Restore dissimilar hardware backup to 7100
-
Hi everyone,
We've been longtime CE users rolling our own hardware and I recently purchased a couple of 7100-1U's from Netgate. I am running into some issues with configuring the switch and getting the config backup to restore. What I've attempted to do is add a third VLAN 4092 with port 3, 9t, 10t as members to the 7100 default config since we use three physical interfaces (call them WAN, LAN, LAN2). That seems to go okay. Then when I restore the config using the "keep switch configuration" option, I map the interfaces appropriately, but the firewall does not reboot and upon me doing a reboot, I get into a broken state where the interfaces do not seem to come up, no DHCP on the LAN, etc and I have to console in and restore the factory settings and start over. The error I see on the console is "Reloading routing configuration...route: writing to routing socket: Network is unreachable." That appears to repeat three times.
What is the current advice as far as trying to restore a config of dissimilar hardware to a Netgate device with integrated switch? Is it still to do surgery on the backup file before importing? Or is this "preserve switch configuration" option supposed to eliminate the need for that? Hoping to get a reasonable process down so this can be done by us and not need to involve Netgate support each time.
Thanks.
-
@mdomnis My understanding has been that if you reach out to support, they can either help you modify the config.xml file, or they can do it, so you can start using the new hardware.
https://www.netgate.com/tac-support-request
-
Make sure you can access the 7100 using the serial > USB cable before doing this.
1.Setup the 7100 as factory settings and export its config and also export a backup of your existing box.2.Change the network settings in your old config to match the 7100, as they're likely to be different as it uses an internal switch and VLAN setup. Pay attention to anything that mentions networking or ports as these names will be different.
3.Import the config to the 7100. It may work fine or it may fail. If it lets you in on the LAN GUI, you may have to tweak other things and reinstall any missing packages, certs, etc. If it fails or you cannot access the LAN GUI then the config is wrong, restore the 7100 via its previous backup from the serial and start from step 2 above.
-
@mdomnis I did it by configuring the 7100's network as I wanted it, being mindful of adapter names. Then restored the parts of the old config I wanted.
I was able to do it a few times until I got it right then switched which FW was the GW. Almost no network disruption.
Beware that if you put 5 people in a room with this problem you will get at least 6 solutions. -
@mdomnis said in Restore dissimilar hardware backup to 7100:
preserve switch configuration
From https://docs.netgate.com/pfsense/en/latest/backup/restore.html:
"Preserve Switch Configuration
This option is available on Netgate hardware with integrated switches. When set, the current active switch configuration will be copied into the restored configuration, preserving it for later use. This makes it easier to restore a configuration from hardware without an integrated switch.Note
This only copies the integrated switch configuration, and does not copy VLAN or LAGG interface entries which may be relevant to using the switch. This behavior is safer, as the configuration being restored may also contain important configuration data in those areas."As noted above Netgate will convert your config for you with a free ticket, to change ports to VLAN interfaces (to get your LAN2). If you need to replicate that later, you should be able to compare the before and after config files.
