Initial LACP setup on appliance with only two interfaces?



  • Firewall has two interfaces. Rather than run a WAN/LAN setup, I think I want to run both interfaces in LAGG/LACP for a variety of reasons, including taking advantage of the approx. 850 Mbps of bandwidth that would be always idle and available on the WAN port since WAN1 is 50/5 and WAN2 is 75/75.

    The device has integrated wifi and I have a handful of USB wifi and ethernet NICs available to me.

    Is this the best way to accomplish setting up LACP on the two interfaces or is there a more eloquent way to accomplish this out of the box (via command line perhaps)? As an end result I would like to have a backup/config file that is stable enough that I can restore from if needed.

    1. Set up firewall as standard WAN/LAN device.

    2. Activate wifi as AP with an "allow to any" rule such as the LAN on initial install.

    3. Add a couple of USB >> ethernet NICs as OPT1 and OPT2 interfaces.

    4. Migrate WAN and LAN over to the USB OPT1 and OPT2 NICs.

    5. Create LAGG with LACP as protocol for the two onboard (now unused) interfaces.

    6. Migrate WAN to the LACP LAGG and LAN over to a VLAN assigned to same interface.

    7. Delete/remove the USB interfaces.

    8. Reboot and confirm everything is working properly.

    9. Backup/save configuration.

    10. Reset device to factory defaults and restore from config file to test.

    In theory this _should_work however I've purchased about six USB >> Ethernet adapters (used, eBay) that allegedly work with pfSense and none of them seem to work properly. Is there an alternative method that would work? I also have access to ESXi. Would it be possible to build a virtual instance of pfSense with four interfaces, perform the steps above and then use that config file to restore from on a hardware pfSense instance? I don't know of the differences between a virtual config file and a bare metal config file.

    Thank you for any feedback or suggestions.


Log in to reply