks like common use case will upend this thing on its back.
Ubiquiti is really dropping the ball on their Edgerouter line, so you have folks like me looking for a comparable replacement. I've got an ER-12 that handles everything and I dont have to jump through hoops to use the LAN ports. If I want to configure them as separate domain ports or VLANs - easy to do.
So here I am wanting to swap it out with a 6100 and when the fix is - buy another switch... that just doesnt sit well and Netgate loses on an easy sell by not saying here... to swap your EdgeRouter out look at the 6100 and because it's more advanced you just have to make these tweaks to swap it out.
If the performance sucks - so be it. All I want to know is can this thing do what I want it to do or not.
</rant>
Thanks for your time. -
@Username00 Oh I get it, I have a 2100 at home and am using the built in switch. Netgate had other models with a switch like the 7100 but I think the 2100 is the only one left. Not sure if that's because people got confused about why their router with all the ports needed VLANs to separate them, or the nuances/differences with HA setups, or what, but it seems like they aren't going to be used going forward AFAICT.
-
@Username00 said in 6100 initial setup problems - enabling DHCP on all 4 LAN ports:
LAN1 = static IP with the DHCP Server
Setup bridge interface - and added LAN2-4, setting 2 with RSTP, and 3/4 as edge because they will be plugged directly into devices.Save changes - and I find myself back in console to restore settings. because now LAN 1 doesn't work.
You are connected via LAN1? And didn't add it to the bridge?
Then just creating that should make no difference because the "LAN" interface is still the LAN1 port (igc0).
However if you now re-assign LAN as bridge0 you will be locked out because the LAN1 port is no longer assigned and the firewall rules are only passing traffic on LAN.
This is why I'm still recommending you first create a management interface using, say, ix2 (WAN2) and make sure you can connect to it before doing anything else.
However I would also:
Leave the bridge STP settings at their defaults.
Add pass all rules to LAN2-4 so you can access those when filtering is on the bridge members.
Assign bridge0 as a new interface first and add pass rules on that. Then swap the assignments on LAN and that new interface (I suggest naming it LAN1) so both have pass rules after it applies.Steve
-
@SteveITS
Ahhhh - see this was my first foray into Netgate territory and saw folks mention Netgate a bunch - looked at the specs - and picked the hardware that was good - but didn't even consider that the software would wrap me around the axle.I'm all for a learning curve - and once I get this all hammered out - I will certainly post a nice neat document so other folks won't have the lumps on my forehead caused by rapid acceleration from either my palm or towards my desk.
-
Something is getting lost in translation here - I understand what you are typing - but it doesn't make sense when I look at the GUI.
I'll take some screenshots and post later - but after I create the bridge - then when you look at the listing of the interfaces - don't you select the LAN1 at the top and then select the bridge interface from the drop down?What do I do after I create the bridge with the 3 ports?
How does the device know that the bridge should get all its info from the /24 and DHCP that's set up on LAN1?
Where and how do you tell the firewall to allow the traffic to pass?
Why is there only a female face palm emoji?!
OK - I'm stepping away and will take another look on Monday with a fresh cup of java. Have a nice weekend and I do appreciate the assistance and your patience thus far.
-
@Username00 said in 6100 initial setup problems - enabling DHCP on all 4 LAN ports:
What do I do after I create the bridge with the 3 ports?
Assign and enable it as a new interface using the
+button. It will probably appear as OPT7. You can rename it.@Username00 said in 6100 initial setup problems - enabling DHCP on all 4 LAN ports:
Where and how do you tell the firewall to allow the traffic to pass?
By default bridge filtering is applied on the member interfaces so if you have not changed make sure you have pass rules on LAN2-4 and the new OPT7 interface in Firewall > Rules.
Now swap the assignments of LAN1 and OPT7 so LAN1 becomes bridge0 and OPT7 becomes igc0. Apply that.
If you are connected via LAN1 at that point you will be disconnected and should move your connection to LAN2.
However I still strongly recommend you setup WAN2 as a mgmt interface and connect to that.Now you can add OPT7 to the bridge so the LAN1 port is also included.
-
I could probably just make you a default config with this already configured?
-
@stephenw10
I do appreciate the offer - but I am a firm believer in teaching vs giving the fish paradigm.AHHHH OK - and I think I see what wasn't clear - creating a NEW interface and assigning the bridge to that - and then you answered my next question which was converting the the WAN2 port to a LAN management one.
I'll get started on this and let you know.
Many thanks!
-
Apologies for the absence - other projects got dumped on me - so now Im back here and I'm still stuck.
Thus far I have the separate interface opt7 as a bridge and lan2-4 assigned to it. the firewall rules on the bridge are the same as what's on lan1 (the default).
also, tried setting up wan2 as management and that's not going anywhere either.
so as it now stands i have 1 working wan and 1 working lan port.
-
How did you setup WAN2?
I would expect to need to:
Set it to a static IP in a new unused subnet.
Enable DHCP on that interface with a pool inside the new subnet.
Add pass firewall rules on the interface.Then you should be able to connect to it directly and access the pfSense GUI.
-
@stephenw10
Well - that's one issue right there - I don't see how to setup DHCP on the WAN interface - only LAN is listed under the DHCP Server options.Well - I'm going back to the defaults again - I suspect something along the way got wrapped around the axle again.
-
The DHCP Server setup only shows interfaces that it can run on which means only those with static IPs. By default WAN2 is configured as dhcp which is why the first step is to set it as static.
-
@stephenw10
Weird - I did that and used a different network... ok - starting from scratch and maybe this time through it will all make sense.So to recap.. from default config...
Interfaces - create bridge group and add lan2-4
create interface (default name is opt7) and assign it to the bridge groupon wan2 - assign static ip / different network / and should then appear as option for dhcp server (change default from /32!!!)
firewall rules - copy LAN to Wan2/Management interfaceSo now - im getting my dhcp ip on the management interface but still unable to go anywhere - what checkbox am i missing now?
-
@Username00 said in 6100 initial setup problems - enabling DHCP on all 4 LAN ports:
firewall rules - copy LAN to Wan2/Management interface
The default LAN rule uses 'LAN subnet' as the source but that's not valid on the WAN2/MGMT interface. So if you just copied it it will not pass traffic. Change it to 'WAN2 subnet' or any.
-
@stephenw10
AHHH - that's what that means!
OK - So now I'm good on Management - now I'm in the process of moving the LAN config over to the LANBridge.And I wound up breaking Management and the bridge..... (that default /32 on static ip got me again)
OK - I figured out via .xml how to migrate my static dhcp reservations from LAN to LANBridge - and now I think I'm good to go.
Holy crap!OK - going to save this config - start from scratch to make sure I didn't miss anything - then hook it up.
Next stop - Wireguard - (but that will be a different thread)
Thanks!
-
If you eventually reassign LAN to bridge0 the static DHCP leases and firewall rules etc would all follow that.
But, yes, it's super easy to get locked out whilst setting up a bridge (ask me how I know!). Having the mgmt interface available to connect to whilst you get the bridge configured makes it much easier.
-
What was interesting was that the dhcp config from LAN did not follow over - but it was still present in the .xml file. So easy enough to copy those entries from <lan> to <opt7>.
Lots of good gotcha items - and will post a nice document here once I've got it all sorted out for others to use.
-
If you had to copy it to opt7 then you had not yet re-assigned lan as the bridge0 interface. Once you do that everythign that was applied to the original LAN interface would apply to the bridge and hence all the bridged interfaces.
