Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Advisability of LAGG between OPNsense and multiple switches
« previous
next »
Print
Pages: [
1
]
Author
Topic: Advisability of LAGG between OPNsense and multiple switches (Read 2067 times)
crudolphy
Newbie
Posts: 2
Karma: 0
Advisability of LAGG between OPNsense and multiple switches
«
on:
November 22, 2023, 03:35:01 pm »
First I have been a pfSense user and am setting up to move to OPNsense. Purchased a used Optiplex 5050 (I5-6500, 32GB Ram, Intel I350 4 port 1GbE NIC, Intel I219-V 1 port 1GbE NIC, 256GB M2 Sata Drive). I have successfully loaded OPNsense 23.7.8_1 on it and beginning configuration.
I have set up 1 of the I350 ports as the WAN interface and another as the LAN interface. So I have two free ports on this NIC and then the 1 built-in port on the other NIC.
I have two Netgear managed L2 switches that are both 802.1Q VLAN capable and LAGG capable. I have setup VLAN's but never setup LAGG. I will have (7) VLAN's including the default plus Wireguard.
My thought is to move the WAN interface to the I219-V port, then LAGG (2) of the I350 ports together for LAN and using LAN for only OPNsense and the switches (Default VLAN 1), then bonding the other two I350 ports together for the other 6 VLAN's. I have plenty of room (ports) on my switches for this configuration.
Is this feasible? What might the pitfalls be? Any and all opinions/guidance would be greatly appreciated.
Chuck
Logged
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: Advisability of LAGG between OPNsense and multiple switches
«
Reply #1 on:
November 22, 2023, 04:12:25 pm »
To run a lagg with the physical connections to two different switches the switches MUST be multi chassis LACP capable. Sometimes called "stacking". If they are not, you are limited to running two (or more) physical connections to a single switch.
HTH,
Patrick
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Seimus
Hero Member
Posts: 608
Karma: 59
Re: Advisability of LAGG between OPNsense and multiple switches
«
Reply #2 on:
November 22, 2023, 04:17:01 pm »
As Patrick said,
If you want to do a LAGG between OPN and connect from it one port of the LAGG to SW1 and other to SW2 you need switches capable of MEC.
LAGGs work very well on OPNsense I am using them. LAGG with LACP between OPN and CORE Switch. the LAGG is L2, on this run VLANs and VLAN interfaces for each VLAN to act as GW.
Basically create first the LAGG, then VLANs. attach them to LAGG and create VLAN interfaces with proper IP/MASK to act as GW.
Just be careful to not lock yourself out. During migration from single port to LAGG I did create a wide inbound any any allow rule on the VLAN interfaces.
You can also create the LAG+VLAN + VLAN interfaces 1st and give them IP and keep the LAN as well. During migration you can use and keep the LAN in native VLAN 1.
Once you created VLANs over LAGG, access the OPN via new GW interfaces, once you have access you can migrate off your old LAN. Also I don't advice to keep Tagged and UnTagged VLANs as permanent solution, even if it works its not "supported" you could hit random problems. But for migration purposes its okay.
Regards,
S.
Logged
Networking is love. You may hate it, but in the end, you always come back to it.
OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G -
VM HA(SOON)
N100 - i226-V | Crucial 16G 4800 DDR5 | S 980 500G -
PROD
crudolphy
Newbie
Posts: 2
Karma: 0
Re: Advisability of LAGG between OPNsense and multiple switches
«
Reply #3 on:
November 23, 2023, 07:38:58 pm »
First thank you both for respomding. After reading your responses and reading some more about lagg and lacp, I think this may work. What do you (anyone) think?
Optiplex 5050 with OPNsense
Static Lagg - Lagg 0
inc0
inc01
Static Lagg - Lagg 1
inc02
inc03
Interface em1 --> WAN ISP 1GbE
:Netgear GS724T V2
Static Lagg - Lagg0
Port 22
Port 24
Static Lagg - Lagg1
Port 18
Port 20
Static Lagg - Lagg2
Port 21
Port 23
Netgear JGS516PE
Static Lagg - Lagg0
Port 15
Port 16
Optiplex Lagg0 --> GS724T Lagg0 - Vlan1 (default)
Optiplex Lagg1 --> GS724T Lagg1 - Vlan (1,10,20,30,40,50,60)
Gs724T Lagg2 --> JGS516 Lagg0 - Vlan (1,10,40,60)
In regards to cabling each Lagg member port would be cabled 1:1 to its corresponding lagg port.
The GS724T is LACP capable but the JGS516 PE is not.
Appreciate any feedback.
Chuck
«
Last Edit: November 23, 2023, 07:44:52 pm by crudolphy
»
Logged
Seimus
Hero Member
Posts: 608
Karma: 59
Re: Advisability of LAGG between OPNsense and multiple switches
«
Reply #4 on:
November 27, 2023, 02:50:07 pm »
Gs724T Lagg2 --> JGS516 Lagg0 - Vlan (1,10,40,60)
Why not to call it on JGS516 LAGG2 as well?
So per what you write GS724T will be like your "CORE" switch and only this will be connected towards OPN. If its LACP capable configure LACP on the LAGGs between OPN and the switch. And use static downstream from GS724T towards JGS516
Also on LAGG0 only VLAN1 default by this you probably mean a NON TAGGed VLAN during migration right? So basically you will use the interface for L3 not an SVI L3 Vlan interface.
Regards,
S.
«
Last Edit: November 27, 2023, 03:06:02 pm by Seimus
»
Logged
Networking is love. You may hate it, but in the end, you always come back to it.
OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G -
VM HA(SOON)
N100 - i226-V | Crucial 16G 4800 DDR5 | S 980 500G -
PROD
lilsense
Hero Member
Posts: 600
Karma: 19
Re: Advisability of LAGG between OPNsense and multiple switches
«
Reply #5 on:
November 27, 2023, 03:14:54 pm »
Couple of things:
- Native VLAN is untagged and hence will not work here... Everything should be tagged on LACP/LAGG interfaces.
- I would not recommend using VLAN1. Create it and send it to no where...
- I would create a LAGG with four ports (if it works) to your managed switch GS724T. And a LAGG from GS724T to the other switch with no VLAN 1 on any of the switches.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Advisability of LAGG between OPNsense and multiple switches