Same VLAN on multiple interfaces??



  • As the title states, can I assign VLAN #99 to OPT2, LAGG1 and LAGG2 at the same time?

    As an alternative to spending money on a switch, I recently installed four additional interfaces in my pfSense machine. I have set them up as two separate LAGGs (LACP), going to two ESXi hosts. My current switching hardware does not support Layer 3, only marginally supports 802.1Q and does not support LACP at all. Installing NICs I already owned seemed like a reasonable experiment considering the cost of a decent switch.

    The pfSense box has seven interfaces currently (eight including the Cisco Aironet WAP).

    WAN = WAN1
    OPT1 = WAN2

    OPT2 = LAN (LAN >> Switch >> physical devices)

    OPT3+OPT4 = LAGG1 (LACP) (pfSense >> ESXi Host1 >> virtual switch >> virtual devices)
    OPT5+OPT6 = LAGG2 (LACP) (pfSense >> ESXi Host2 >> virtual switch >> virtual devices)

    Since I have three physical storage devices attached to my LAN and six virtual storage devices attached to my LACP LAGGs, I want to know if it is possible to assign VLAN #99 to each OPT2, LAGG1 and LAGG2 so that all devices will stay within the same VLAN and /24 subnet.

    I know I could use multiple VLANs and sort the issue with rules but I thought I'd ask. I understand that normally I would have an appropriate switch between my firewall and all of my devices thus eliminating this problem –but it is what it is for now. This is very much a LAGG/LACP + multiple VLANs learning experience for me.

    Thank you for any help/answers.


  • Banned

    @pf2.0nyc:

    As an alternative to spending money on a switch, I recently installed four additional interfaces in my pfSense machine.

    Awesome… Because a switch with VLAN support is about $30 or so.  ::) ::) ::)



  • @pf2.0nyc:

    As the title states, can I assign VLAN #99 to OPT2, LAGG1 and LAGG2 at the same time?

    As an alternative to spending money on a switch, I recently installed four additional interfaces in my pfSense machine. I have set them up as two separate LAGGs (LACP), going to two ESXi hosts. My current switching hardware does not support Layer 3, only marginally supports 802.1Q and does not support LACP at all. Installing NICs I already owned seemed like a reasonable experiment considering the cost of a decent switch.

    The pfSense box has seven interfaces currently (eight including the Cisco Aironet WAP).

    WAN = WAN1
    OPT1 = WAN2

    OPT2 = LAN (LAN >> Switch >> physical devices)

    OPT3+OPT4 = LAGG1 (LACP) (pfSense >> ESXi Host1 >> virtual switch >> virtual devices)
    OPT5+OPT6 = LAGG2 (LACP) (pfSense >> ESXi Host2 >> virtual switch >> virtual devices)

    Since I have three physical storage devices attached to my LAN and six virtual storage devices attached to my LACP LAGGs, I want to know if it is possible to assign VLAN #99 to each OPT2, LAGG1 and LAGG2 so that all devices will stay within the same VLAN and /24 subnet.

    I know I could use multiple VLANs and sort the issue with rules but I thought I'd ask. I understand that normally I would have an appropriate switch between my firewall and all of my devices thus eliminating this problem –but it is what it is for now. This is very much a LAGG/LACP + multiple VLANs learning experience for me.

    Thank you for any help/answers.

    Just so I understand correctly, you expect your pfsense box to bridge VLAN 99 across the LAN link and the two LAG groups?

    I don't think that can be done via the pfsense GUI, and while it might be possible to do via the command line, the performance would almost certainly be worse than just using single links to the switch. Even if you use VLANS with separate subnets on each, and use pfsense to route between subnets, I think your performance would still be worse than just using single gig layer two connections.

    Your switch doesn't have to support LACP  to do LAG (more or less). If you can make it so that your sending "switch" (pfsense and ESX vswitch in your case)  can select a path based on source MAC or IP address, you can just send both paths into the switch. As long as the switch sees the same MAC address on the same port consistently, it won't care. It won't balance traffic going out the LAG group, it will just use whatever port is associated with the destination IP address. You have to decide if this is good enough.

    Oh, and I see Cisco 2960 switches on ebay going for well under $100. They are great switches, and support LACP


  • LAYER 8 Global Moderator

    And WAY faster!!!  PCs do not make good switches..

    "seemed like a reasonable experiment considering the cost of a decent switch"

    what under $200 can get you a cisco sg300 which I find supports pretty much anything you could possible want to do in a lab/home setup.  Even small business, etc.  Can be layer 2 or layer 3 if you want.  $200 is more than reasonable price point for a home setup when your taking about running esxi boxes and the like.

    But as dok points out you can get a switch with lagg and vlan supports for way less.



  • doknortor & johnpoz - It's complicated. For lack of a better way to phrase it, I am running a 5th year, pre-revenue startup from my home –that by all rights should be racked and professionally hosted... so I'm not sure a $30 switch would cut it (but I could be wrong). The switches I have don't cut it and they sell for $50-$150 on fleaBay all day long.

    During the financial crisis back in 2007/8/9 I inherited a bunch of Dell PowerConnect 27xx switches (2708, 2716 and 2724). Up until recently I had been running massive amounts of cabling to create LAGs between machines on same subnets, point to point LAGs in some cases, etc. because we frequently move moderately large amounts of data. Between machines. With ESXi's 5.5 Distributed Switches I thought I'd mess around with LACP and see if I can't learn a thing or two.

    GomezAddams - yes I was asking about bridging VLAN 99 across multiple interfaces on different subnets. I think my solution is a decent $300-$500 layer 3 switch sitting between my firewall and my devices however my time may be better spent advertising for a network admin at this rate.  :)


  • LAYER 8 Global Moderator

    And you think bridging some interfaces are going to move packets faster than those switches??

    "my time may be better spent advertising for a network admin"
    And there you go - wisdom stated!!  Can you post a diagram of what I can only assume is a cluster!!



  • For the scenario you presented, you do not need a layer 3 switch. In your original post, your heavy duty data was on VLAN 99. If you just buy a Cisco 2960 (or other switch that supports LAG and VLANs) and use LAGs to the ESX servers, you'll be OK.

    Do keep in mind that LAGs don't magically balance traffic across the links. You have to configure them to use bits in the source or destination addresses to determine which physical port in the LAG gets used.


Log in to reply