Setting up vlans/trunk
-
Hello,
I've been using pFsense 2.1 for a while and whenever I tried to upgrade, everything felt apart.
However, i've bought myself a new router and new hopes, but there's one think I can't get working.
I have an LACP between my pfsense and TP-link TL-SW3210 switch. on 2.1 I've always used it as a trunk, but only when I put the LAG to GENERAL my network starts working, except for additional vlans.
Is it known behavior that pfsense can't handle a trunk? am I doing something wrong?
Any help is deeply appreciated!
-
So what version are you trying to use?
What are you setting to general? I see no general LAGG setting in pfSense (but I'm looking at 2.3.)
In my experience, you have to create a lagg using interfaces with a similar configuration (all the same vlan tags, etc) After you create the lagg you tag the lagg and it is added to all member interfaces. Are your pfSense VLAN tags on the lagg interface or member interfaces?
Whatever you're seeing it's probably not because pfSense can't do it but that mistakes or erroneous assumptions are being made.
But before making a complete fool of myself I'm going to lacp two interfaces on an SG-2440 on 2.2.6 to my SG300.
-
Don't know, friend. It all seemed to work as expected…
Switch:
interface gigabitethernet9
channel-group 2 mode auto
!
interface gigabitethernet10
channel-group 2 mode auto
!
interface Port-channel2
description TEST_LAGG
switchport general acceptable-frame-type tagged-only
switchport mode general
switchport general allowed vlan add 1200 tagged
!Interfaces > (assign), LAGG Tab - Create LACP lagg with igb2,igb3
Patch gi9 to igb2 and gi10 to igb3
sg300-223#sh int port-channel 2
Load balancing: src-dst-mac-ip.
Gathering information…
Channel Ports
------- -----
Po2 Active: gi9-10Interfaces > (assign), VLAN tab - Create VLAN 1200 on lagg0
Interfaces > (assign) - Add OPT1 with Network port VLAN 1200 on lagg 0
Interfaces > OPT1 - Enable interface and assign address 10.34.56.1/24
Firewall > Rules, OPT1 tab - Create generic pass any any from OPT1 net rule.Create a workstation interface on VLAN 1200 with an address of 10.34.56.99/24.
$ ping 10.34.56.1
PING 10.34.56.1 (10.34.56.1): 56 data bytes
64 bytes from 10.34.56.1: icmp_seq=0 ttl=64 time=0.442 ms
64 bytes from 10.34.56.1: icmp_seq=1 ttl=64 time=0.352 ms
64 bytes from 10.34.56.1: icmp_seq=2 ttl=64 time=0.305 ms
64 bytes from 10.34.56.1: icmp_seq=3 ttl=64 time=0.384 ms
^C
–- 10.34.56.1 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.305/0.371/0.442/0.050 ms -
Thanks for the info, i've attached some screenshots of how I got everything set-up, the snap of the switch is of how it always used to work, in trunk mode.
All the vlans were made member of the LAG on the switch.
Thanks for the quick feedback!
I'm on pFsense 2.2.6-RELEASE (amd64)
-
Mixing tagged and untagged traffic on one interface can be problematic. Vendors do it differently. Just tag it all and it'll work.
-
We don't see the VLAN config of your TP-Link switch.
Can we assume you have VLAN 2 tagged configured on the trunk as well? -
Yes, VLAN2 was configured and tagged, but it didnt do a thing.
Just yet I tried to create VLAN 1 on my pfsense router, assign LAN to it and change the config on my switch to trunk, it's all dead.
I'd be inclined to just buy the TL-SG3216 V2 to see if that would fix the problem, but I'm guessing that wouldn't help all to much, or is it worth a shot?
-
Note that meaning of "trunk" in TP-Link hardware is not the same as in Cisco hardware. Read the docs carefully.
-
I'm aware that Cisco has VTP for trunking, but in essence, both TP-link and Cisco use the term trunking for combining multiple vlans over a single link right?
I'm still having this issue, so if anyone could point me in a direction for troubleshooting that would be great!
-
I'm aware that Cisco has VTP for trunking, but in essence, both TP-link and Cisco use the term trunking for combining multiple vlans over a single link right?
I'm still having this issue, so if anyone could point me in a direction for troubleshooting that would be great!
Nope. Check out the docs of Tp-Link (user manual of your switch, download it from their site). They use the "trunk" term for port aggregation:
Defines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that combines several lower-speed physical links.
This has nothing to do with vlans. -
Mixing tagged and untagged traffic on one interface can be problematic. Vendors do it differently. Just tag it all and it'll work.
On TP-Link switches, it is possible to have tagged and untagged traffic on the same interface, and it works flawlessly also with pfSense like that.
I'm using dozens of UniFi wireless hotspots on each site with TP-Link switches, which require to have their management network untagged, and wireless networks tagged on the same interface. -
Mixing tagged and untagged traffic on one interface can be problematic. Vendors do it differently. Just tag it all and it'll work.
On TP-Link switches, it is possible to have tagged and untagged traffic on the same interface, and it works flawlessly also with pfSense like that.
I'm using dozens of UniFi wireless hotspots on each site with TP-Link switches, which require to have their management network untagged, and wireless networks tagged on the same interface.Hi Derelic,
I've always used it as you described, untagged LAN network, additional tagged networks and the switch in LAGG with trunked ports.
However, since i've upgraded it stopped working for my LAG, i've now decided to buy a new switch to see what it does, i'll keep you guys posted.
