Dual WAN Setup on XG-7100
-
Hello all. I am attempting to setup my XG-7100 for load balancing. I want ETH1 to be WAN A and ETH2 to be WAN B. I have ETH1 setup, that's easy. However, ETH2, I have no clue how to set it up. Right now, I have the default VLANs 4090 and 4091 (ETH2 is in 4091). I had assumed I could remove ETH2 and then go to Interface Assignments and add ETH2 that way and then setup the gateway group, however, I was incorrect. I'm at a loss here, any help would be appreciated. Thank you.
-
Hello,
I also encountered this problem but I succed to set up the Dual WAN.
Here (http://naalpv.tk/memo/2018/08/24/pfsense-configuration-dual-wan-avec-xg-7100/) you will find the configuration steps I made.
Thank you. -
Check out https://www.youtube.com/watch?v=NgRy14rYhV8 -- Last month for the hangout I walked through how to configure the switch for separate ports like you're after.
-
@jimp this was perfect, thank you!
-
@ragnarxyz could you give your insight on how you have accomplished to have the second wan up and working?
-
You need to separate your switch Port(s) first: https://www.netgate.com/resources/videos/configuring-netgate-appliance-integrated-switches-on-pfsense-244.html
After that it is the default pfSense MultiWAN Configuration:
https://www.netgate.com/docs/pfsense/routing/multi-wan.html
https://www.netgate.com/docs/pfsense/book/multiwan/index.html
https://www.netgate.com/resources/videos/multi-wan-on-pfsense-23.html-Rico
-
@rico thanks a lot!
-
I have the same problem as well. I tried dual wan being wan (default 4090) as the first wan connection, and for the second wan I created another vlan 4092 and assigned port members 2,9t,10t, and removed port 2 from vlan 4091.
Then enabled the interface , setup rules, add gateway groups. and it did not work. The second wan connection is offline ..not sure why ... see my configs below
any suggestions ?
-
What we can see looks correct. We don't see the vlan 4092 interface setup.
The gateway IP (which looks like a private IP that doesn't need to be obscured) might not respond to pings. Can you ping out to some public IP choosing that WAN as source?
Steve
-
Thanks stephew10 for your reply. Now that I manually set it the Monitro IP for second wan connection (ocean link) the status is still offline while RTT, RTTsd , and Loss values some activities going on.
For the second WAN connection my ISP has assigned me private , and I already made request for my truly public IP.
So having the true public will solve the issue ?
-
Show your WAN Interface configuration via screenshots.
-Rico
-
What is the Oceanlink WAN, what tyep of connection. You are showing zero packet loss but 650ms lattency.
If it's some sort of wireless link you might just need to tune the monitoring parameters to match it.
Steve
-
It is a wireless link to our ISP here , about 100 meters away from our office. I think there is another issue , ISP block ICMP protocol , and the ping to the oceanlink gateway blocked , and I asked them last yesterday to allow ping and they did. I checked this morning in pfsense Status->Gateways and there were both online. The 650 ms latency is our normal internet speed from both ISPs here, very slow but we have no choice.
Now that both gateways are online I tested to see if load balance worked by disabling the other gateway (ATHKL) and it did'n work. There are no internet at all. Pfsense did realize that one gateway has gone and jumped to Oceanlink but no internet access.
-
If 650ms is normal for that link then tune the latency values for dpinger by editing the gateway. That way it will only throw an alarm if latency rises unexpectedly high.
How are you using the load-balance gateway? Let's see the rules where that is set.
Steve
-
I use load balance
Floating rules below
Gateway status
-
Hi naalpv
The link did not work. I wonder how you actually did it. Can you fix the link so we can see what configurations you made
-
First Wan connection configurations (default 4090)
Second WAN connection
-
What it that floating rule applied to?
-
floating rules applies to Lan + other vlans created. Beside the floating rules I also set each vlans to use groupgateway instead of the default.
see below for one of the vlans I created
-
Hmm, that floating rule cannot be applied correctly. There are no states and no traffic recorded against it. Instead evetything is hitting the rule on the interface.
However that should work for load-balancing as long as clients are using some DNS server other than Unbound in pfSense.Does it load-balance correct when both WANs are up?
Steve
-
@stephenw10 Are you suggesting to force vlans to use Unbound (pfsense) as the primary DNS and block outside DNS request ?
-
No. I'm saying that if you were doing that then Unbound itself always uses the system default route which will not failover.
But since you're not doing that it shouldn't be a problem.I think you need to confirm both WANs are in fact working. Make sure you can ping out of both from Diag > Ping.
Set a policy route for just WAN2 for one test client IP in LAN and make sure that can still get out and is in fact using WAN2.
