Interfaces 2.5gbe and 10gb

Started by Hemhems, Today at 09:50:25 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
Today at 09:50:25 AM
Hello

I have a qotom 1u baremetal opnsense (5*2.5gbe rj45 4*sfp+). With igc 4 as WAN and igc 2 as LAN. I have tried multiple times to add all interfaces to One sfp+ after final config, it won't save and eventually resets my config. I have now got a "working" config with the use of 2 ports, LAN and vlan99 on icg2 and 4 other vlans on ix0 (sfp+). Why can't i get just one sfp+ with all interfaces to work - what am i doing wrong?
Today at 10:42:55 AM #1
are you trying to create a port channel? if so, you need to create a bridge 1st.
Today at 11:31:32 AM #2
Port channel is LACP/LAGG, not bridge. But yes, the OP needs to be a bit more specific about what they mean by "add all interfaces to one SFP+".
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 11:52:26 AM #3 Last Edit: Today at 12:14:30 PM by Hemhems
I wanted to use 1 trunk 10gb sfp+ but my opnsense config bricked when moving all vlans 10-99 and lan, and used igc2 for the initial setup. So i used no lagg and no brigde and used 2 trunk interfaces to my mikrotik crs328. Igc2 with LAN and vlan 99, and 10gb sfp+ with vlan 10-20-30-40. I have no mgmt vlan access to my AP. So i think i need just 1 trunk, preferable sfp+ ix0...
Today at 04:40:26 PM #4
Since you have many ports, I would start from a fresh config, and set one of the 2.5g ports to be a "management" port that doesn't have any of your vlans. Connect a computer directly to that port and use it to set up the trunked vlans and wan on your other ports, this might allow you to skip setting up a bridge.

Or I'm not understanding what you want to do, which is possible.
Today at 04:49:21 PM #5
You can of course place all your VLANs on a single SFP+ port. Just make sure not to assign the untagged port itself to anything like "LAN" or "OPT1" and use tagged VLANs only. Then do the same on the switch - all VLANs tagged for the trunk port. If the switch insists there must be a "native VLAN" or "PVID", use something unused like 999 or so.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 05:09:11 PM #6
Quote from: Greg_E on Today at 04:40:26 PMSince you have many ports, I would start from a fresh config, and set one of the 2.5g ports to be a "management" port that doesn't have any of your vlans. Connect a computer directly to that port and use it to set up the trunked vlans and wan on your other ports, this might allow you to skip setting up a bridge.

Or I'm not understanding what you want to do, which is possible.

I have a offbridge mgnt port on the mikrotik, that stays and works fine. Bridged mode works fine on the mikrotik, and preferable. I tried bridging on the opnsense and nothing worked here either. Just want to try to get on using 1 trunk 10gb sf+ from the qotom-->mikrotik. But i have bricked it everytime i tried doing a bridge or using sfp+.
Today at 05:17:38 PM #7
You don't need a bridge on OPNsense. OPNsense is not a switch like the Mikrotik. Just set all VLAN interfaces with the SFP+ as parent. What would you need a bridge for? Then plug in Mikrotik trunk port.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 05:19:59 PM #8
Quote from: Patrick M. Hausen on Today at 04:49:21 PMYou can of course place all your VLANs on a single SFP+ port. Just make sure not to assign the untagged port itself to anything like "LAN" or "OPT1" and use tagged VLANs only. Then do the same on the switch - all VLANs tagged for the trunk port. If the switch insists there must be a "native VLAN" or "PVID", use something unused like 999 or so.

I have to try again. Wifi Speed on my AP unmanaged switch was 100Mbps, testing my opnsense with LAN and vlan99 on icg2 and vlan10 on sfp+(ix0) got me 900+(GREAT).

