So ive decided to setup an HA pair of SG-2100 Netgate devices (running 2.5.0_p1). Both devices are out of the box brand new and Factory vanilla.
I have noticed straight away that there is a problem here… My interfaces are missing? So currently i have WAN, and LAN plugged in as you would expect. on the dashboard widget ‘Interfaces’ I have WAN, LAN, LAN1, LAN2, LAN3, LAN4, LAN Uplink. This is shown in the picture
So where are my other interfaces to name, assign etc etc? I thought it must be a GUI glitch, so i connected in with a console and dropped to shell. But true enough my interfaces are missing in IFCONFIG as well? Am i missing something here (apart from the Interfaces)
The interfaces themselves work just fine, and if i unplug from say LAN1 and connect to LAN4 the Interfaces widget updates fine, the connection works just fine. But i need to configure the details. Even config the interfaces in the console doesnt work!.
Those Ports on a Netgate SG-3100 and 2100 are Switched Ports they are not directly available as Interfaces. Mention those ports like a “integrated managed switch” which you can controll from the UI. This switch is connected by a trunk of 2x 2.5GbE;
Great thanks so much for showing me this, I was kinda going this way in thought as going through the console boot log it was talking about switch ports and seeing them all connected (8n this case) to a Marvell controller for them
Looks like no easy HA config unless you use a vlan for the sync settings. Maybe I’ll get it going yet.
Rest the box, connect a laptop to any one of the lan ports and your router to the wan.
Bring it up, give it a sensible LAN address (not 192.168.1/0.x) go 172.16.0.1 but disable dhcp
Static your laptop to 172.16.0.10 with .1 as your gw and your favourite dns provider.
Check you get a WAN address, check the interwebs work
repeat for the second box but use 172.16.0.2
Next plug the two boxes and your laptop into a switch that supports vlans, check you can see both and that changing your GW still gives you internet access
The next bit can be tricky depending on your switch but you want to setup three ports on your switch to allow tagged packets in but to also allow untagged packets to go somewhere. You then also want a port that is untagged to the same place. Let’s assume you are untagging 100 and tagging 200.
Move your devices over to those three ports, you should still be able to ping your pfSense boxes, see the internet etc.
Now you go to the pfSense boxes and configure a VLAN interface for vlan 200, give them IPs in the 172.16.1.x range (1.1 and 1.2 I guess) and check you can ping them. You could also configure a switch port to untagg 200, connect your laptop there, update the static to 1.10 and check if it can see them.
You could then start to look at options like bonding interfaces, spanning tree and cross linking to two switches to give more redundancy (pfsense1:p1+2 to switch1, p3+4 to switch2, pfsense2:p1+2 to switch1 p3+4 to switch2) if you need to go to that level of detail.
