LAGG and VLANs with Procurve 2530



  • Hi

    I've been trying to get LAGGs working for days between pfSense and a HP Procurve 2530 with no success so if anyone can help it would be greatly appreciated. Sorry if this post is a bit long and rambling but I'm trying to put as much as possible up front but please ask for more detail if you think it will help.

    I have pfSense 2.1.5-RELEASE (i386) running on a Jetway JNF9HQL board which has 4 x Realtek 8111EVL NICs and I'm trying to create a 2-port LAGG with multiple VLANs for internal traffic.

    On the pfSense box:
    WAN is re0 and LAN is disabled on LAGG0 (WAN is plugged into our office LAN I'm doing the config from WAN side)
    Configured 2 x LAGGs using LACP with re1 -> LAGG0 and re2 and re3 -> LAGG1
    Created VLANs 100 and 200 and assigned to LAGG1
    Created new OPT interfaces and attached them to the VLANs with static IPs.
    So 10.101.100.254 is a static IP on the VLAN100 interface attached to VLAN 100 on LAGG0
    Firewall rule created on each VLAN interface to allow any to any.

    On the Procurve 2530:
    Created a trunk with

    trunk 9,10 trk5 lacp
    Created VLAN 100 and 200 and added trk5 to the VLANs as a tagged member
    vlan 100
    tagged trk5
    vlan 200
    tagged trk5

    Physical connections are 9->re2, 10->re3
    The switch is on VLAN 100 with IP 10.101.100.11 and I have another router connected to the switch on VLAN 200.

    What's happening is that traffic doesn't traverse the switch when both ports are connected. With both ports of the trunk connected the switch can ping both pfSense on 10.101.100.254 and my router on 10.101.200.253. But the other router cannot ping pfSense.  If I unplug re2 from the switch the result is the same. If I unplug re3 from the switch then communication between the router and pfSense is restored. Swapping the connections around makes no difference, it always fails when re3 is connected.

    I've tested this set up with re2 and re3 as non-lagg members and it all seems to work as expected, but not when the ports are put back into the LAGG.

    Spanning-tree is off by default on this switch but enabling it makes no difference.

    Interface statuses in pfSense seem to be normal. Information about LACP, trunks, spanning-tree, vlans and interfaces all looks as expected on the switch.

    I've checked the HCL for pfSense/FreeBSD and the Realtek cards are listed as supported. Also, it's exactly the same on the 64 bit version.

    I have another LACP trunk configured on the switch connecting to a Synology and that is working without issues.

    Many thanks in advance for your help.

    Mark


Log in to reply