• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Initial configuration with LAGG + VLAN interface

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
3 Posts 2 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jim12345
    last edited by Mar 3, 2017, 1:46 PM Mar 3, 2017, 1:43 PM

    Hi everyone, I'm new to working with pfSense but I have had experience with several high-end commercial firewalls.  What I am trying to achieve with this box (NetGate SG-8860 x 2 which I will set up as an HA pair) is to have the following interface setup:

    • WAN == Internet

    • LAN == pfSync

    • OPTn (all of them) combined as a single LAGG (LACP), which I will then use as a trunk port for internal networks

    I'm running 2.3.3-RELEASE.

    My plan was to remove the default IP (192.168.1.1) from the LAN port and then assign (what will eventually be) the management IP to OPT1, gain management of the box over OPT1, and then use the Web GUI to start setting up the rest.  However when I assign an IP to OPT1, I cannot access the Web GUI, it just times out (makes me wonder if firewall policy is blocking it).  Furthermore, after I reboot the box, my IP address on the interface "goes away," i.e., I end up with no IP assigned to OPT1 anymore.

    At that stage I really have not done anything else to the box, i.e., I haven't messed with config.xml or done anything else out of the ordinary, so I don't see why I should lose the interface settings.

    So my questions are:

    • Considering what I'm trying to achieve, am I going about this the wrong way?  Or will I end up with a "chicken-and-egg" situation?

    • How do I "move" the Web GUI over to OPT1?  Do I need to edit config.xml or is there a way to do it with the CLI menu?

    • It doesn't look like the CLI menu offers the ability to set up LAGG interfaces, is that correct?  (I do see VLAN setup.)

    • Why does the IP on OPT1 go away after a reboot, is this a bug?

    Thanks!

    1 Reply Last reply Reply Quote 0
    • G
      gerdesj
      last edited by Mar 3, 2017, 2:51 PM

      By default only the LAN interface has an anti lockout rule for management access.  It might be easier to put a temp IP onto WAN and add a firewall rule on WAN to allow access to WAN IP from any.

      Then fiddle around with optx and LAN (pfsync).  Once you have LAGGs and VLANs setup you can get your self onto the GUI via those and then sort out WAN afterwards.

      pfSense will tolerate quite a lot of messing around with interfaces but you may find a reboot helpful.

      1 Reply Last reply Reply Quote 0
      • J
        jim12345
        last edited by Mar 7, 2017, 12:04 AM

        Thank you!  That got me past the hump I was bumping into.

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received