Text only | Text with Images

OPNsense Forum

English Forums => Hardware and Performance => Topic started by: crissi on November 04, 2021, 02:36:12 PM

Title: Advice Conf LAGG LACP with VLANs
Post by: crissi on November 04, 2021, 02:36:12 PM
Hello,
I need some advice, regarding LAGG Conf with VLANs. I have on my FW 6 Ports, and I use yet 1 for LAN / VLANS and 1 Port for WAN. As I have 4 free Ports (1Gbit) on my FW, and plan to buy a new switch, I was wondering if this would make sense:

- Use 1 Interface LAN just as Management Interface.
- Create 1 Lagg Group with the 4 free Interfaces and add all the VLANS to the Logical Interface. I have my Home Servers / Laptops / Mobiles / Printer / IOT .etc all in different VLANs and use also Suricata and Sensei, would this make sense performance wise ?

Or should I Group them further like 2 LAGG Groups 2x2 Interfaces, and put in Group 1 just the Servers and in the other Group just the Clients?

One other question, can I create the LAGG on OPNsense just by unassign the existing VLAN Interfaces, or do I have to recreate them complete new?

Thanks a Lot!
Title: Re: Advice Conf LAGG LACP with VLANs
Post by: guest30640 on November 04, 2021, 05:05:31 PM
Hi,

I did similar but only on a 4 port Protectli (igb) and connected back to two switches.

The LAGG\VLAN with Sensei running was a bag of uselessness and it would lock me out. So, be careful setting up LAGGs\VLANs together and using Sensie. I even reached to the vendor and they said the same, so nothing I misconfigured (dont think).

I ended up with


With igb2 trunked back to one switch (running usual traffic\WLANs,Access point VLANs) and igb3 trunked backed to another seperate switch running IoT & VPN IoT clients. Thus keeping the traffic split on differnet VLANs and different physical ports.

In my home environment igb3 port\switch2 for IoT uses by far the most traffic! So, in my view that helped with heaps of data over just the one Protectli port

Dunno if that helps
Title: Re: Advice Conf LAGG LACP with VLANs
Post by: guest30640 on November 04, 2021, 05:16:14 PM
Quote from: crissi on November 04, 2021, 02:36:12 PM

One other question, can I create the LAGG on OPNsense just by unassign the existing VLAN Interfaces, or do I have to recreate them complete new?

Thanks a Lot!

https://docs.netgate.com/pfsense/en/latest/recipes/migrate-assigned-lan-to-lagg.html (https://docs.netgate.com/pfsense/en/latest/recipes/migrate-assigned-lan-to-lagg.html)

Title: Re: Advice Conf LAGG LACP with VLANs
Post by: crissi on November 04, 2021, 08:08:18 PM
Hi pugs,

thanks a lot for your reply and your information! I definitely need Sensei / VLANs working in my network, so if i don't get the LAGG/VLAN somehow working, i will go the same route, to use 2 x 8 Port Switches to separate Server / Clients and IOT Devices. I just saw here a similar thread / issue

https://forum.opnsense.org/index.php?topic=22945.0

what was fixed via a patch, so i don't give up the hope yet :)

Just waiting to get my LACP able Switch to test ...

Thx!
Text only | Text with Images