pfSense - LAGG, LACP, TRUNK

Поділитися
Вставка
  • Опубліковано 23 гру 2024

КОМЕНТАРІ • 54

  • @RobertoRubio-ij3ms
    @RobertoRubio-ij3ms 9 місяців тому +1

    2024 and this is still a great video to watch. Thanks a lot.

  • @mavd5831
    @mavd5831 4 роки тому

    Thank you very much for this! Couldn't figure out how to add multiple VLANs to the LAGG, so this helped A LOT!

  • @Sulprax
    @Sulprax 2 роки тому

    Thank you, I've just started learning networking with pfsense and this is amazing thank you. subscribed

  • @Butrdtostngravy
    @Butrdtostngravy 4 роки тому

    I watched this video a few years ago when I first got into pfSense and didn't have a clue what you were talking about. Now that I'm almost finished with my last semester for my CyberSecurity Certificate I actually understand what you're talking about. I'm getting a new Modem today that supports LAGG :D I'm excited to try this out on the WAN side of things!

    • @RocketCityTech
      @RocketCityTech  4 роки тому +1

      Awesome, glad to hear. Good luck!

    • @Butrdtostngravy
      @Butrdtostngravy 4 роки тому

      @@RocketCityTech Okay maybe I'm feeling dumb but I want to make sure I'm thinking this right. I SHOULD be able to just change the WAN's interface from the em0 or whatever to the LAGG interface with LACP and it should work right? It just seems too simple and I wanna make sure I'm not missing something lol

    • @RocketCityTech
      @RocketCityTech  4 роки тому

      @@Butrdtostngravy Is your desired setup solely for redundant paths to the modem or are you trying to increase the speed to your ISP? Creating a trunk would only be beneficial for redundant paths or if you had speeds from your ISP greater than what one interface on the pfSense box would be able to support (example a 2Gb ISP connection and 2 x 1Gb interfaces on the pfSense install. But to answer your question, for a simple trunk to the modem, that should be all you need if your modem supports that type of connectivity.

    • @Butrdtostngravy
      @Butrdtostngravy 4 роки тому

      @@RocketCityTech the hope is that I can test out LACP so when I get to upgrade to gigabit I can overcome the 940-960Mbps limitations of the gigabit interface if they ever overprovision

  • @geogmz8277
    @geogmz8277 6 років тому +1

    Just found your channel, you explain stuff like I do.. "This is how you can do this, but nothing stop you to do it like this or this or this" I like that no scripts! good content you got a new sub.

  • @jeylful
    @jeylful 5 років тому +1

    Awesome video, very clear and easy to follow! Thamks mate

  • @GabrielSouzas
    @GabrielSouzas 6 років тому +2

    Congratulations for the video, i'm from Brazil. Your didactic is very simple and good.

  • @account80233
    @account80233 5 років тому +1

    So if I wanted to do LAGG with LACP on both the WAN and LANs, would I put lagg0 (without any VLANs) directly onto the WAN and the LANs with lagg0 (with VLANs) like lagg0.10, lagg0.20, etc? Or would it be the other way around? I'm basically wanting to do LAGG that results in a kind of a router on a stick type of configuration. Thanks!

  • @Gemini5AU
    @Gemini5AU 4 роки тому

    I had already started configuring this on a second firewall, from scratch, even after checking the docs it didn't work, but sounds like I had it right. Will need to check my LACP settings on my Cisco 2650G. Great explanation. Thanks.

  • @TheRangeControl
    @TheRangeControl 4 роки тому

    Ok... I kind of think I get it. But, Does the VLAN "Have to" be broken up into different interfaces or can the entire trunk be assigned to the VLAN?

  • @hayzeproductions7093
    @hayzeproductions7093 4 роки тому

    I cant get mine to work with an hp procurve 2510 switch, I have to use putty over serial adapter, to manually enable ports via command line and when i show lacp status procurve response says they are all up.
    I currently have vlan 1 on the switch. Really i dont need vlans but the switch wont allow any traffic flow without the vlan and any ports untagged.

  • @asphaltbinder
    @asphaltbinder 5 років тому +1

    Thank you for the video! I have a question regarding the LAGG that is created. Is it possible to configure the LACP LAG port as the LAN interface? Meaning the 3 Gb port handle to main traffic to and from the pfsense router to the switch? If so, how would one do that?

