Multi-WAN on a Stick and how to configure?
-
I was reading in the latest pfSense Book that is is possible to configure Multi-WAN on a Stick. So I know it's possible but no configuration example followed. So here's what I tried and it's not working. So any point in the right direction would happen.
My requirement: Configure two Different WAN IP Gateways on the WAN interface of my 4860 and keep them working.
Here's what I've tried:
Configured IP address X.X.X.98/28 on the WAN port of 4860 and configured it's gateway, this will lead to VLAN 80 (ISP#1)
On the 4860, I configured a VLAN 90, then attached it to the WAN port (ISP#2), then on the OPT5 interface renamed to ISP#2, enabled that interface and assigned the IP X.X.X.135/28 from ISP#2 to the interface with a gateway.The 4860 WAN port is plugged into HP 5412zl switch. The port on the switch is configured to be "Untagged" on VLAN 80. ISP#1 remains up; The VLAN 90 gateway goes down. Believing this is a trunking issue as the diagram in the pfSense book points out, I configure the switchport connected (as Tagged) to WAN port on pfSense. When I do so, both ISP gateways go offline.
VLAN 80 and VLAN 90 both can work IF I configure them on the physical interface but that is not my requirement…my requirement is to get the Multi-WAN on a Stick configuration to work.Am I stuck because of pfSense issue or am I stuck because of a switch issue...everything I've tried besides putting the two ISPs on their own physical interface has lead to WAN interfaces as being offline. So any pointers would be of great help. Thanks for any insight into this configuration found in the pfSense Book.
-
I would try creating VLANs 80 and 90 on igb1 then assigning WAN#1 to VLAN 80 on igb1 and WAN#2 to VLAN 90 on igb1.
Tell the switch to tag both VLAN 80 and 90 on the port and connect it to igb1 (WAN). Then put your ISP#1 and ISP#2 modems (making a presumption here) on untagged ports for VLANs 80 and 90 respectively.
Every vendor handles mixing tagged and untagged traffic differently. It sounds like what you have done should work but it doesn't. Don't know enough about your particular switch to tell you what to change there. Probably somehow changing the PVID of that port to be VLAN 80 instead of VLAN 1. I would just tag all the traffic.
-
Thanks for this verification that I'm not trying to do something impossible to do.
I will attempt to do what you recommended and let you know what I find. It may be later this week as the current network is stable with one ISP but we'd like to make sure we have the second ISP available in case of failure.
This is my initial run at using an HP switch after years of using Cisco switches so as confident as I was about being able to figure it out, I'm feeling more lost than I thought I would.
I wouldn't have thought about putting both into vlans and attaching them to the interface. In this configuration then, the actual WAN doesn't need to be assigned an IP only the attached vlan interfaces? thanks for the help!
-
Well, you will still have WAN, you just won't assign igb1 to any pfSense interfaces so untagged traffic on that interface will be dropped. If you look at the interface names you will be using they will be igb1_vlan80 and igb1_vlan90.
