XG-7100 Configuration



  • I recently purchased an XG-7100 1U after an older server that was running pfSense died. I am having trouble migrating the configuration due to the interface assignments. I have 2 Linksys SGE-2100 (24-port) switches. I had a LAGG0 setup from the switches to the router to maximize bandwidth. I am a bit confused by this internal switch and want to make sure I am maximizing throughput. This switches only have an SFP port, not an SFP+ port. Did I need to also purchase the optional NIC addon? The switches are layer 3 and do all of the VLAN management. Thank you for your help.


  • Netgate Administrator

    How was it connected to the old router? What have you tried so far?

    There's a good chance that would just work with the ix ports on the XG-7100. You may need to set the link speed and duplex specifically.

    You can order an expansion card separately. It comes with the riser and fixing hardware if you do. I don't think there's an item for it in the store, probably better to call our sales guys directly if you need to get one.

    Steve



  • Hi Steve,

    I have a temporary setup in place now, and I am waiting to migrate until I have some confidence in the setup. The old setup had 4 ports. The first port was connected to WAN. The last 3 were connected to the switch and setup as a load balanced LAGG. The switch is throwing me for a loop and I want to make sure I am taking full advantage of the powerful hardware I have purchased.

    Thank you,
    Joseph


  • Netgate Administrator

    If the switches are layer 3 and doing all the routing between VLANs then the link to the firewall is only carrying traffic to or from the WAN. As such you don't need more than a 2 way LAGG for redundancy only.
    Was the previous connection using SFP ports at both ends? DAC cables?

    If you are able to the first thing I would do is connect one of the ix ports to the switch and test to see if it can link with the hardware you have. You can assign/enable one of the ports and leave the IPv4 type as 'none' that way it won't interfere with anything you have in place.

    Steve



  • Hi Steve,

    I am a novice at this, so please bear with me. Looking into this further, I likely have the switches configured as a combination of layer 2 and 3. VLAN traffic is being routed within the switches but I had the LAGG setup as a trunk back to pfSense over three standard Ethernet cables. I am using the SFP ports to connect the two switches together. I am also trying to take this opportunity to ensure I have configured everything in the best way possible. Should I instead be looking to connect the router to the switch using SFP, even if I can only run it at 1 gbps?

    Thank you,
    Joseph


  • Netgate Administrator

    If you want to do use an LACP LAGG to the router it will need to be over the SFP connections or using an expansion card. The switched ports cannot do LACP.

    If you have SFP ports available I would use that unless you have a separate need for >1Gb connections for something.

    Steve



  • Is this the best way to set this up? Do I just have way too much going back to the router and should be utilizing the layer 3 capabilities of the switches?


  • Netgate Administrator

    Well I can't say how much you have going back to the router at this point. That's what layer 3 switches do best but it's not necessarily a problem to router between the VLANs in pfSense. It gives you more control over the traffic in most cases.

    It really depends what sort of filtering between the VLANs you need.

    Steve



  • After doing a bit more homework, I have the switches configured as layer 2 with all the traffic going back to pfSense. I was having issues with throughput when doing this which I why I had to set up a LAGG interface to provide additional bandwidth. The filtering I am doing between VLAN's isn't significant. Mostly, it is isolating VLAN's from each other. I think I could handle the few cases of filter using an ACL in the switch. Assuming I go that route, how would I ensure all the traffic that needs to get to the WAN, gets there? How many connections would be needed to the switch to ensure enough bandwidth is available? How would these typically be connected to L2/L3 switches? Thank you for all your help!


  • Netgate Administrator

    If you are only routing between WAN and the internal subnets at the firewall then it only ever carries the WAN bandwidth which I assume is 1Gbpb or likely a lot less. So the minimum you need is a single 1Gb connection. However that provides no redundancy which is trivial to add if you have ports spare via a LAGG. That also gives more bandwidth available should you ever require routing between internal subnets at the firewall.
    I would use a two way LAGG between the firewall and switches here.

    Steve



  • Hi Steve,

    Assuming I am not going to use the SFP+ ports, could I accomplish a two-way LAGG with the XG-7100 switch ports?

    Thank you,
    Joseph


  • Netgate Administrator

    Only using 'loadbalace' lagg. The internal switch cannot, currently, do LACP. You other switches may well not support loadbalance as a lagg type.

    Unless you need the SFP+ ports for something else, like a 10G link, I would use them to connect to the switches as an LACP lagg. That is assuming they will link with the hardware you have.

    Steve



  • Thank you for your help Steve! I'm going to work on the whole setup this weekend.


Log in to reply