Discussion:
[pfSense] problems with lagg interfaces?
Eero Volotinen
2017-10-17 13:36:18 UTC
Permalink
Hi All,

Tried to configure lagg0 interface with vlans. Looks like traffic is not
passing in the interface.

Any ideas? It works fine, if I just configure interface with vlan, but not
with lagg interface

Setup is like this:

-> Lagg0 with two interfaces in failover mode and vlan tagging top of that.
-> Both switches are configured to pass traffic with vlan tags to firewall.

--
Eero
ibrahim uçar
2017-10-17 13:38:42 UTC
Permalink
Also did you create a pass rule in lagg0 interface which is from Firewall >
Rules > lagg0?




--

*İbrahim UÇAR*

Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com>
Post by Eero Volotinen
Hi All,
Tried to configure lagg0 interface with vlans. Looks like traffic is not
passing in the interface.
Any ideas? It works fine, if I just configure interface with vlan, but not
with lagg interface
-> Lagg0 with two interfaces in failover mode and vlan tagging top of that.
-> Both switches are configured to pass traffic with vlan tags to firewall.
--
Eero
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Eero Volotinen
2017-10-17 13:42:59 UTC
Permalink
well. I assigned vlan to lagg interface and added pass any rule under that
vlan tag.

--
Eero
Post by ibrahim uçar
Also did you create a pass rule in lagg0 interface which is from Firewall >
Rules > lagg0?
--
*İbrahim UÇAR*
Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com>
Post by Eero Volotinen
Hi All,
Tried to configure lagg0 interface with vlans. Looks like traffic is not
passing in the interface.
Any ideas? It works fine, if I just configure interface with vlan, but
not
Post by Eero Volotinen
with lagg interface
-> Lagg0 with two interfaces in failover mode and vlan tagging top of
that.
Post by Eero Volotinen
-> Both switches are configured to pass traffic with vlan tags to
firewall.
Post by Eero Volotinen
--
Eero
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
r***@ultra-secure.de
2017-10-17 14:23:57 UTC
Permalink
Post by Eero Volotinen
Hi All,
Tried to configure lagg0 interface with vlans. Looks like traffic is not
passing in the interface.
Any ideas? It works fine, if I just configure interface with vlan, but not
with lagg interface
-> Lagg0 with two interfaces in failover mode and vlan tagging top of that.
-> Both switches are configured to pass traffic with vlan tags to firewall.
what NIC hardware is this?
Eero Volotinen
2017-10-17 14:28:11 UTC
Permalink
It's netgate pfsense SG-4860 running 2.4 final release

Eero
Post by r***@ultra-secure.de
Post by Eero Volotinen
Hi All,
Tried to configure lagg0 interface with vlans. Looks like traffic is not
passing in the interface.
Any ideas? It works fine, if I just configure interface with vlan, but not
with lagg interface
-> Lagg0 with two interfaces in failover mode and vlan tagging top of that.
-> Both switches are configured to pass traffic with vlan tags to firewall.
what NIC hardware is this?
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
r***@ultra-secure.de
2017-10-17 14:32:37 UTC
Permalink
Post by Eero Volotinen
It's netgate pfsense SG-4860 running 2.4 final release
So, these are intel nics?

Can you look in freebsd-bugzilla if there are bugs open for this
interface type and lagg(4)?

I've had the same problem with bxe(4) (on FreeBSD).

I had to switch to ix(4).

Might be worth filing a ticket with netgate...
Eero Volotinen
2017-10-17 14:34:27 UTC
Permalink
So, you mean that it is not working?

Eero
Post by r***@ultra-secure.de
Post by Eero Volotinen
It's netgate pfsense SG-4860 running 2.4 final release
So, these are intel nics?
Can you look in freebsd-bugzilla if there are bugs open for this interface
type and lagg(4)?
I've had the same problem with bxe(4) (on FreeBSD).
I had to switch to ix(4).
Might be worth filing a ticket with netgate...
Ivo Tonev
2017-10-17 14:54:08 UTC
Permalink
Even if your vlan dont bright up you can capture traffic on physical
interfaces with tcpdump.
See what you can capture before any other move.

