2-4 pfSense NICs, 6 VLANs, 2 managed switches bound by 2 fiber LACP ports…

  • I'm trying to rewire my lab at home so that things are more redundant. Here's my current setup…

    pfSense on an ATOM PC with 5 NICs...

    0 - WAN
    1 - 3 VLANs
    2 - 3 different VLANs
    4 - Wifi
    5 - DMZ but it could be changed for another use.

    I have 2 24 port HP 1810G Procurve switches linked by 2 fiber ports on each switch in LACP (they don't have the connections in the back so they can't be stacked and act as one switch). pfSense NIC 1 goes to one switch, NIC 2 goes to the other switch.

    Now, if something happens to one switch I'll lose some or all connectivity to those VLANs. I'm trying to figure out a way so that if one switch does go down, I won't lose any VLANs.

    What would happen if I bound all 6 VLANs to pfSense NICs 1 and 2 with them plugged into different switches? Is that even possible in pfSense?

    Any other suggestions how I can configure this? 2 maybe 3 NICs available in pfSense. 4 if I move the wifi hotspot to the physical switches instead of pfSense.


  • This should work if you bundle your two ports (that go to the two switches) first into a lagg interface,
    and then build the vlans off of the lagg (the lagg mode should be failover or one of the loadbalance
    types, NOT fec or lacp). The catch with this approach is the initial configuration, because you can't
    build a lagg interface in the console, unfortunately.

  • LAYER 8 Moderator

    As a quick note: I don't remember HP1810Gs supporting etherchannel or loadbalancing over ports on different switches (even Ciscos or Juniper switches have it only in high(er) price models). So I'd go with casper's recommendation:

    • throw away VLAN configurations on NIC1/2
    • create LAGG interface with failover type (a Bond1 configuration)
    • create all 6 VLANs on the lagg0 interface
    • configure the port on both switches for those 6 VLANs
    • don't forget to allow them through your LACP trunk, too ;) (coworker forgot that, after failover only the ports on the active switch were working)

    That should do it.

Log in to reply