How to setup multiple LAGG without getting firewalled out of configurator?
-
Apologies if this has been covered elsewhere - a 5 minute search in here didn't show anything exactly like it.
I want to create a redundant pfsense cluster from two Intel Atom boxes. Each box has 5 interfaces, re0 - re4. I would like one interface (probably re0) on each box for CARP sync between them via a crossover cable, the rest I would like to put into two LAGG groups, one for "Inside" (re1, re2) and one for "Outside" (re3, re4).
What is the process on pfSense 2.0.3 to avoid getting firewalled out of the web configurator? These are simple failover mode LAGGs where each physical interface will connect to a different physical switch for path redundancy.
Thanks in advance,
Matt.
-
The best way is to do it via a path that does not include the interfaces to be lagged. For example, hook yourself up to the sync network interface or come in over the WAN/VPN.
I have just made a lagg with the port I'm working on before, and then reassigned the LAN to be that lagg, without downtime, and then plugged in the second interface. It's not quite as touchy as bridging.
I think that may have been partially the switch helping out there, but it may work in general.
It's still best to be on another separate interface though.
-
Thanks!
Does the addition of a VLAN on a LAGG make a difference and can I set the VLAN up after installing pfSense? - we have a separate VLAN for data backups which I would prefer to put on the outside LAGG, as well as the public (internet facing) VLAN which is untagged, in Cisco speak. The boxed aren't plugged into any switches as the moment, just sat on the bench with me cursing at them ;-)
-
Not sure if you can have a VLAN on the interface outside of the LAGG, that's probably up to the switch more than anything.
You can have VLANs on LAGG interfaces just like any other interface, just add them under Interfaces > (assign) on the VLANs tab. Once you have the LAGG interface defined, it shows up as a choice for a VLAN parent.