Do a bottom-up troubleshoot.
Post by Eero Volotinen
So, you mean that it is not working?
Eero
Post by r***@ultra-secure.de
Post by Eero Volotinen
It's netgate pfsense SG-4860 running 2.4 final release
So, these are intel nics?
Can you look in freebsd-bugzilla if there are bugs open for this
interface
Post by r***@ultra-secure.de
type and lagg(4)?
I've had the same problem with bxe(4) (on FreeBSD).
I had to switch to ix(4).
Might be worth filing a ticket with netgate...
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
r***@ultra-secure.de
2017-10-17 14:57:51 UTC
Permalink
Post by Ivo Tonev
Even if your vlan dont bright up you can capture traffic on physical
interfaces with tcpdump.
See what you can capture before any other move.
if the lagg(4) works while you run tcpdump(8), it's (most likely) a
driver bug like bxe(4)

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213606


IMHO.
Eero Volotinen
2017-10-17 15:16:24 UTC
Permalink
so sad. how to downgrade to 2.3?


Eero
Post by Ivo Tonev
Even if your vlan dont bright up you can capture traffic on physical
interfaces with tcpdump.
See what you can capture before any other move.
if the lagg(4) works while you run tcpdump(8), it's (most likely) a driver
bug like bxe(4)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213606
IMHO.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Adam Thompson
2017-10-17 20:51:23 UTC
Permalink
No, you misunderstood the last response.
You have not provided enough information yet to determine what the problem is.

Three things have been suggested:
1. It *might* be a bug *similar* to one someone else encountered using different hardware (which does not even exist on your firewall),
2. You could open a ticket with Netgate support,
3. You can try running tcpdump on the underlying interfaces to see what's happening there.

If you don't know how to manually troubleshoot LACP issues or VLAN issues, I suggest you open that support ticket.
If you are reasonably confident in your ability to troubleshoot one or the other, then go ahead and use tcpdump (with the -e option) to figure out which part is broken and why.

Also:

Since pfSense does not allow LAG creation from the command-line, building a one-armed router like this is a dangerous design unless you have a spare interface for management through the webui. I learned that the hard way :-/.

-Adam
Post by Eero Volotinen
so sad. how to downgrade to 2.3?
Eero
Post by r***@ultra-secure.de
Post by Ivo Tonev
Even if your vlan dont bright up you can capture traffic on
physical
Post by r***@ultra-secure.de
Post by Ivo Tonev
interfaces with tcpdump.
See what you can capture before any other move.
if the lagg(4) works while you run tcpdump(8), it's (most likely) a
driver
Post by r***@ultra-secure.de
bug like bxe(4)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213606
IMHO.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Eero Volotinen
2017-10-18 06:25:24 UTC
Permalink
Hi,

Problem looks very similar, but I am using failover mode instead of lacp.

Need to buy support and crate ticket. Looks like same feature works on
2.3.x series.

--
Eero
Post by Adam Thompson
No, you misunderstood the last response.
You have not provided enough information yet to determine what the problem is.
1. It *might* be a bug *similar* to one someone else encountered using
different hardware (which does not even exist on your firewall),
2. You could open a ticket with Netgate support,
3. You can try running tcpdump on the underlying interfaces to see what's happening there.
If you don't know how to manually troubleshoot LACP issues or VLAN issues,
I suggest you open that support ticket.
If you are reasonably confident in your ability to troubleshoot one or the
other, then go ahead and use tcpdump (with the -e option) to figure out
which part is broken and why.
Since pfSense does not allow LAG creation from the command-line, building
a one-armed router like this is a dangerous design unless you have a spare
interface for management through the webui. I learned that the hard way :-/.
-Adam
Post by Eero Volotinen
so sad. how to downgrade to 2.3?
Eero
Post by Ivo Tonev
Even if your vlan dont bright up you can capture traffic on physical
Post by Ivo Tonev
interfaces with tcpdump.
See what you can capture before any other move.
if the lagg(4) works while you run tcpdump(8), it's (most likely) a driver
bug like bxe(4)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213606
IMHO.
------------------------------
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
------------------------------
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Continue reading on narkive:
Loading...