Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lagg interfaces on pfsense 1.2.2

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 2 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ariedederde
      last edited by

      Hi,

      we needed lag interfaces (two bonded nics acting as a lacp lagg) to have better firewall redudancy over redundant switches using two pfsync-enabled failover pfsese firewalls. This is how we did it:

      • edited /etc/inc/globals.inc and added `, "lagg" ' to $g["vlan_long_frame"] on both pfsenses. Make sure that all physical interfaces you want to use for the laggs are vlan-capable!

      • added the following to /cf/conf/config.xml where em1 to em3 would become the lagg0 and lagg1 members:
                       <earlyshellcmd>/sbin/ifconfig em1 up</earlyshellcmd>
                       <earlyshellcmd>/sbin/ifconfig em2 up</earlyshellcmd>
                       <earlyshellcmd>/sbin/ifconfig em0 up</earlyshellcmd>
                       <earlyshellcmd>/sbin/ifconfig em3 up</earlyshellcmd>
                       <earlyshellcmd>/sbin/ifconfig lagg0 create</earlyshellcmd>
                       <earlyshellcmd>/sbin/ifconfig lagg1 create</earlyshellcmd>
                       <earlyshellcmd>/sbin/ifconfig lagg0 laggproto lacp laggport em1 laggport em2 up</earlyshellcmd>
                       <earlyshellcmd>/sbin/ifconfig lagg1 laggproto lacp laggport em0 laggport em3 up</earlyshellcmd>

      and then rebooted.

      Configure you switches accordingly.

      You can now add tagged vlans to your lagg interfaces. After a few tests (we haven't tested it thoroughly yet) and reboots all seems to stay intact.

      Best regards,
      Arie.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Or use pfSense 2.0 beta where they are supported in the GUI without hacking them in. :-)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          ariedederde
          last edited by

          "beta"… We tried beta; not good enough (yet). This looks pretty stable on 1.2.2.

          Arie

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            1.2.2 is very old. Use 1.2.3 at least.

            Hacking up a config like this is at least as dangerous as running a beta, if not worse since it's not really maintainable across updates with lots of extra intervention.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • A
              ariedederde
              last edited by

              we also had issues with 1.2.3 after an upgrade (weird packetloss, backup pfsense having part of it's carp interfaces in MASTER status), so we stepped back to 1.2.2.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.