XG-7100 redundant connections to external switches

stephenw10

Hmm, I see. That was an old config I have on that box.

Try running at the console after making the change: etherswitchcfg

That will show the current switch settings. Do you see, for example?:

laggroup0:
        members 5,6,9,10
laggroup1:
        members 5,6

There I added ports 5 and 6 to lagg group 1 but they have been added to group 0 also.
If so as a workaround you can set that back to just 9 and 10 using:
etherswitchcfg laggroup0 members 9,10

Steve

dragoangel

@stephenw10 ok, thanks. I will try maybe on monday, and will reply. but if I remove 5,6 ports from lagg0 this will be mean that pfSense can't reach them and clients on 5,6 will doesn't reach pfSense. This will be isolated switch, no?
And if not remove 5,6 from lagg0 before add to lagg1 it will be collizion? That's why my pfSense was sticking previously...

dragoangel

@stephenw10 about that you said:

etherswitchcfg laggroup0 members 9,10

I see that this is a BIG in pfSense Switch WebConfigurator.
Configuring laggs over shell works fine.
I created bugreport about it - hope they will fix it soon, before this I will use shell for it

stephenw10

It is already fixed in 2.5 snapshots if you're able to try those. It was in fact fixed in 2.4.5 snaps too.

Steve

dragoangel

https://redmine.pfsense.org/issues/9447 :( wasted time. Ok. Thanks. I better wait for Stable release. I'm now on Latest Base 2.4.4_2. There is known date of 2.4.5 or 2.5 release?

stephenw10

Not for 2.5 release. I'm not aware of any particular issue with running 2.5 on it currently but things are changing there everyday.

You can set that command to run via the shellcmd package if you wish do you don't have to manually run it boot.
https://docs.netgate.com/pfsense/en/latest/development/executing-commands-at-boot-time.html

Steve

dragoangel

@stephenw10 you mean that etherswitchcfg laggroup1 members 5,6 is not permanent? Ok.

stephenw10

The config is actually correct. The bug is how it gets applied to the switch so when you reboot and that gets applied....

Let me test that quickly...

dragoangel

@stephenw10 yes I test it, on reboot is same as like configuration from Web:
laggroup0:
members 3,4,5,6,9,10
laggroup1:
members 3,4
laggroup2:
members 3,4,5,6
I will wait stable release thanks, topic done

stephenw10

Sorry I was called away. That does work though:

I'll see if we can get a patch you can apply directly to 2.4.4p2 via the patches package. That would be cleaner.

Steve

stephenw10

Ok here's a patch you apply against 2.4.4p2. You can use the system patches package to do it which removes most of the scope for error.

switch_lagg_fix.diff

Steve

Righter

Hmm I not getting running a trunk. (I have applied the patch above on 2.4.4P2)

I have configure on the HPE/Aruba switch side two interfaces:

interface 1/45
   untagged vlan 1
   trunk trk3 trunk

interface 1/46
   untagged vlan 1
   trunk trk3 trunk

and this on the PFSense:

If I connect Eth5 on one of that interfaces it works.
If i connect Eth4 also to the switches, it still works but as soon as I unplug Eth5 my connection to the PF is lost.

etherswtchcfg seems ok:

laggroup0:
	members 9,10
laggroup1:
	members 3,4,5

stephenw10

How is the trunk configured in the HP switch? It must be as load balancing as the 7100 on-board switch is.

Steve

Righter

Hi I've just created a normal trunk without LACP

trunk e 17/18 trk3 trunk

stephenw10

And there is no setting for failover, load-balance etc?

What happens if you connect Eth4 first in your current setup? Or just Eth3?

Do you get traffic over the first connected link that then fails when you disconnect it?

Steve

Righter

@stephenw10
Nope there is only an option if you wish an LACP Trunk or without LACP.
The Trunk and interfaces are always up on the switch and the PF.
But only one interface on the PF is working. Doesn't matter which one I connect first.

If i configure eth 3-5 on the PF in the same LAG, only port 5 is working.
If i configure eth 3-4 on the PF in the same LANG, only port 3 is working.
really strange.

If I ping the firewall i see on the packets counter that the traffic goes and comes from different interfaces in the LAG.

iV1n5

Hi all, do you know if the fix is now part of the current version 2.4.4p3? I'd like to configure something similar but I don't want to mess with the terminal. Thanks.

stephenw10

The fix allowing additional lagg groups to be added should be in p3 yes. If that's what you're referring to.

Steve

iV1n5

hi @stephenw10 , i'm very new to pfsense and negate so sorry if I ask you to repeat it, but starting from the default configuration could you explain to me how I should proceed to create a lagg between 4 ports of the internal switch? Just to give you the full picture, this is what I want to achieve:

ETH1 --> WAN

ETH2, ETH3, ETH4 --> not used for now

ETH5, ETH6, ETH7, ETH8 --> LAGG with interface OPT3

Can I do that with the UI?

Thank you.

stephenw10

You can do that but only using a load-balance type lagg. What ever you are connecting it to has to support that.

You can't access that as a different interface in pfSense. Traffic using that still has to be sent to the internal switch via lagg0.

You should start a different thread for this.

Steve