Setting up an LACP LAG in pfSense 2.4 and VMware Fusion. LACP allows link redundancy and improved throughput along with many other features. rocketcitytech.tv
I had already started configuring this on a second firewall, from scratch, even after checking the docs it didn't work, but sounds like I had it right. Will need to check my LACP settings on my Cisco 2650G. Great explanation. Thanks.
Just found your channel, you explain stuff like I do.. "This is how you can do this, but nothing stop you to do it like this or this or this" I like that no scripts! good content you got a new sub.
I watched this video a few years ago when I first got into pfSense and didn't have a clue what you were talking about. Now that I'm almost finished with my last semester for my CyberSecurity Certificate I actually understand what you're talking about. I'm getting a new Modem today that supports LAGG :D I'm excited to try this out on the WAN side of things!
@@RocketCityTech Okay maybe I'm feeling dumb but I want to make sure I'm thinking this right. I SHOULD be able to just change the WAN's interface from the em0 or whatever to the LAGG interface with LACP and it should work right? It just seems too simple and I wanna make sure I'm not missing something lol
@@Butrdtostngravy Is your desired setup solely for redundant paths to the modem or are you trying to increase the speed to your ISP? Creating a trunk would only be beneficial for redundant paths or if you had speeds from your ISP greater than what one interface on the pfSense box would be able to support (example a 2Gb ISP connection and 2 x 1Gb interfaces on the pfSense install. But to answer your question, for a simple trunk to the modem, that should be all you need if your modem supports that type of connectivity.
@@RocketCityTech the hope is that I can test out LACP so when I get to upgrade to gigabit I can overcome the 940-960Mbps limitations of the gigabit interface if they ever overprovision
So if I wanted to do LAGG with LACP on both the WAN and LANs, would I put lagg0 (without any VLANs) directly onto the WAN and the LANs with lagg0 (with VLANs) like lagg0.10, lagg0.20, etc? Or would it be the other way around? I'm basically wanting to do LAGG that results in a kind of a router on a stick type of configuration. Thanks!
I cant get mine to work with an hp procurve 2510 switch, I have to use putty over serial adapter, to manually enable ports via command line and when i show lacp status procurve response says they are all up. I currently have vlan 1 on the switch. Really i dont need vlans but the switch wont allow any traffic flow without the vlan and any ports untagged.
Hi sir, How can I exclude IP address on the DHCP Server Pool? if I use the range 10.0.60.10 - 10.0.60.100 and still use a static IP like 10.0.60.1 will it still be VLAN 60? Thanks
Are those interface real or virtual or what? Do you have a real network card? Not trying to be a douchebag with the questions, but I really don't know anything about VLANS and so, without a list of hardware used, I have no real context for what is happening in the real world or virtual comparatively stated.
Hi, great tutorial. I have a question: I already have a lan to a switch with all my clients. I want to use LAGG from the router to the switch, how do i replace the LAN with the LAGG trunk? And i want to keep mij DHCP information, is that possible?
First create the lagg with all of the other interfaces and then add your lan interface to the lagg. Then make sure the switch understands the port is now part of the lagg with the other lagg ports.
Thank you for the video! I have a question regarding the LAGG that is created. Is it possible to configure the LACP LAG port as the LAN interface? Meaning the 3 Gb port handle to main traffic to and from the pfsense router to the switch? If so, how would one do that?
Hello, great question. Yes! You can do this after you create the LAGG interface by assigning the LAN interface to the LAGG. However, as someone else has pointed out, Netgate doesn't recommend passing untagged traffic along the same interface as tagged traffic on the LAGG interface. SO, what you should do is create a new VLAN for your LAN interface (whatever you want) and program the switch to handle tagged traffic on this new VLAN and associate other ports to this VLAN (untagged on the other ports outside of the LAGG). Then, modify the pfSense LAN interface to use the new VLAN on the LAGG. This allows the already untagged network you have in place to remain untagged on the switch side. Basically, what you are doing is first tagging the untagged (LAN I assume) traffic on the switch coming into the LAGG with a new VLAN tag and telling pfSense that the LAN interface is now on a tagged segment of the LAGG, which will be hosted on the 3Gb interface. Thanks for watching!
@@asphaltbinder I made a quick video explaining this (hopefully) a bit more clear. Here is the link: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-RgXiQlUguec.html
These are great videos that i like to find and watch for things i need to be able to accomplish for my personal network. Do have a question or 2. Currently have an HP Procurve switch as well. along with pfsense, I just want to be able to setup lagg with 4 ethernet cables to the procurve switch. Do i need to use vlan if im only going to have 1 network and set of ip addresses?
