"
Perfect, I will try that!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
21.1 Legacy Series / Re: Preferred way to configure LAG/port bonding with ESXi
July 26, 2021, 09:54:30 PM #2
21.1 Legacy Series / Preferred way to configure LAG/port bonding with ESXi
July 26, 2021, 06:17:11 PM
I'm fairly confident in network configuration and deployed a setup below at home (see the diagram attached).
- OpnSense as a VM on ESXI 6.7
- ESXi is connected to a cisco switch with static LAG/link bonding. ESXi interface is passed to OpnSense directly. VLANs are configured on OpnSense and the switch
- No High-availability or IDP configured on OpnSense. Rules are completely permissive for troubleshooting at this point
- there is a wireless L2 Cisco AP on a trunk to the switch. The AP is definitely configured correctly, as it works for all clients when connected to other home-grade routers
Issues: Generally the setup works, but there is a issue for some wired and wireless clients - they are not able to ARP OpnSense (and therefore not getting L3 connectivity and DHCP as well). No clear pattern. Some clients can be completely fine, some can never connect (e.g. RaspPi on my picture)
Suspicion: Obvious reason for such behavior would be a LAG/bonding algorithm mismatch, however I have "source MAC" set on both sides (ESXi and the switch).
another suspicion would be LAG interfaces misconfiguration on the switch or ESXi, which doesn't seem to be the case.
QUESTIONS:
Which of the following is a preferred way to configure switch<>OpnSence in VM link bonding/LAG?
1. The way it is configured now: ESXI bonds the interfaces and passes them as one interface to the VM. VLAN are configured on OpnSense
2. Same as 1, but VLANs are terminated on ESXi. ESXi then passes multiple interfaces (for each VLAN) to OpnSense.
3. Pass ESXi interfaces directly to OpnSense without bonding. Configure bonding/LAG and VLANs on OpnSense
Any other tips to make it work reliably?
Thank you
- OpnSense as a VM on ESXI 6.7
- ESXi is connected to a cisco switch with static LAG/link bonding. ESXi interface is passed to OpnSense directly. VLANs are configured on OpnSense and the switch
- No High-availability or IDP configured on OpnSense. Rules are completely permissive for troubleshooting at this point
- there is a wireless L2 Cisco AP on a trunk to the switch. The AP is definitely configured correctly, as it works for all clients when connected to other home-grade routers
Issues: Generally the setup works, but there is a issue for some wired and wireless clients - they are not able to ARP OpnSense (and therefore not getting L3 connectivity and DHCP as well). No clear pattern. Some clients can be completely fine, some can never connect (e.g. RaspPi on my picture)
Suspicion: Obvious reason for such behavior would be a LAG/bonding algorithm mismatch, however I have "source MAC" set on both sides (ESXi and the switch).
another suspicion would be LAG interfaces misconfiguration on the switch or ESXi, which doesn't seem to be the case.
QUESTIONS:
Which of the following is a preferred way to configure switch<>OpnSence in VM link bonding/LAG?
1. The way it is configured now: ESXI bonds the interfaces and passes them as one interface to the VM. VLAN are configured on OpnSense
2. Same as 1, but VLANs are terminated on ESXi. ESXi then passes multiple interfaces (for each VLAN) to OpnSense.
3. Pass ESXi interfaces directly to OpnSense without bonding. Configure bonding/LAG and VLANs on OpnSense
Any other tips to make it work reliably?
Thank you
#3
21.1 Legacy Series / Re: VLAN setup in OPNsense not working..
July 24, 2021, 12:43:38 AM
Can't tell from the screenshot, but you may want to verify that you've set VLAN ID: 4095 on the ESXI port group to allow tagged frames to pass to the VM
Pages1
