Convert simple WAN/LAN system to WAN/Multi-VLAN-on-LACP

  • Hi all,

    For quite some time I've had a nice & simple setup of WAN on re0 & LAN on re1 serving a simple network ( no VLAN). I've become a bit more ambitious and want to expand my homelab.

    My goal is to use all 4 of the NICs in the pfSense box:

    • re0 - WAN - DHCP from ISP

    • re1-3 - LAGG (LACP)

    • VLAN 2 on lagg0 - ADMIN - - Admin VLAN (Admin + 'private' services)

    • VLAN 4 on lagg0 - HOME - - Home VLAN (Authenticated users + 'public' services)

    • VLAN 8 on lagg0 - GUEST - - Guest VLAN (Unauthenticated users)

    I started by creating the LAGG with just re2 & re3, thinking I could 'expand' it later when I no longer needed the default LAN interface. I have all the VLANs set up and my switch uses MAC authentication to assign VLANs. Routing acts as I want (GUEST have no access, HOME can access internet, ADMIN can access internet and anything on HOME and GUEST). Nothing now uses the LAN interface on re1.

    The problems started when I tried to de-assign re1 from LAN and add it to the LAGG.

    First, disabling the interface stopped any UPnP rules from working. They still appeared in the UPnP & NAT-PMP status page, but the ports were not open on the WAN side. Re-enabling the LAN interface reverted this.

    Second, when unassigning the re1 interface and adding it to the LAGG, pfSense stops responding on the web interface. Physical console still works and I can ping any external address, but nothing internal (172.16.x.1) from psSense itself. None of the VLANs can route any more either.

    I don't know enough about BSD to even attempt debugging this from the terminal, and when trying to add re1 to the LAGG kills my internet access, it's hard to get on IRC and ask for help! I have to perform a factory reset and start from scratch!

    Any ideas and/or suggestions would be wonderful.

Log in to reply