Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Changing LAN Interface

    Scheduled Pinned Locked Moved
    General pfSense Questions
    2
    8
    77
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      froussy
      last edited by

      Good day,

      I have a XG-1537 using those interface
      interface.JPG

      Since day 1, I use igb1 (1gb eth port) for my LAN
      I want to change it to ix0, to use the SFP+ port to my LAN switch.

      I'm not sure how to change it..
      But.. is just setting LAN to ix0 and OPT1 as igb1, then apply the setting will to the trick? LAN iface will keep the same IP and all will be "transparent" ?

      thanks

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @froussy
        last edited by

        @froussy I would make sure your connecting from different interface.. For example connect to pfsense from the network ix1 is connected to.

        Or do it from the console.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        F 1 Reply Last reply Reply Quote 0
        • F
          froussy @johnpoz
          last edited by

          @johnpoz I dont have anything connected to ix1, and it's not configured

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @froussy
            last edited by johnpoz

            @froussy well connect something to it and configure it - you clearly have it assigned. That way you can make sure your change of interfaces is working without loosing your connection to the pfsense gui, which would happen if your connected via either lan or opt1 and you switch those interfaces.

            Or you could come in via your wan as well..

            The thing is when moving interfaces around and or setting vlans as another example or really anything that could break the connection your using to make the change is never a good idea.

            This goes for any networking equipment, switch, router, etc. not just pfsense.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            F 1 Reply Last reply Reply Quote 0
            • F
              froussy @johnpoz
              last edited by

              @johnpoz it's disabled. And I cant connect anything to it as it's sfp and dont have anything else than a DAC cable

              From the console, i will just have to reassign and reconfigure the iface?

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @froussy
                last edited by

                @froussy you don't have any other interface you can use other than the ones your trying to switch around? You could do it - but your going to be disconnected.. And then if something goes wrong you might not be able to connect to fix it.

                You can reassign the interfaces via console as well..

                You can for sure it do it.. But you understand the interface your connected to to access the gui (lan) is now going to be a different network, different IP - ie the one you have on 0x1 currently - so you will loose that gui connection the instant you hit apply.. You could then change devices IP to be on that network and everything could be fine.. Or you could find yourself not able to connect.

                Which it is why its a good idea to always be using a different connection then the one(s) your changing ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                F 1 Reply Last reply Reply Quote 0
                • F
                  froussy @johnpoz
                  last edited by

                  @johnpoz I know.. that's what I do normally.

                  my last question.. i have ipsec tunnels to different locations, and from those location I have access to the GUI... can it be considered as another "connection", so if changing the iface fail, i will still be able to access the gui (from remote) ?

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @froussy
                    last edited by johnpoz

                    @froussy yeah as long as you connect in on something other than what is being changed you should be fine - if something goes wrong and your change isn't working you can always switch it back, etc.

                    Over the years I have myself shot myself in the foot a few times, its never fun.. ;)

                    Always give yourself a backup/backout plan.. When doing change on a cisco router or switch that could be problematic etc, always put in a reload command on a timer.. So worse case if goes wrong - it will reboot say in 10 minutes and your back to the start, if your change worked as you expected and all things working you can cancel the reload and save the config, etc.

                    I mean the switch/router rebooting might be a shitty outcome and maybe cause a service interruption, but that is far better than being in a broken config for a length of time until you can get to the site to fix, etc.

                    I mean your switch of interfaces should be no big deal, and work just fine, etc. "But" what if it doesn't and now you can't get in to fix it.. Better safe than sorry..

                    edit: I once getting cocky after so many eventless upgrades - had just clicked upgrade on a one of the old 2440 netgate boxes while home after work because figured hey nobody is there so they won't notice the few minutes of down time while it upgraded... Well it never came back and had to go into the office early to fix it. Only took a few minutes to restore and get the upgrade done when I was there.. And that was always my back up plan in case of disaster.. But this is why during covid and locked out of the office I didn't upgrade anything remotely ;) heheh

                    Better safe than sorry is good motto to live by ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 1
                    • First post
                      Last post