Link Aggregation Groups (LAG)

Follow

Comments

19 comments

  • Avatar
    Matt Niswonger

    When you say “All ports in a LAG must be assigned to the same network.”, does this mean that multiple networks configured as VLANs cannot be assigned to the same LAG?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    This means if you use port 1 and port 2 as one LAG, then they can't be used by anything else. VLAN over LAG is supported on 1.9731 

    0
    Comment actions Permalink
  • Avatar
    Matt Niswonger

    This means if you use port 1 and port 2 as one LAG, then they can't be used by anything else. VLAN over LAG is supported on 1.9731 

    I'm still not clear on this.  I'm trying to get clarification on whether or not I can assign multiple networks that are setup as tagged VLANs on the Firewalla to the same LACP group like I can on a switch.  I route traffic across VLANs internally so I can inspect things between my primary trusted networks and my IoT network for example, and it would be advantageous to not be bottlenecked by a single interface (yes I know a single TCP stream won't span more than 1 physical port).

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Yes, you will be able to assign multiple VLANs to the same LAG, but it requires box version 1.9731, which is currently in early access release. 

    0
    Comment actions Permalink
  • Avatar
    Joshua Wood

    Any ETA to stable relase. I set up VLANs last night assuming the Firewalla had LAG currently to be sadly disappointed :(

    0
    Comment actions Permalink
  • Avatar
    Joshua Wood

    Or, how do I get access to this build?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    VLAN over LAG is now supported in 1.9731 release. As the time of this message, 1.9731 is in beta and hopefully soon be in production.

    0
    Comment actions Permalink
  • Avatar
    thernus

    I am trying to setup a LAG between FWG and SXR80 (Netgear SXK80 pair in bridge mode) and cant seem to get it work.

    I have the LAG group setup on the FWG across port 1 and 2 with VLAN's

    I have the SXR80 port 1 and 2 'bound' using the default trunk mode

    If I have one cable plugged in from the FWG to the SXR80 it works

    As soon as I plug in the second uplink cable from the FWG to the second bound port on the SXR80 it drops off.

    The SXK80 manual states - '802.3ad link aggregation for static LAGs' so I am thinking its not compatible, is the only way to have LAG working is to put in a switch between the FWG and SXR80 that supports LACP for the FWG and then Static LAG for SXK80 or am I missing something obvious?

    1
    Comment actions Permalink
  • Avatar
    Hoby Brenner

    Is there any chance that LAG and Bridge mode could work together?  Is there a technical limitation?  It would be nice for a bit more speed in inter-vlan routing.

    0
    Comment actions Permalink
  • Avatar
    Tankbot

    I have an L3 switch and want to LAG all 4 ports on my gold unit together so my WAN can go through the switch isolated to my FW to filter and watch everything, but the app limits me to a maximum of 3 ports to be LAG'ed together. Why is it limited to 3? I want four to work with VLANS to make everything work and get the maximum throughput. 

    1
    Comment actions Permalink
  • Avatar
    swampy2b

    Is there a plan to support Static LAG configurations at some point in the future?  Or, at least comment on the feature request

    0
    Comment actions Permalink
  • Avatar
    Tankbot

    If i recall correctly, it can detect static and switch to static. I used a switch that only supported static and was able to LAG with the Gold.

    -1
    Comment actions Permalink
  • Avatar
    Yoav freiberger

    Got 2.5 GBPS fiber, that requires PPPOE WAN connection (uses pong fps fiber to 2.5 Gbps singlr port) and pppoe conection,.

    With dynamic link aggregated supported switch, according to firewalla user guide , it should be possible to use two firewalla gold ports in LAG mode, aggregated on Firewalla and the switch, linked to the single ethernet WAN port on the adapter.

    The examples given in the article use DHCP mode, and I wanted to verify that this would work with PPPOE conecting my Firewalla gold box, that would also act as the modem, by "virtualizing, Firewalla 2 Gb ports and linking it to the 2.5 Gbps ethernet port on the ISP adapter would not only "see "as a single connection, but work through Firewalla PPPOE over LAG, enabling me to take advantage of Broder band.

    my questions are as follows:
    1. Would this set up work with PPPOE I Firewalla link aggregation?
    2. Since multi gigabit switches that support802.3AD dynamic link aggregation are expensive and mostly redundant , as I only need one 2.5 Gbps ethernet port and two other 1Gps to Firewalla (sort of a "smart splitter"), are there any recommendations for cost-effective solutions for this switch.
    3. Another option I was thinking of was an fps (Apple Inc. multi gigabit fiber, downlink gigabit ethernet), but that would need to replace and comply with pong standards on the adapter I was provided with on the Fibo side, which is Nokia G-010G-T with one 2.5 Gb ethernet port and one for fiber. Since I really need a quote "smart splitter " from a single multi gigabit to two 1gbps ports on Firewalla, a $200 multi gigabit switch that supports these standards seems like an overkill.

    If anyone can confirm feasibility, and recommend products either to replace the fiber to ethernet adapter or an appropriate switch, I would be most appreciative.

    0
    Comment actions Permalink
  • Avatar
    Support Team

    It can be setup in that way, but unlikely it would work as you expected. Because the box and the switch can't decode PPPoE payload, the load balancing may not fully work as expected or not well distributed to two ports. In worst case, it could actually just use one of the ports to transfer data.

    Even though the load balancing works, the performance of the original Gold may not be able to support 2.5gbps download speed over PPPoE.

     

    0
    Comment actions Permalink
  • Avatar
    Gary Sargent

    I want to LAG ports 2 and 3 of a Gold Plus and connect them to a managed switch (also configured for LAG).

    I then want to use port 1 on the Gold Plus to connect another device TO THE SAME NETWORK.

    This does not seem possible Firewalla gives me an error saying the ethernet ports should not be selected in the same network, but I can't see any good reason why not?

    Surely LAG is just having a bigger pipe? I can connect port 2 to the switch and port 1 to a device and them both be on the same network. Why can't I do the same using LAG?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    You can not do this. 

    2/3 -> Network A

    1 -> Network A

    This creates a switch loop. One of them will be automatically turned off.

    0
    Comment actions Permalink
  • Avatar
    Gary Sargent

    Can you explain why this will create a switch loop? I already have:

    2 -> Network A

    1 -> Network A

    I'm just looking to join 2 and 3 together for a faster speed.

    The switch connected to port 1 is not connect to the switch on port 2, so there should be no loops.

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    If (1)(2) are both on the same network A, and both connect to the same switch, it will not work.

    If (1) connect to one switch and (2) connect to another switch, it will work. If the two switches are connected together, it will not work.

    If (1)(2) LAG connect to a switch, it will work. 

    0
    Comment actions Permalink
  • Avatar
    Gary Sargent

    Sure but I have Switch A and Switch B, and they are not connected.

    I have Switch A connected to Firewalla port 1

    I have Switch B connected to Firewalla port 2

    That's all fine, and no loops.

    Now I want to LAG ports 2 and 3, and have Switch B connected to LAG 2+3, but while still having Switch A connected to port 1.

    There are still no loops doing that, so why won't it let me?

     

    0
    Comment actions Permalink

Please sign in to leave a comment.