[Solved]Interface changes causing Interface Status display problem
-
My pfSense box is currently a test/dev box, and I decided to redo how I had the interfaces setup to test the new configuration.
Using pfSense 2.0 RC3 amd64 build from 9/10/11
This has messed up the interface status page.
Original setup:
A WAN link (em0), a LAN link (em1), and a WLAN link (em5) using an 802.11n AP. em2-4 not used
4 different VLANs with em1 (LAN) as the host interface.
A single port on a Cisco WS-C3548-XL-EN set as a trunking port and connected to em1 (LAN) interface with all VLANs configured on the switch.
Worked well.EDIT: Pictures are worth a thousand words…
802.11n AP
^
Original: |
(em5) __VLAN1 (Cisco management/default VLAN, untagged)
| /__VLAN10 (trusted zone-infrastructure servers)
Internet<------->(em0)-pfSense-(em1)---VLAN20 (firewalled-network hosts)
__VLAN30 (Firewalled-network edge services)
_VLAN40 (DMZ-untrusted hosts/guests)New setup:
A WAN link (em0), a MGMTLAN link (em1), a WLAN link (em5) using an 802.11n AP, a 'VLAN' LAGG0 link in PEG mode (em2,em3). em4 not used
4 different VLANs with LAGG0 (VLAN) as the host interface.
Two ports on a Cisco WS-C3548-XL-EN set as "Port Group 2" (source mode) and as a VLAN trunk, connected to em2 and em3 with all VLANs configured on the switch.EDIT 802.11n AP
^
New: |
(em5) __VLAN10 (trusted zone-infrastructure servers)
| /__VLAN20 (firewalled-network hosts)
Internet<---->(em0)-pfSense-(LAGG0, em2,em3)
| __VLAN30 (Firewalled-network edge services)
(em1) _VLAN40 (DMZ-untrusted hosts/guests)
|
/
(Cisco management VLAN1, untagged)To get to the "new" setup from the "original" setup, I renamed LAN (em1) to ‘MGMTLAN’, then disabled each of the VLAN interfaces in pfSense, then configured a new LAGG group as FEC using em2 & em3, then assigned LAGG0 to Opt6, then enabled LAGG0 as a “none” type interface w/ no IP address, then renamed Opt6 to 'VLAN', then edited each of the 4 VLANs to be hosted by LAGG0 instead of em1, then configured the two port “port group 2” as a source based EtherChannel VLAN trunk on the Cisco switch, then cabled the two EtherChannel "port group 2" ports from the switch to em2 and em3, then enabled each of the VLAN interfaces again. As I recall at the moment, I made no other changes.
The Interface Status page now shows the first 3 VLANs as still hosted on the em1 interface and as “down”, and the last VLAN as hosted on LAGG0 (as they all should be) and “up”. The VLAN tab of Assign Interfaces shows all 4 VLANs as currently hosted by LAGG0.
I have not rebooted, and I applied all the changes I made as I went.
Any suggestions on how to fix this? -
Any chances on interface, including vlans may need a reboot.
When using tags, try To never use default vlan id 1 as you did in edit.
Check in console with ifconfig and see if there are any mess.
-
When using tags, try To never use default vlan id 1 as you did in edit.
Check in console with ifconfig and see if there are any mess.
VLAN 1 is set as the management VLAN only in the Cisco IOS settings. It is not tagged as a VLAN in pfSense, since it is the default VLAN for all the Cisco switches in this environment. In pfSense, it is just a standard subnet/network.
Thanks for the help, but this time I was simply not clear about which things were configured where, exactly. I tried to mention there were only 4 VLAN interfaces in pfSense, but I was unclear that it was only these four - VLAN10, 20, 30, and 40.
I just edited my post to point out the VLAN1 is 'untagged'.
I will try a reboot when I get back in to do some more testing.
Thanks for all your feedback tonight marcelloc. :)
-
OK, so I figured this one out a while back and haven't made it back on the forums 'till now.
This was caused by the fact that pfSense tried to assign the interfaces itself after I made so many changes, and ended up putting Opt2 - Opt5 (renamed as VLAN10, VLAN20, VLAN30, and VLAN40) all on em1.
This was resolved by me dropping down the interface assignment from em1 and putting it on LAGG0. Easy fix. Very nice.
Everything is working now, plus I have my AP on a VLAN20 port on the switch now instead of its own interface, which was kind of the point of giving this a try. Works well.