Multiple SPAN ports on a bridge

dvancleef

Sorry if this is the wrong place but I don't see anything bridging-specific.

I have an application that requires me to have multiple SPAN ports on my LAN interface (which is actually a LACP LAGG). This, of course, is not supported under the web UI. I've gone through setting this up and I have this working for the first SPAN port. I understand how to add a second port manually but:

What is a clean way of adding the second one so that it:
    a) starts cleanly on boot
    b) is not overwritten by an upgrade (this is important, once set up this install will be managed by someone who isn't me)

heper

so you want a port mirror for a 2x/4x LACP? do this on your switch.

just out of curiousity, what it it exactly that doesn't work from gui ?

dvancleef

The selection of SPAN port is a drop down, not a selection box, so you can only choose one even though from command line adding an extra span is trivial. It mainly comes down to me not fully understanding how the pfsense rc process differs from standard FreeBSD and which parts I can hack that won't get overwritten by an update.

After some testing, <shellcmd>seems to get executed in the boot process after network interfaces are up, and is said to survive updates, so I think that's the solution to my problem.</shellcmd>

heper

if you provide me the syntax to get multiple spanning ports working on shell, then i might be able to create patch for pfSense 2.3.x

i have no way of testing if this works or not, but if that is something you would be willing to test, then i'm willing to spend some time in getting this done & try to get it merged in.

dvancleef

The syntax for adding/removing span ports to a bridge is pretty trivial:

# ifconfig <bridge-device>span <port-to-add># ifconfig <bridge-device>-span</bridge-device></port-to-add></bridge-device> 

heper

see

https://redmine.pfsense.org/issues/5871

&
https://github.com/pfsense/pfsense/pull/2613 (this only works for 2.3 Beta builds)

the commits in the pull request on github can be cleanly added with the system-patches package.

please let me know if this works the way you intended it to.

dvancleef

Thanks, I'll try and test this on real hardware Monday. I'm on a 4 day holiday weekend at the moment.

loos

The patch from heper was committed to 2.3 (you can test with tomorrow's snapshot).

Thanks!

dvancleef

I spun my 2.3 test box up to the 2/15 build this morning and it seems as though the patch works as expected:

Testing methodology:
Added 2 ports to a bridge
Rebooted to verify that the config xml was sane (it was)
Removed 1 of the ports
Rebooted
Removed other port

Everything seems OK.