Configure a LACP link (LAGG) on pfSense 2.6

10. Working LAGG/LACP interface

Now that pfSense is accessible via its LAGG LAN interface, you can reconfigure the network card of your desktop PC to automatically obtain an IP address from the DHCP server of your pfSense machine.
To do this, right-click "Properties" on your network card.

Select "Obtain an IP address automatically" and "Obtain addresses...", then click OK.

As expected, our computer correctly receives an IP address from the DHCP server of our pfSense machine.
Which proves that the LACP link between the pfSense machine and the physical Netgear switch is working correctly.

On the pfSense dashboard, you will see that the 2 LAGG ports of your "LAN_LAGG_INTERFACE" interface are in "(ACTIVE, COLLECTING, DISTRIBUTING)" mode.

Plain Text

LAN_LAGG_INTERFACE :

LAGG Ports: ix0 (ACTIVE,COLLECTING,DISTRIBUTING),
ix1 (ACTIVE,COLLECTING,DISTRIBUTING)

You can also check the status of your pfSense interfaces via the menu: Status -> Interfaces.

Again, you can see that the status of your interface "LAN_LAGG_INTERFACE" is "Up" and that the LAGG ports are in "(ACTIVE,COLLECTING,DISTRIBUTING)" mode.
You can also see incoming and outgoing packets.

Plain Text

LAN_LAGG_INTERFACE Interface (lan, lagg0).
Status : up.
...
LAGG Ports : ix0 (ACTIVE,COLLECTING,DISTRIBUTING), ix1 (ACTIVE,COLLECTING,DISTRIBUTING).
In/out packets : xx/xx (xx KiB/xx KiB)
In/out packets (pass) : xx/xx (xx KiB/xx KiB)

Finally, go to: Status -> DHCP Leases.

As expected, our computer "win10-pc" received an IP address from the pfSense DHCP server via the network interface "LAN_LAGG_INTERFACE".

11. LACP link test (LAGG)

Now that the LACP link is working, here's a quick demonstration of the fault tolerance you get with the LACP link.

Currently, the 2 network cables are connected, so the status of the pfSense "LAN_LAGG_INTERFACE" interface is:

Plain Text

LAGG Ports: ix0 (ACTIVE,COLLECTING,DISTRIBUTING),
ix1 (ACTIVE,COLLECTING,DISTRIBUTING).

On the physical Netgear switch, you can see that the network cables are plugged into ports 4 and 6 used by LAG 1.
In addition, the LACP link is functional given that the status of LAG 1 on the Netgear switch is "Link Up".

On our desktop PC connected to the same network as the pfSense "LAN_LAGG_INTERFACE" interface, we launch an infinite ping to the IP address of this pfSense "LAN_LAGG_INTERFACE" interface.

To do this, use the Windows command "ping" with the "-t" parameter and specify the IP address of the pfSense "LAN_LAGG_INTERFACE" interface.

Batch

ping -t 10.0.0.1

Plain Text

Pinging 10.0.0.1 with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time=1 ms TTL=64
...

For the test, we unplug the network cable from port 6 of the Netgear switch.
As expected, the status of LAG 1 on this physical switch is always "Link Up".

Ping continues to work despite unplugging one of the network cables.

Plain Text

Reply from 10.0.0.1: bytes=32 time<1 ms TTL=64

On pfSense, you will see that only one LAGG port (in our case: ix1) will be in "(ACTIVE,COLLECTING,DISTRIBUTING)" mode.
The other port (in our case: ix0) will not be used.

We reconnect the network cable that we had unplugged and the LAG 1 link is still "Up".

A packet may get lost when reconnecting the network cable, but then network packets continue to pass through without issue.

Plain Text

Reply from 10.0.0.1: bytes=32 time=1 ms TTL=64
Request timed out.
Reply from 10.0.0.1: bytes=32 time=1 ms TTL=64

On pfSense, the 2 LAGG ports are again in "(ACTIVE, COLLECTING, DISTRIBUTING)" mode.

This time, we unplug the network cable from port 4 of the Netgear switch and LAG 1 is still functional (LAG: Link Up).

A packet may be lost when the network cable is unplugged, but then the packets continue to pass through the other network cable without problems.

Plain Text

Reply from 10.0.0.1 : bytes=32 time=1 ms TTL=64
Request timed out.
Reply from 10.0.0.1 : bytes=32 time=1 ms TTL=64

This time, on pfSense, it is the "ix0" network interface that continues to work for the LAGG interface.
The ix1 network interface is not used because its network cable is unplugged.

We reconnect the network cable from port 4 of the Netgear switch and the LACP link is still functional (LAG 1: Link Up).

Again, one or two packets may be disrupted when reconnecting the network cable, but the network then continues to function properly.

Plain Text

Reply from 10.0.0.1 : bytes=32 time=24 ms TTL=64
Reply from 10.0.0.1 : bytes=32 time<1 ms TTL=64
Request timed out.
Reply from 10.0.0.1 : bytes=32 time<1 ms TTL=64

To stop the "ping" command in Windows, press the "CTRL + C" keys.
As you can see, despite unplugging and replugging one network cable at a time, network packets passed correctly (except 4 packets).
In fact, only one packet was lost each time a network cable was unplugged or reconnected.

Plain Text

Ping statistics for 10.0.0.1:
Packets: Sent = 154, Received = 150, Lost = 4 (2% loss).

On pfSense, the 2 LAGG ports are functional again.