from APU2 to XG-7100 1U
-
For a customer I ordered a XG-7100 1U and now try to prepare the migration steps.
The old hardware is a PCengines APU2 with 3x 1GB/s NICs (igb0/1/2) and we run around 10 VLANs right now. We run MultiWAN with 2 upstream providers, and several OpenVPN servers.
I plan to use 2 of the gigabit (copper) interfaces for the 2 WAN-connections, and one of the SFP+ ports to connect to a central 10G aggregation switch (via DAC).
So I wonder:
If I export/import the existing config, should I do some editing before import maybe? I already did that when migrating to SG-3100 for example. Or should the reassigning step at import work in this case? I know of the offer to get the config converted by the netgate support, yes.
I might have to use a gigabit NIC as trunk in a first step (while waiting for an additional fibre strand to be deployed): the GUI only lets me create 2 separate entries for one VLAN-ID, one per interface. I assume it is no problem to tag VLANs on both gigabit and SFP+ ports?
Could someone post or point me to a default config.xml for the XG-7100 1U so I can have a look already? Otherwise I just wait for the appliance to arrive and have a look.
thanks.
-
@sgw Factory default the XG-7100 and then backup its config. Use that to add in and change the config for the APU2 accordingly. Then, import that config into the XG-7100.
It will take a bit of work, but I had to do this for our old FW that wasn't a Netgate product. The XG-7100 is a great piece, but get your head around the internal switch layout and its VLAN stuff.
-
We can adapt that config for you if you open a ticket: https://go.netgate.com/
Of course if you understand the issues there and make the changes yourself you will be better equipped to deal with any issues.
https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100-1u/configuring-the-switch-ports.htmlSteve
-
@stephenw10 said in from APU2 to XG-7100 1U:
We can adapt that config for you if you open a ticket: https://go.netgate.com/
Can't beat a bit of help from Netgate.
-
@stephenw10 said in from APU2 to XG-7100 1U:
We can adapt that config for you if you open a ticket: https://go.netgate.com/
Of course if you understand the issues there and make the changes yourself you will be better equipped to deal with any issues.
https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100-1u/configuring-the-switch-ports.htmlI will see how far I get ;-) thanks, Stefan
-
Received the hardware right now. Upgraded to 21.02p1, exported config after reboot and now I start setting up things. Looking forward ;-)
I want 2x WAN on ETH1 and ETH2, and a trunk for LAN and the VLANs on ix1, just for reference.
-
took me a few runs to get my edited config right.
Don't forget laggs, vlans, switches etc ... took a while.Now it looks good, and I have the VLANs on the LAN gigabit interface.
In a second step this trunk should be on one SFP+ port (and connect to another switch via Bidi module).
Can I have the same VLAN-IDs on 2 interfaces? I exported interfaces via yml, copied and edited the definitions and reimported. I assume I could edit the "<if>" lines and be done?
-
I understand that the VLANs should only be on one interface in the end ... the switch below is better at distributing the packets.
It's just temporary for deployment, I maybe won't have fiber from the start there. -
So far it looks good to me, soon I will replace the hardware on site and see what I missed ;-)
non-hw-q here: I couldn't find something like GVRP in pfsense, right?
Currently I have to maintain the VLANs in multiple places. Not so bad, as they will be rather static from now on .. just wondering if I could implement something more clever. -
You can have the same VLAN ID on multiple interfaces but they will be separate interfaces in pfSense. Not the same VLAN.
No, GVRP is not in pfSense.
Steve
-
@stephenw10 thank you.
I thought of using some ETH port as dedicated untagged port in a management VLAN but that seems not to work as intended as I understand.OK: use the next switch for that, I understand. I will see this afternoon if my setup works.