(if the old router had just two interfaces one can just restore and choose interfaces)
-
Yeah we can do this for you. However if you want to do it yourself one option I use for a manual conversion is to copy in the config required for 8 individual ports:
<laggs> <lagg> <members>ix2,ix3</members> <descr><![CDATA[UPLINK]]></descr> <laggif>lagg0</laggif> <proto>loadbalance</proto> </lagg> </laggs> <vlans> <vlan> <if>lagg0</if> <tag>4081</tag> <descr><![CDATA[Eth1]]></descr> <vlanif>lagg0.4081</vlanif> </vlan> <vlan> <if>lagg0</if> <tag>4082</tag> <descr><![CDATA[Eth2]]></descr> <vlanif>lagg0.4082</vlanif> </vlan> <vlan> <if>lagg0</if> <tag>4083</tag> <descr><![CDATA[Eth3]]></descr> <vlanif>lagg0.4083</vlanif> </vlan> <vlan> <if>lagg0</if> <tag>4084</tag> <descr><![CDATA[Eth4]]></descr> <vlanif>lagg0.4084</vlanif> </vlan> <vlan> <if>lagg0</if> <tag>4085</tag> <descr><![CDATA[Eth5]]></descr> <vlanif>lagg0.4085</vlanif> </vlan> <vlan> <if>lagg0</if> <tag>4086</tag> <descr><![CDATA[Eth6]]></descr> <vlanif>lagg0.4086</vlanif> </vlan> <vlan> <if>lagg0</if> <tag>4087</tag> <descr><![CDATA[Eth7]]></descr> <vlanif>lagg0.4087</vlanif> </vlan> <vlan> <if>lagg0</if> <tag>4088</tag> <descr><![CDATA[Eth8]]></descr> <vlanif>lagg0.4088</vlanif> </vlan> </vlans> <switches> <switch> <device>/dev/etherswitch0</device> <vlanmode>DOT1Q</vlanmode> <laggroups> <laggroup> <lgroup>0</lgroup> <descr><![CDATA[Switch Uplink]]></descr> <members>9 10</members> </laggroup> </laggroups> <vlangroups> <vlangroup> <vgroup>0</vgroup> <vlanid>1</vlanid> <members>0</members> </vlangroup> <vlangroup> <vgroup>1</vgroup> <vlanid>4081</vlanid> <descr><![CDATA[Eth1]]></descr> <members>9t 10t 1</members> </vlangroup> <vlangroup> <vgroup>2</vgroup> <vlanid>4082</vlanid> <descr><![CDATA[Eth2]]></descr> <members>9t 10t 2</members> </vlangroup> <vlangroup> <vgroup>3</vgroup> <vlanid>4083</vlanid> <descr><![CDATA[Eth3]]></descr> <members>9t 10t 3</members> </vlangroup> <vlangroup> <vgroup>4</vgroup> <vlanid>4084</vlanid> <descr><![CDATA[Eth4]]></descr> <members>9t 10t 4</members> </vlangroup> <vlangroup> <vgroup>5</vgroup> <vlanid>4085</vlanid> <descr><![CDATA[Eth5]]></descr> <members>9t 10t 5</members> </vlangroup> <vlangroup> <vgroup>6</vgroup> <vlanid>4086</vlanid> <descr><![CDATA[Eth6]]></descr> <members>9t 10t 6</members> </vlangroup> <vlangroup> <vgroup>7</vgroup> <vlanid>4087</vlanid> <descr><![CDATA[Eth7]]></descr> <members>9t 10t 7</members> </vlangroup> <vlangroup> <vgroup>8</vgroup> <vlanid>4088</vlanid> <descr><![CDATA[Eth8]]></descr> <members>9t 10t 8</members> </vlangroup> </vlangroups> <swports> <swport> <port>1</port> <pvid>4081</pvid> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>2</port> <pvid>4082</pvid> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>3</port> <pvid>4083</pvid> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>4</port> <pvid>4084</pvid> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>5</port> <pvid>4085</pvid> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>6</port> <pvid>4086</pvid> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>7</port> <pvid>4087</pvid> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>8</port> <pvid>4088</pvid> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>9</port> <pvid>1</pvid> <state><![CDATA[forwarding]]></state> </swport> <swport> <port>10</port> <pvid>1</pvid> <state><![CDATA[forwarding]]></state> </swport> </swports> </switch> </switches>If your existing config does not have any VLANs then you only have to reassign the interfaces to the new VLANs. WAN as lagg0.4081 etc.
You do however need to be sure there is only one <vlans> and <laggs> sections in the new config so remove any existing empty sections.Steve
-
Thanks for the suggestions everyone. I reached out to support and they helped me convert my old config. I think I'd be able to do it myself with this xml as a guide going forward.
