pfSense + Unifi Aggregation 10G Switch

Hello Everyone,

I am going to post the message the same way i posted it in the Netgate TAC Lite.

I have connected the NG-6100 to my network using the port labeled “LAN (igc0)” a cat 6 connection. I want to replace that connection with a fiber connection using an SPF+ (INTEL FTLX8571D3BCV-IT 10GB based on your documentation) to a Unifi Aggregation 10GB Switch, I want to have the Aggregation Switch to be the MAIN Switch. I don’t grasp the configuration. (See Attached Network Diagram)

Current Connections:
LAN (Cat 6), WAN1 (Cat 6), WAN2 (Cat 6) + 9 VLANs

I would like to replace the LAN Copper connection with FIBER OPTIC.

I do not want to configure the router from scratch if I do not have to,

If I configure the WAN3 (ix0) port to work as a secondary LAN network on a different subnet, configure some basic firewall rules to access the VLANS and WAN Access, Then disconnect the LAN cable and reconfigure the IP Address to match the old LAN subnet address, will that work?

What is the best approach for this?

what is your recommendation?

Any help will be greatly appreciated.

Two ways to do this, but make sure you backup first:

  1. Create and interface to use that DOES NOT overlap with existing networks, connect to that interface, go to assignments and swap your LAN with the interface you want to use.
  2. Download the backup config, manually change the interface in file, upload the file and it should work.

The reason I suggest creating a new interface in option one is so that you have a way to access the system while making the changes,

Thank you Tom. AppreciatedMaybe a topic for a future show. :smiley:

Hello Tom.

I tried both recommendations and I had no luck.
Scenario 1

I configured the WAN3 (ix0) port to work as a secondary LAN network on a different subnet, configured DHCP & some basic firewall rules to access the VLANS and WAN Access, and changed the VLAN’s interfaces to use the ix0 interface because they were using icg0.

Restarted the firewall, disconnected the LAN cable, and reconfigured the IP Address to match the old LAN subnet address. Connected to the Firewall Web Configuration and changed the IP address for the icg0 interface to a different segment to free up the network subnet IP address to give it to the ix0 interface. Rebooted, assigned the interface ix0 with the original icg0’s IP Address, configured DHCP rebooted, and I lost access to the firewall, restored backup from the Console.

I was worried about this configuration because the Anti-Lockout firewall rule (LAN) did not transfer to the new interface (WAN3)

Scenario 2

Downloaded an interface backup and changed in the .XML file the name of the interfaces there:

From this code:

To this code:

Uploaded the .XML file with the changes to the firewall, rebooted it, and disconnected the LAN cable. I connected to the Firewall Web Page, I made the changes to the VLAN’s Interfaces to point from icg0 to ix0 and rebooted the firewall once again. I could log in to the firewall web portal and had internet access. However, none of my VLANS were working.

Restored backup and going back to the drawing board.

You could retry scenario 1. Before you do the swap, create a rule on any interfaces you might need to connect to the firewall to see what’s up before you swap assignments. The anti-lockout rule is there to protect you against accidentally shooting yourself in the foot but I often have configurations where I’m turning that off and only allowing access from a management vlan instead.

I’m a bit confused on your scenario 2. The from code has both igc0 and ix0 with the same network address. They should be different.