I have had nothing but issues trying to configure any type of lagg’s on my pfsense box… I read somewhere about running a command on the terminal to enable the feature but have long sense forgot about what it was or how I found it. I have followed there “guide” witch lets be honest is extremely dated to say the least… any suggestions on making it work would be greatly appreciated. thanks in advance! Jay Brown
You shouldn’t have to run any commands and it should be relatively straight forward to configure through the interfaces tab. What specifically are you having problems with?
when I follow the guide, after I create the LAGG interface and add the first opt Ethernet port to it then save it, i then move the LAN to use the newly created LAGG and the LAN stops working. I have to go and actual get on the physical system and change it back otherwise the interface is dead… very aware the process straight forward lol
Yeah, I wish they would add a configuration queuing system for the interfaces. If you have a spare interface then set that up as an optional interface and connect directly to it to do your configuration (make sure to set allow any to any on the firewall). If you don’t have a spare interface then leave one out of the lag and add it in once you have it working.
What lagg settings are you using? And how is your switch configured? If you’re using LACP try setting up a static configuration instead as they tend to work more reliably.
It also helps to only have one interface connected to your switch while you’re setting up the lagg and then connecting the others once it’s working.
Do you mean a port which you have assigned to an optional interface? Because you want to use ports which are unassigned and then assign the lagg to an interface.
First, awesome for the fast response you rock! second when making a lagg do you have to add it to the firewall rule or make a firewall rule for it? thought it was automatic as I want to use the LAGG as my LAN port for the static port/ports for the router /dhcp/etc of my pfsense system. I’m using whatever the recommended intel quad port gigabit Ethernet pcie Ethernet card recommend to be compatible with pfsence, so ie port 1 is currently my lan port, and i want to use port 1 and 2 for increased reliability and speed.
I mean make an opt interface with one of the ports to use just to configure it, so you can set the lagg to the lan without locking yourself out of the system. So just a temporary interface that you can use to access the webui. When you make that opt interface you will have to set firewall rules for it before you use it because by default it will have none and therefore block everything.
Once you have that you can mess around with the lagg without worrying about losing access to the webui.
So to make the lagg you first want to make sure none of the ports are assigned to any interfaces, like the lan interface. Then create the lagg with the ports you want and the correct lag type, and once you’ve created it you assign that to the lan interface.
Your switch also needs to be configured in the same way or it won’t work.
I have done this more or less with out creating a temporary interface just for configuration purposes. So as far as lagg types are concerned do i have to use a specific type? Also i looked at the firewall rules and theres no pictular configuration for lan and wan… Did I miss something??
The reason I suggest using a second interface to configure it is so when you add the lagg to the lan interface you don’t lose access to the webui if it doesn’t work.
Yes you have to use a specific mode for link aggregation, depending on what you want to do. You’ll want to use either LACP or load balance (static). But you need to configure your switch in the same way.
Very interesting, im trying to use lacp, also the switch im using is a trendnet 24 port unmanaged switch. Its odd, i follow the how to to the letter and it doesn’t work, I’ll try and config a optional port with a static ip as has been suggested but if its not working all ready what good will that do ?? Just wondering. Thanks everyone for the guidance.
You need a managed switch for link aggregation
1 Like
hmmm I find that odd. on my Slackware 14.2 server running Samba 4.2.* as a ADDC I have it configured with a lag with the included two 1gb nic ports on the hp xw8600 workstation and that seems to work just fine? I do own a Cisco SG200-50p managed switch but dont really use it in that capacity. maybe a little more info as to the why? thanks.
Because both ends of the LAG need to be configured, without a managed switch you have no way of configuring it. There are some modes, such as round robin on linux which don’t need to be configured on the switch but they’re not real link aggregation and can lead to more issues than they solve.
I almost feel that with networking the more it makes sense the less sense it makes… yes the Linux server is configured as a round robin, so your saying use the Cisco managed switch map the ports I want to use for lacp to the ports on the nic? and all should work? and that this whole time my issue has been solely due to not using a managed switch??
Yes, it won’t work without a managed switch, but the switch needs to also support link aggregation and specifically LACP (can’t remember the name of the protocol) if you want to use that.
so by not work you mean it wont work at all or not correctly? cause when I configure a lagg it dosen’t work at all.
It won’t work at all, it needs to be configured on both ends, so you need a managed switch which supports it otherwise there is no way of configuring it.
gotcha, well I have a lot of testing to do, as soon as I have some updated info I will be back! it might be a few days due to the holidays and my troops taking leave I’ll be busy. thanks for all the help and I look forward to getting back to you all with results!!!
@Dexter_Kane is right on the money.
IEEE 802.3ad Link Aggregation Control Protocol (LACP) and the Marker Protocol, requires a managed switch that supports it.
Other settings in PFSense
Failover, doesn’t. but it doesn’t do anything but prevent connectivity loss in case a port goes down.
FEC supports Cisco EtherChannel, which requires a managed Cisco switch that supports it.
LoadBalance & RoundRobin, MAY work with a regular switch, but I’ve not tried it recently.
1 Like
Ah! this make so much sense now, I am going to order a managed switch for my server closet with the 802.3ad comparability as to ensure it will function correctly.