Lagg interfaces on pfsense 1.2.2
-
Hi,
we needed lag interfaces (two bonded nics acting as a lacp lagg) to have better firewall redudancy over redundant switches using two pfsync-enabled failover pfsese firewalls. This is how we did it:
-
edited /etc/inc/globals.inc and added `, "lagg" ' to $g["vlan_long_frame"] on both pfsenses. Make sure that all physical interfaces you want to use for the laggs are vlan-capable!
-
added the following to /cf/conf/config.xml where em1 to em3 would become the lagg0 and lagg1 members:
<earlyshellcmd>/sbin/ifconfig em1 up</earlyshellcmd>
<earlyshellcmd>/sbin/ifconfig em2 up</earlyshellcmd>
<earlyshellcmd>/sbin/ifconfig em0 up</earlyshellcmd>
<earlyshellcmd>/sbin/ifconfig em3 up</earlyshellcmd>
<earlyshellcmd>/sbin/ifconfig lagg0 create</earlyshellcmd>
<earlyshellcmd>/sbin/ifconfig lagg1 create</earlyshellcmd>
<earlyshellcmd>/sbin/ifconfig lagg0 laggproto lacp laggport em1 laggport em2 up</earlyshellcmd>
<earlyshellcmd>/sbin/ifconfig lagg1 laggproto lacp laggport em0 laggport em3 up</earlyshellcmd>
and then rebooted.
Configure you switches accordingly.
You can now add tagged vlans to your lagg interfaces. After a few tests (we haven't tested it thoroughly yet) and reboots all seems to stay intact.
Best regards,
Arie. -
-
Or use pfSense 2.0 beta where they are supported in the GUI without hacking them in. :-)
-
"beta"… We tried beta; not good enough (yet). This looks pretty stable on 1.2.2.
Arie
-
1.2.2 is very old. Use 1.2.3 at least.
Hacking up a config like this is at least as dangerous as running a beta, if not worse since it's not really maintainable across updates with lots of extra intervention.
-
we also had issues with 1.2.3 after an upgrade (weird packetloss, backup pfsense having part of it's carp interfaces in MASTER status), so we stepped back to 1.2.2.
