Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Convert simple WAN/LAN system to WAN/Multi-VLAN-on-LACP

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 653 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gyrotech
      last edited by

      Hi all,

      For quite some time I've had a nice & simple setup of WAN on re0 & LAN on re1 serving a simple network (172.16.1.1/24 no VLAN). I've become a bit more ambitious and want to expand my homelab.

      My goal is to use all 4 of the NICs in the pfSense box:

      • re0 - WAN - DHCP from ISP

      • re1-3 - LAGG (LACP)

      • VLAN 2 on lagg0 - ADMIN - 172.16.2.1/24 - Admin VLAN (Admin + 'private' services)

      • VLAN 4 on lagg0 - HOME - 172.16.4.1/24 - Home VLAN (Authenticated users + 'public' services)

      • VLAN 8 on lagg0 - GUEST - 172.16.8.1/24 - Guest VLAN (Unauthenticated users)

      I started by creating the LAGG with just re2 & re3, thinking I could 'expand' it later when I no longer needed the default LAN interface. I have all the VLANs set up and my switch uses MAC authentication to assign VLANs. Routing acts as I want (GUEST have no access, HOME can access internet, ADMIN can access internet and anything on HOME and GUEST). Nothing now uses the LAN interface on re1.

      The problems started when I tried to de-assign re1 from LAN and add it to the LAGG.

      First, disabling the interface stopped any UPnP rules from working. They still appeared in the UPnP & NAT-PMP status page, but the ports were not open on the WAN side. Re-enabling the LAN interface reverted this.

      Second, when unassigning the re1 interface and adding it to the LAGG, pfSense stops responding on the web interface. Physical console still works and I can ping any external address, but nothing internal (172.16.x.1) from psSense itself. None of the VLANs can route any more either.

      I don't know enough about BSD to even attempt debugging this from the terminal, and when trying to add re1 to the LAGG kills my internet access, it's hard to get on IRC and ask for help! I have to perform a factory reset and start from scratch!

      Any ideas and/or suggestions would be wonderful.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.