I have purchased Protectli box (hasn’t arrived yet) and planning to instal Pfsense on it. I currently have Edgeswitch Lite (24-port). Is it possible to setup LAGG on 2 ports on PFSENSE and then configured VLAN Trunk on those port to allow certain VLAN to pass-through those ports?
Well I have a LAGG over four ports on my chinese box, pretty easy to setup under interfaces > LAGG just select your interfaces. Though I do now see your switch needs to support IEEE 802.3ad if you want to use LACP.
Not sure what you mean regarding the VLAN, all traffic will go through the LAGG to the WAN.
My network is configured to have VLAN (this separates my network, guest, IOT devices and security devices). I want to allow those traffic to passthrough LAGG. I believe Edswitch Lite support LACP.
Ah ok, yes I have a couple of vlans they all pass through the LAGG … though I have to admit I only set this up as I had several ports on the box, I don’t have massive amounts of traffic on my network so can’t vouch as to how well it works, it just works and hasn’t given me any gip in the last year.
The LAGG is based on the physical interfaces on the device, VLANS are configured independently of the LAGG. Though you must have a parent interface for a VLAN, mine is my LAGG. If you look under LAGG you’ll see there are other protocol options offering different features.
Just a followup on this, I have received my Protectli device and installed Pfsense. As expected I have problems making LAGG with VLAN work with Pfsense going to Edgeswitch Lite.
Here is my configuration in Pfsense
Under Interfaces > LAGGs: created LAGG0 and the members are igb2 and igb3
Under Interfaces > VLANs: created VLAN 10 to 50 binding to Interface lagg0
Under Interfaces > Interface Assignments: Added VLAN 10 to 50
Under Firewall > Rules > NameofeachVLANS: added the rule action: passsource:nameofvlan net port:any Destination:any
Under System > Advanced > System Tunables: added net.link.lagg.0.lacp.lacp_strict_mode with a value of 0
Here are my configuration in EdgeSwitch Lite
- Under Swtiching > Port Channel > Summary: made sure 0/23 and 0/24 is member of Interface 3/1
- Under Swtiching > Port Channel > Summary: configured 3/1 to have Static Mode to disable
- Under VLAN > Port Configurationy Interface 0/23, 0/24 and 3/1 (LAGG) are configured as Tagged on VLAN ID 10,20,30,40 and 50
Please help me identify why it hasn’t work for me. Please let me know if you need more information
Have a lagg on my spare ports, your first two steps look same as mine,
I’ve not added the above point in my setup.
Presumably you have the same bond type on pfsense and your switch, I’ve used LACP. I don’t recall that I had any particular issues with getting the lagg working.
This is what Netgate says, it’s fairly straight forward. Perhaps double check that you have set an LACP bond on your switch and this corresponds to the LACP bond in pfsense.
I have a Netgear switch, setting an LACP bond was again fairly straight forward.
I have check the EdgeSwitch again and found Switching>VLAN>Switch Port Summary the 3/1 is set to General under SwitchPort mode. It should be set to Trunk, I have not change this yet because I need to have my network up during morning. I’ll check configure tonight and see if it will address my issue.
I think setting the interface 3/1 to Trunk under Switching > VLAN > Switch Port Summary may have resolved the issue. It allowed my DHCP from the firewall to traverse to the VLAN. I will further test this when I get more time
Need to look at this myself as I’ve run out of ports on my 24 Port switch, so planning on using the 2 x SFP ports on the Sophos XG unit in a LAG config and drop 3 x RJ45 connections.