Pfsense create VLAN over LAGG

Published by razvan on

Setting up VLANs over LAGG interfaces in pfSense can increase bandwidth and redundancy while keeping your network segmented and secure. In this tutorial, you’ll learn how to configure everything properly and avoid common pitfalls.

pfSense project is a free network firewall distribution based on FreeBSD with a custom kernel and including third party free software packages for additional functionality. pfSense software is able to provide at least the same functionality or more of common commercial firewalls, without any of the artificial limitations from software. It has successfully replaced every big commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more others.

The fun part is to create VLAN over LAGG without ip because we want to setup LAGG for WAN interface. Here you need to connect to server console (physical or virtual) and type the following lines in a brand new file:

$config["laggs"] = array();
$config["laggs"]["lagg"][0]["members"] = "ix0,ix1";
$config["laggs"]["lagg"][0]["descr"] = "Lagg interface";
$config["laggs"]["lagg"][0]["laggif"] = "lagg0";
$config["laggs"]["lagg"][0]["proto"] = "lacp";

$config["vlans"] = array();
$config["vlans"]["vlan"][0]["if"] = "lagg0";
$config["vlans"]["vlan"][0]["tag"] = "1234";
$config["vlans"]["vlan"][0]["vlanif"] = "lagg0.1234";
$config["vlans"]["vlan"][0]["descr"] = "VLAN #1234";

$config["interfaces"] = array();
$config["interfaces"]["wan"]["descr"] = "WAN";
$config["interfaces"]["wan"]["enable"] = "true";
$config["interfaces"]["wan"]["if"] = "lagg0.1234";

write_config();
$config = parse_config(true);
interface_configure("wan");
touch("/cf/conf/assign_complete");
system_reboot_sync();
exec;
exit

Then after half hour typing on a old console you need to execute the following command to apply your configuration:

/usr/local/sbin/pfSsh.php < lagg.php

If your device is not rebooting you need to reboot it manually and everything will work like a charm.

Glossary:

  • LAGG – Link Aggregation, bundling multiple interfaces
  • VLAN – Virtual LAN for segmentation
  • 802.1q – VLAN tagging standard

Want help with advanced network design or firewalling?
→ Learn more about our Web & Network Firewall Services

Categories: Blog

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Blog

AWX building custom execution environment

AWX default execution environment is pretty strong but in some cases it is not enough. There days I wanted to run a play which require json_query for filtering out some outputs. All went well during Read more…

Blog

ESP32 temperature sensor with Zabbix

One of our clients requested us a solution to monitor temperature in their datacenters with one condition, this should send data to a Zabbix server without cloud or any other integrations directly using a WIFI Read more…

Blog

Logstash email alert

Logstash is a free and open server-side data processing pipeline that ingests data from a multitude of sources, transforms it, and then sends it to your favorite “stash.” In out case we are sending logs Read more…