    • @RocketCityTech
      @RocketCityTech  5 років тому +2

      Hello, great question. Yes! You can do this after you create the LAGG interface by assigning the LAN interface to the LAGG. However, as someone else has pointed out, Netgate doesn't recommend passing untagged traffic along the same interface as tagged traffic on the LAGG interface.
      SO, what you should do is create a new VLAN for your LAN interface (whatever you want) and program the switch to handle tagged traffic on this new VLAN and associate other ports to this VLAN (untagged on the other ports outside of the LAGG). Then, modify the pfSense LAN interface to use the new VLAN on the LAGG. This allows the already untagged network you have in place to remain untagged on the switch side.
      Basically, what you are doing is first tagging the untagged (LAN I assume) traffic on the switch coming into the LAGG with a new VLAN tag and telling pfSense that the LAN interface is now on a tagged segment of the LAGG, which will be hosted on the 3Gb interface.
      Thanks for watching!

    • @asphaltbinder
      @asphaltbinder 5 років тому

      @@RocketCityTech Thank you for the quick reply! I will give this a shot, thank you

    • @RocketCityTech
      @RocketCityTech  5 років тому +1

      @@asphaltbinder I made a quick video explaining this (hopefully) a bit more clear. Here is the link: ua-cam.com/video/RgXiQlUguec/v-deo.html

  • @PrestonCovell
    @PrestonCovell 6 років тому +1

    Very informative. I will use this in a scenario for myself as well.

  • @djvincon
    @djvincon 6 років тому +1

    Hi, great tutorial. I have a question: I already have a lan to a switch with all my clients. I want to use LAGG from the router to the switch, how do i replace the LAN with the LAGG trunk? And i want to keep mij DHCP information, is that possible?

    • @RocketCityTech
      @RocketCityTech  6 років тому

      First create the lagg with all of the other interfaces and then add your lan interface to the lagg. Then make sure the switch understands the port is now part of the lagg with the other lagg ports.

  • @ffiit5864
    @ffiit5864 4 роки тому

    Hi sir, How can I exclude IP address on the DHCP Server Pool? if I use the range 10.0.60.10 - 10.0.60.100 and still use a static IP like 10.0.60.1 will it still be VLAN 60? Thanks

  • @happyb.s.productions316
    @happyb.s.productions316 6 років тому +1

    These are great videos that i like to find and watch for things i need to be able to accomplish for my personal network.
    Do have a question or 2.
    Currently have an HP Procurve switch as well. along with pfsense,
    I just want to be able to setup lagg with 4 ethernet cables to the procurve switch.
    Do i need to use vlan if im only going to have 1 network and set of ip addresses?

    • @RocketCityTech
      @RocketCityTech  6 років тому

      Hello and sorry for late reply. The short answer is no, you do not need to setup a VLAN just for the trunk if you only want untagged traffic.

  • @josidarta6262
    @josidarta6262 6 років тому

    Good and clear video! thanks for sharing this; the question I have is, can I do the trunking on the WAN itself? let's say WAN1 is cable and WAN2 is cable and combine both bandwidth for LAN; thanks!

    • @RocketCityTech
      @RocketCityTech  6 років тому

      Good question and sorry for late reply. For setting up multiple ISP connections, you would use a multi-WAN configuration. The possibilities include having connection A for primary, connection B for secondary and only using B when A fails, OR you could load balance and use both at the same time evenly and increase your available bandwidth, OR you can set percentages of usage for each connection, say use A for 75% of WAN traffic and B for 25%.
      I will try and make a video on this setup as it is a very commonly asked for solution for failover in the case of one ISP connection going down. Thanks for watching.

  • @thomasweber1397
    @thomasweber1397 6 років тому

    Thanks for this video. I like the way you explain stuff.

  • @darkvodka3463
    @darkvodka3463 6 років тому

    How would you make the trunk your main LAN ?

  • @vijayteja7
    @vijayteja7 6 років тому

    Hi found helpful, but have a doubt, that is it possible to aggregate 3 links say each is 10mb/s --> agregating it as 30mb/s single. link. If it is possible what extra configurations i need to make. thanks in advance.

    • @PrestonCovell
      @PrestonCovell 6 років тому

      its a VM, and its just an example.

  • @hayzeproductions7093
    @hayzeproductions7093 4 роки тому

    Can i use LACP without using VLan?

    • @RocketCityTech
      @RocketCityTech  4 роки тому

      Hello, yes you can! However, I believe it to be good practice to assign VLANs when possible. Thanks for watching!

  • @comet424
    @comet424 5 років тому

    how you do this with 1 nic for WAN and 1 for LAN where i want 2 VLANs with LAN off the 1 LAN port.. as i having difficulties doing this

    • @RocketCityTech
      @RocketCityTech  5 років тому

      Hello, first you will need to add the VLANs to the single NIC that you are going to assign to the different modes. For example, create VLAN 10 for WAN, VLAN 20 and 30 for your 2 internal VLANs, and then assign those VLANs to new interfaces. You can create as many VLANs and interfaces as you want on a single NIC, you just have to configure them. Doing the above and keeping the untagged traffic internal would allow for a total of 4 networks: 1 external VLAN, 2 internal VLANS, and 1 untagged internal network. You can keep the untagged network for administration or whatever you like. As always, you'll need to configure the firewall rules the way you see fit.
      Thanks for watching!