Hi found helpful, but have a doubt, that is it possible to aggregate 3 links say each is 10mb/s --> agregating it as 30mb/s single. link. If it is possible what extra configurations i need to make. thanks in advance.
Hello, first you will need to add the VLANs to the single NIC that you are going to assign to the different modes. For example, create VLAN 10 for WAN, VLAN 20 and 30 for your 2 internal VLANs, and then assign those VLANs to new interfaces. You can create as many VLANs and interfaces as you want on a single NIC, you just have to configure them. Doing the above and keeping the untagged traffic internal would allow for a total of 4 networks: 1 external VLAN, 2 internal VLANS, and 1 untagged internal network. You can keep the untagged network for administration or whatever you like. As always, you'll need to configure the firewall rules the way you see fit. Thanks for watching!
@@RocketCityTech ok some reason my re reply didnt work.. i got my switch to give ips but i can not ping any of the ips except the dhcp server of each vlan... can you email me more details. comet424@msn.com and for a game vlan how did you make sure you have a open nat for xbox live... i have it setup for novpn it uses the wan.. the xbox has a open nat.. but the computer has a moderate NAT for xbox live windows 10... yet under the same group... would you know why
@@comet424 is your switch acting as the DHCP server or pfsense? If it's the switch, make sure you have configured the DHCP server to provide the correct gateway for your pfsense server. If it's pfsense, make sure you are allowing the correct traffic through the firewall rules. I'll try to do a video on upnp and static routes soon to help with your Xbox live issues.
Good and clear video! thanks for sharing this; the question I have is, can I do the trunking on the WAN itself? let's say WAN1 is cable and WAN2 is cable and combine both bandwidth for LAN; thanks!
Good question and sorry for late reply. For setting up multiple ISP connections, you would use a multi-WAN configuration. The possibilities include having connection A for primary, connection B for secondary and only using B when A fails, OR you could load balance and use both at the same time evenly and increase your available bandwidth, OR you can set percentages of usage for each connection, say use A for 75% of WAN traffic and B for 25%. I will try and make a video on this setup as it is a very commonly asked for solution for failover in the case of one ISP connection going down. Thanks for watching.
How do you setup pfSense LACP with 2 switches? say you only have 2 1Gbps NICs and 2 8-port-1Gbps manage switches, you want to have HA + full bandwidth for your pfSense. you connect eth0 to switch1, then eth1 to switch2. you also create VLAN10 for WAN/Internet connection, say 101.1.0.1/30 and VLAN 20 for LAN connections, say 10.20.0.1/16 and VLAN 30 for Wi-Fi connection with Captive-Portal, say 10.30.0.1/24 All these VLANs are to be place on the LACP link.
I would say that your managed switches would have to support stacking or some type of VRF. Once the switches are configured it would be setup the same way.
Nice video but something bugs me. You say don't plug nothing, first set up pfsense and the switch. What if the pc you use to access the webconfigurator is on the newly configured VLAN using the LAGG as parent interface? Wouldn't it be better to set up pfsense with a PC using an untagged port on the switch and then try to plug it in a tagged port once the config is done?
Eric B Eric B hmm, let me clarify: it’s a good idea when configuring trunks to wait until the trunk is fully configured before connecting more than one cable. Connecting multiple cables between switches and other network devices before the trunk is properly configured could cause a nasty issue like a loop back. The trunk can be configured first with untagged traffic, then the VLANs can be added afterwards. Wait until the trunk and ports are configured before going ahead and connecting all of your additional cables to avoid a nasty surprise. I hope all that makes sense, haha.
It does make sense but I'm still struggling to get it right on my home network. PfSense was working great before I try lagg lol Now, I can't even get on the web configurator from my pc (which get an IP from the VLAN DHCP). It's weird. And I can ping my pc from the pfsense ssh console. I've got a 4 Gb ports box as router and a Cisco 2960CG 10 Gb ports. Have no trouble to set up the etherchannel/lacp on the Cisco. The Pfbox is set as follow: WAN: em0 LAN: em1 (192.168.1.1) LAGGO (em2+em3): 192.168.10.1 VLAN 100 (on lagg0): 192.168.100.1 On the Cisco, I set my default gateway on 192.168.100.1. Anyway, got to fix that thing...
You would have to setup up on an interface not included in the lagg then once setup, switch to the lag interface and add the other interface in to the lagg.