Steve
-
Hi
did you manage to setup dual WAN on XG-7100 ? I have not been able to do dual wan setup and I'm about to throw away my new xg-7100 box and switch back to dell server which have 5 physical interfaces since it is my easier to do on it than XG-7100.If you did can you kindly share your knowledge on this ?
I try this link and it brings me to another side ...
http://naalpv.tk/memo/2018/08/24/pfsense-configuration-dual-wan-avec-xg-7100
-
Ragnar has not logged in since Aug 2018 so I think you may be waiting a while!
What part are you stuck on? What's not working?
Did you get the gateway monitoring tuned so both gateways show as on-line?
The XG-7100 part of the config you already had correct. It was the gateway failover part that was working. It would be no better on other harwdare.
Steve
-
Hey! Sorry for not logging in for so long... :) @wintok and @stephenw10
So, yes I did get this running. I had 1gb up/down fiber and 1 gb/40mb up/down cable with failover running.
I've since (sadly) got rid of the cable line so I no longer have 2 WAN connections, however I'm pretty sure that I did not change the config. If you need updates @wintok I'll get some updated screenshots and post them. LMK
-
@stephenw10
I have not given up completely on XG-7100. I did manage to setup dual wan config successfully during the week-end.Happy to share with you guys if you need it.
-
Good to hear.
-
@wintok Can you share with me the configuration of the dual wan on the xg-7100?
I am getting mad with the marvel chip.Best Rehards Tim
-
What problem are you seeing?
Trying to setup a seconds WAN port on the switch?
Steve
-
Yes need to setup 3 additional WAN Ports (totally 4 WAN and 2 LAN Ports) for a fallback and smart rooting.
-
@stephenw10 Forgot to reply direct to you.
Yes I want to setup additional WAN ports on the switch. -
Ok, so, in summary, you need to:
Add a new VLAN on lagg0 from Interfaces > Assign to use as WAN2 for example 4092
Configure the switch to use that new VLAN. You can use the default WAN (4090) as an example here.
On the Switch > Ports tab chage the PVID of the port you want to use to the new ID, for example 4092.
On the Switch > VLAN tab add a new VLAN group with the new ID (4092).
Add to it the port you want to use as untagged and 9 & 10 as tagged.Remove the port you;re using from the LAN vlan group (4091).
We did a hangout on this with a lot more detail:
https://youtu.be/NgRy14rYhV8Steve
-
@Timbobx
Hi TimboxI use ports ETH1 (primary) and ETH2 (secondary) for WAN connections. First you need to change Port VID of the Port (in my case ETH2) for your secondary WAN connection. The default Port VID is 4091 and I changed to 4092. It's editable , double click , change , click and hit save. [Interfaces->Switch->System->Ports]
For the next part you need to add your VLANs and add members [Interfaces->Switch->System->VLANs]
Add port 2 (untagged) and port 9 and 10 both as tagged members above. Incase If you need to compare the configuration for the primary WAN see below. It has members port 1 (untagged) and 9 and 10 both as tagged memebers.
When you finish the above configuration next you need to your configure VLANs again but this time you add your vlan 4092 and choose your parent interface.
[Interfaces->Assingments->VLANs]
For Parent interface choose lagg0 for VLAN Tag enter 4092 and VLAN Priority leave as 0 and for description give wan2 for instance (in my case ATHKL) and Hit save
At this stage the new interface is now ready to be configured
Interfaces->Assingments->Interface Assingments
Click on new interface see below and configure its ip settings.
Your second WAN should be up and running if follow the instructions correctly. You might also might need to configure WAN fail over to utilize the two connections ....
-
@stephenw10 said in Dual WAN Setup on XG-7100:
4092
@wintokThanks! For the work/ documentation.
My open questions is, where can I change the MAC-Adresses of the interfaces. I need different MAC-Addresses on each interface. I have an ISP with lines of 1000 MBit. But the ISP is sending me 3 times the same IP because on 3 ports I have the same MAC-Adddress. And I cannot find a place where I can change it on the parent interface.
Example WAN2 VLAN 4083 on ETH3
has lagg0 as parent device.
Like WAN3 VLAN 4084 on ETH4 and
like WAN4 VLAN 4085 on ETH5
What did I wrong?
Best Regards Tim
-
That's a problem.
The VLAN interface inherits it's MAC address from the parent interface and all those VLANs are on the same parent, lagg0.
It's possible to separate the lagg interface and usr the two ix NICs are parent to give two MAC addresses.It's a horrible hack but you may be able to create a single interface bridge where you can spoof the MAC to give 3 total.
Really though you should have the expansion card to use 4 discrete NICs for that.
Steve
