Failover Switches using LAGG on PFsense
-
Hi,
I am trying to configure 2 Powerconnect N3048 in HA from pfsense. My thought was that I would be able to LAGG LACP 2 ports from the pfsense and connect them to 1 port on each switch. Does this sound correct?
-
You may be able to do that is the switches are stacked. It really depends how they are configured.
https://doc.pfsense.org/index.php/LAGG_Interfaces#Usage_with_Multiple_Switches
Steve
-
The doc doesn’t really explain what I need on the switch side. If I stack the switches, if the master went down, wouldn’t the slave also be unavailable?
-
If you stack the switches and, say, the power supply fails on one the other would remain powered and the LAGG should start using that.
Really it depends entirely on how the switches are configured or what they're capable of and I've never used that switch so I can't comment there specifically.
Steve
-
If you stack the switches and, say, the power supply fails on one the other would remain powered and the LAGG should start using that.
Really it depends entirely on how the switches are configured or what they're capable of and I've never used that switch so I can't comment there specifically.
Steve
That makes sense, so it sounds like I need to stack the switches first and then configure 1 port from each switch in a LAGG and also configure the each port going from the pfsense to the switch in LAGG as well.
-
Yes, that's what I would expect.
Steve
-
In general, yes. All of your concerns really depend on what your specific switches do in that case.
Most of my work in that area has been done with Brocade ICX switches. In that case if a stack member was lost the whole stack rebooted without that member active unless hitless failover was enabled and had a couple of minutes to sync.
Your switch is probably completely different.
Switch>sh stack
T=845d42m45.2: alone: standalone, D: dynamic cfg, S: static
ID Type Role Mac Address Pri State Comment
1 S ICX6430-24 active cc4e.24b3.68b8 128 local Ready
2 S ICX6430-24 standby cc4e.24b3.6978 0 remote Readyactive standby
+–-+ +---+
=2/3| 1 |2/1==2/3| 2 |2/1=
| +---+ +---+ |
| |
|------------------------|
Standby u2 - protocols ready, can failover
Current stack management MAC is cc4e.24b3.68b8
Switch>sh lag
Total number of LAGs: 2
Total number of deployed LAGs: 2
Total number of trunks created:2 (27 available)
LACP System Priority / ID: 1 / cc4e.24b3.68b8
LACP Long timeout: 90, default: 90
LACP Short timeout: 3, default: 3=== LAG "Management" ID 81 (dynamic Deployed) ===
LAG Configuration:
Ports: e 1/1/14 e 2/1/14
Port Count: 2
Primary Port: 1/1/14
Trunk Type: hash-based
LACP Key: 20081
Deployment: HW Trunk ID 1
Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name
1/1/14 Up Forward Full 1G 81 No 81 0 cc4e.24b3.68c5 NAS_LAGG0
2/1/14 Up Forward Full 1G 81 No 81 0 cc4e.24b3.68c5 NAS_LAGG1Port [Sys P] [Port P] [ Key ] [Act][Tio][Agg][Syn][Col][Dis][Def][Exp][Ope]
1/1/14 1 1 20081 Yes L Agg Syn Col Dis No No Ope
2/1/14 1 1 20081 Yes L Agg Syn Col Dis No No OpePartner Info and PDU Statistics
Port Partner Partner LACP LACP
System MAC Key Rx Count Tx Count
1/1/14 0cc4.7a47.7be2 203 2404227 2427495
2/1/14 0cc4.7a47.7be2 203 2404222 2427495 -
I assume you are referring to the Dell N3000 series switches here.
In that case, you can do a cross-switch LAGG if you fulfill either of the following 2 configurations on your switches:
-
You have the 2 switches configured in a MLAG and the Port-channel for the LACP ports is configured properly for your MLAG domain. I recommend using the 10GbE SFP+ ports on the front for MLAG configuration.
-
You are not using the MLAG but have the switches configured in a stack using the dedicated Mini-SAS Stacking ports on the rear of the units.
-
-
So they support some form of Multi-Chassis Trunking (MCT) via this MLAG it sounds like. That should also work.
-
I assume you are referring to the Dell N3000 series switches here.
In that case, you can do a cross-switch LAGG if you fulfill either of the following 2 configurations on your switches:
-
You have the 2 switches configured in a MLAG and the Port-channel for the LACP ports is configured properly for your MLAG domain. I recommend using the 10GbE SFP+ ports on the front for MLAG configuration.
-
You are not using the MLAG but have the switches configured in a stack using the dedicated Mini-SAS Stacking ports on the rear of the units.
So it sounds like the following configuration would work:
Connect 2 SFP+ ports from the firewall to 1 SFP+ port on each switch
Configure the 2 SFP+ ports on the pfsense to LACP LAGG
Configure the SFP+ port on each switch to MLAGNo stacking necessary?
-
-
Completely up to your switches. pfSense LACP will not care.