Now i have fully configured my mikrotik and i'm back at 100Mbps - dunno what happened here. AP was accessable through LAN before, now that i changed to vlan99, i can only find it as neighbor, dhcp won't fetch it, tried a static mapping but did not work.. 
Today at 05:22:24 PM #9
Quote from: Patrick M. Hausen on Today at 05:17:38 PMYou don't need a bridge on OPNsense. OPNsense is not a switch like the Mikrotik. Just set all VLAN interfaces with the SFP+ as parent. What would you need a bridge for? Then plug in Mikrotik trunk port.

I won't bridge anything in opnsense. Dunno why i did - did not work as i intended anyway.
Today at 05:23:42 PM #10
You need to configure a port on the Mikrotik as untagged VLAN 10 (? that what your AP should be in?) and connect the AP there. On the link between Mikrotik and OPNsense VLAN 10 should be tagged. Same for all VLANs.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 05:25:41 PM #11
Quote from: Hemhems on Today at 05:22:24 PM
Quote from: Patrick M. Hausen on Today at 05:17:38 PMYou don't need a bridge on OPNsense. OPNsense is not a switch like the Mikrotik. Just set all VLAN interfaces with the SFP+ as parent. What would you need a bridge for? Then plug in Mikrotik trunk port.

I won't bridge anything in opnsense. Dunno why i did - did not work as i intended anyway.

Obviously because it does not make sense.

A bridge in OPNsense can be used to emulate sort-of-a switch by combining e.g. 3 ports into a single LAN. So a device with e.g. for ports can have one WAN and 3 LAN ports without an external switch like most common consumer routers.

As soon as VLANs and a separate switch get involved you don't need this. The switch is the "bridge" in this case and even VLAN aware which OPNsense's bridge isn't.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 05:34:06 PM #12 Last Edit: Today at 05:41:09 PM by Hemhems
Quote from: Patrick M. Hausen on Today at 05:23:42 PMYou need to configure a port on the Mikrotik as untagged VLAN 10 (? that what your AP should be in?) and connect the AP there. On the link between Mikrotik and OPNsense VLAN 10 should be tagged. Same for all VLANs.

Just changed  vlan99 from igc2 to ix0, and yeah opnsense crashed as usual..! Changed the the mikrotik on sfpplus1 to tagged as well..

Thx for the Bridge lesson..

I have tagged vlan 10-20-30-99 on mikrotik ether 2 and they all work fine, but have no mgmt access to it at the moment. Setup vlans and "open" ssid on my Grandstream 7665 prior, and LAN had it accessible through dhcp before..
Today at 05:37:30 PM #13
Quote from: Hemhems on Today at 05:34:06 PMI have tagged vlan 10-20-30-99 on mikrotik ether 2 and they all work fine, but have no mgmt access it at the moment. Setup vlans and "open" ssid on my Grandstream 7665 prior, and LAN had it accessible through dhcp before..

I do not quite understand but to get management access configure an IP address on some untagged port and connect your management PC to that at first. You can also configure the bridge itself on the Mikrotik as untagged for the VLAN that is your management network and configure a DHCP client for that.

All more Mikrotik than OPNsense questions it seems to me, honestly.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 05:49:45 PM #14
Quote from: Patrick M. Hausen on Today at 05:37:30 PM
Quote from: Hemhems on Today at 05:34:06 PMI have tagged vlan 10-20-30-99 on mikrotik ether 2 and they all work fine, but have no mgmt access it at the moment. Setup vlans and "open" ssid on my Grandstream 7665 prior, and LAN had it accessible through dhcp before..

I do not quite understand but to get management access configure an IP address on some untagged port and connect your management PC to that at first. You can also configure the bridge itself on the Mikrotik as untagged for the VLAN that is your management network and configure a DHCP client for that.

All more Mikrotik than OPNsense questions it seems to me, honestly.

Sure it's unrelated, i can use my AP mgmt when its eventually getting a ip from dhcp on 99. But for now i'm stuck there.

I need to use a backup as opnsense is down now, because i want to use sfp+ :(
Print
Go Up Pages1 2
User actions