    • @comet424
      @comet424 5 років тому

      @@RocketCityTech ok some reason my re reply didnt work.. i got my switch to give ips but i can not ping any of the ips except the dhcp server of each vlan... can you email me more details. comet424@msn.com and for a game vlan how did you make sure you have a open nat for xbox live... i have it setup for novpn it uses the wan.. the xbox has a open nat.. but the computer has a moderate NAT for xbox live windows 10... yet under the same group... would you know why

    • @RocketCityTech
      @RocketCityTech  5 років тому

      @@comet424 is your switch acting as the DHCP server or pfsense? If it's the switch, make sure you have configured the DHCP server to provide the correct gateway for your pfsense server. If it's pfsense, make sure you are allowing the correct traffic through the firewall rules. I'll try to do a video on upnp and static routes soon to help with your Xbox live issues.

  • @mikejohnson8492
    @mikejohnson8492 6 років тому

    Can you do this into a server no Switch in the way?

  • @fbifido2
    @fbifido2 6 років тому

    How do you setup pfSense LACP with 2 switches?
    say you only have 2 1Gbps NICs and 2 8-port-1Gbps manage switches, you want to have HA + full bandwidth for your pfSense.
    you connect eth0 to switch1, then eth1 to switch2.
    you also create VLAN10 for WAN/Internet connection, say 101.1.0.1/30
    and VLAN 20 for LAN connections, say 10.20.0.1/16
    and VLAN 30 for Wi-Fi connection with Captive-Portal, say 10.30.0.1/24
    All these VLANs are to be place on the LACP link.

    • @PrestonCovell
      @PrestonCovell 6 років тому +1

      I would say that your managed switches would have to support stacking or some type of VRF. Once the switches are configured it would be setup the same way.

  • @mikejohnson8492
    @mikejohnson8492 6 років тому

    What about rules? there will be no internet without rules set

  • @eric_bo
    @eric_bo 6 років тому

    Nice video but something bugs me. You say don't plug nothing, first set up pfsense and the switch. What if the pc you use to access the webconfigurator is on the newly configured VLAN using the LAGG as parent interface? Wouldn't it be better to set up pfsense with a PC using an untagged port on the switch and then try to plug it in a tagged port once the config is done?

    • @RocketCityTech
      @RocketCityTech  6 років тому

      Eric B Eric B hmm, let me clarify: it’s a good idea when configuring trunks to wait until the trunk is fully configured before connecting more than one cable. Connecting multiple cables between switches and other network devices before the trunk is properly configured could cause a nasty issue like a loop back.
      The trunk can be configured first with untagged traffic, then the VLANs can be added afterwards. Wait until the trunk and ports are configured before going ahead and connecting all of your additional cables to avoid a nasty surprise.
      I hope all that makes sense, haha.

    • @eric_bo
      @eric_bo 6 років тому

      It does make sense but I'm still struggling to get it right on my home network. PfSense was working great before I try lagg lol Now, I can't even get on the web configurator from my pc (which get an IP from the VLAN DHCP). It's weird. And I can ping my pc from the pfsense ssh console.
      I've got a 4 Gb ports box as router and a Cisco 2960CG 10 Gb ports. Have no trouble to set up the etherchannel/lacp on the Cisco.
      The Pfbox is set as follow:
      WAN: em0
      LAN: em1 (192.168.1.1)
      LAGGO (em2+em3): 192.168.10.1
      VLAN 100 (on lagg0): 192.168.100.1
      On the Cisco, I set my default gateway on 192.168.100.1.
      Anyway, got to fix that thing...

    • @tomatobrush3283
      @tomatobrush3283 6 років тому +1

      You would have to setup up on an interface not included in the lagg then once setup, switch to the lag interface and add the other interface in to the lagg.

  • @TheRangeControl
    @TheRangeControl 4 роки тому

    Are those interface real or virtual or what? Do you have a real network card? Not trying to be a douchebag with the questions, but I really don't know anything about VLANS and so, without a list of hardware used, I have no real context for what is happening in the real world or virtual comparatively stated.

  • @rammartinez6873
    @rammartinez6873 4 роки тому

    Thank you so much. I learned a lot.

  • @Hammouda-IT
    @Hammouda-IT 3 роки тому

    very nice Thanks

  • @n.trzebin9492
    @n.trzebin9492 5 років тому

    Nice info.