OPNsense Forum
English Forums => General Discussion => Topic started by: Ben. on July 03, 2022, 09:47:06 am
-
Hi,
I am trying to set up my new network.
I have a Fujitsu S930 with a 4-port Broadlink NIC. 3 Ports are configured as a LAGG device with 5 different VLANs assigned.
In the Unifi switch I set up the first 4 ports as "Aggregate" but I wont be assigned an IP address.
So before getting into details, does anybody have a similar setup working with OPNsense and are there general things to check (like VLAN filtering being disabled etc)?
Thanks for hints.
-
First of all, LAG should always be in pairs as in 2,4,6,8 etc. You will have loads of issue with 3.
Second, if you are doing this on OPNsense, then you need to bridge your interfaces first before setting up a VLAN.
-
lilsense, sorry, no. Agree with the even numbers for any lagg, but the order of interface stacking is
physical/lagg - VLAN - bridge in FreeBSD. Always has been. You cannot create VLANs on a bridge interface.
-
Ok, thanks, so the bridge is required because of multiple VLANs, right? Not because of the Lagg, right?
-
I use a LACP to a Unifi switch over 3 links, but there are only VLAN's on it.
The Unifi management network (VLAN 1) is not on there, for that I use an extra connection.
I read somewhere that you should not put tagged and untagged VLAN on one link, that would cause problems. Obs true, I do not know.
-
@Tuxtom007: So you didnt set up a bridge?
I plan a similar same setup like yours.
-
A bridge is only required if you want a VLAN to span multiple ports on the OPNsense device. A FreeBSD bridge is a virtual switch for a single VLAN. I was just trying to correct what I think was a wrong statement. In regular scenarios - one trunk port or one lagg connection from OPNsense to switch (aka "router on a stick") you do not need a bridge interface at all.
Yes, don't mix tagged and untagged on one connection in FreeBSD. Will not necessarily lead to problems but there are various configurations with DHCP or IDS when it will. Just to name a few. So the general advice is against so as not to encounter unpleasant surprises.
-
Thank you for the explanation, that helps a lot.
I never used a LAGG and never thought about/understood the bridge concept.
You explained it very well!
-
lilsense, sorry, no. Agree with the even numbers for any lagg, but the order of interface stacking is
physical/lagg - VLAN - bridge in FreeBSD. Always has been. You cannot create VLANs on a bridge interface.
Why sorry, pmhausen, if I am mistaken then it needs to be corrected. No need to be sorry about it. :)
-
@Tuxtom007: So you didnt set up a bridge?
I plan a similar same setup like yours.
Hello,
no, I have not configured any bridge
-
Sorry, maybe a stupid question:
If I have a LAGG interface of 2 ports with 4 VLANs, I need to create 4 bridges?
-
You don't need any bridge. Just create the lagg and then the VLANs with the lagg as parent.
-
Ok, I tried that but it wont work. I created the lagg, assigned the VLANs and set up the aggregate on the switch (4 ports).
Afterwards only plugged in one cable but no IP was offered via DHCP.
Ok, I will do some more analysis.
-
You need to configure LACP on both sides and you should plug in two cables.
After creating the VLANs in OPNsense you need to assign them in Interfaces > Assignments. Only then can you create IP configuration etc.
Also it is not perfectly clear to me which device should be the DHCP server and which one should be the client. On OPNsense you can have only one interface with a DHCP client configuration. Most of the time OPNsense is supposed to manage the DHCP server for all internal VLANs, though. You need to manually activate and configure that, too, of course. Service won't appear magically by just creating the VLAN.
-
Yes, I did all that, also configured the firewall for all VLANs, assigned Unbound to all local interfaces etc.
I will try with 2 cables, but thought LACP would automatically handle port failures.
Maybe I can collect some screenshots if I cant get it to work.