Arris SB8200 modem (2G) LAG + pfsense with XGS1250-12

tonynca

Hello,

I feel like this is all so new to me and I'm trying to solve an issue that my current Asus router cannot solve. Long story short is that the WAN aggregate feature on my Asus AXE7800 gets greatly reduced when I connect the 2.5gbe port to the Zyxel switch.

I'm getting ready to move to something more flexible such as running Pfsense in Proxmox.

My setup is listed below:

Specs:

Gigabyte X570-I with 1gbe in Jonsbo N2 (NAS server)

Mellanox ConnectX3 10gbe NIC

Zyxel XGS1250-12 managed switch

Asus RT-AXE7800 router

Arris SB8200 cable modem with 1+1gbe LAG support

My goal is to get the 1400mbps speed from a LAG connection from my modem. I'm going to bypass the Asus router completely and use it as a wireless AP. The NAS server will be running Pfsense via a single 10gbe connection to the Zyxel switch.

I know I'm going to have to be doing a whole lot of VLAN'ing and that's where I'm a bit confused if the XGS1250 is capable.

Any suggestion on how I should set up my VLAN? I'm unsure about the tag engress/untag egress member.

I'm attaching a picture of how I imagine I should plug things in. Don't worry about Pfsense. I'll figure that out since this is not PFsense forum. I just need to know that this switch is capable of doing what i want it to do. Thanks in advance.

Zyxel_Kay

Hi @tonynca

Your understanding and configuration of VLAN setup on the switch is correct. Based on your VLAN configuration, port 8 is assigned to VLAN10, and any data transmitted to port 12 carrying VLAN10 tags should be correctly routed to this port.

However, the potential issue could be related to the NIC/Pfsense's capability to support multiple VLANs or handle tagged packets. If the NIC/Pfsense is unable to process these tagged packets, it will cause Pfsense couldn’t receive DHCP IP from modem.

Zyxel_Kay

Hi @tonynca

Firstly, let's clarify the concept of egress rules. Egress rules determine how a switch handles outgoing traffic, specifically whether the traffic should carry VLAN tags or not.

• While the port sets as a tag egress member, the outgoing frame will keep its VLAN ID as it moves to the next device. This is useful when you want to preserve VLAN information as traffic passes through multiple switches or other network devices that understand VLAN tags.
• While the port sets as a untag egress member, the outgoing frame does not carry any VLAN tag as it moves to the next device. This is often used when the next device in line (like a PC or a printer) does not understand VLAN tags. Usually, we pair the untagged egress member with a PVID.

Assigning a PVID to a port means you're designating the VLAN ID that will be assigned to untagged frames arriving at that port. This ensures that traffic without VLAN tags is assigned to the appropriate VLAN within the switch.

• If the switch receives frames that are already tagged, they will be classified to the VLAN group indicated on that frame's VLAN tag.
• If the switch receives frames not carrying any VLAN tag, these frames will be classified to the VLAN group indicated on the switch’s port VLAN ID.

I hope this explanation of the VLAN concept will assist you in your work.

tonynca

Hi Kay,

Thanks for the info. Could you confirm if it's possible to use a LAG setup with as its own VLAN? I want to then forward the LAG connection data to port 12 for processing with Pfsense.

My setup only requires 2 vlan. VLAN1 and VLAN10. I'm hoping you could help me set that up within the Zyxel config. I'm using port 12 as my "LAN" cable and this cable will be connected to Pfsense using VLAN aware configuration.

tonynca

From what I understand… I've set it to this to use with Pfsense and it does not work.

I put my WAN on VLANID 10 and also change PVID to 10.

I'm assuming this configuration means that any traffic passing through port 12 would carry the VLAN tag 10. For some reason I cannot get a valid IP address from the modem within Pfsense.

Zyxel_Kay

Hi @tonynca ,

To better assist you, could you please provide more details about your network topology?

tonynca

Hi Kay,

I’m going to try my best to give you as much details as possible since I know it difficult to help anyone without fully understanding their setup.

The issue I’m having is that I cannot get an IP address from my Arris SB8200 modem.

I have Proxmox running a VM of Pfsense which is using a Mellanox MCX311 10gbe card. It’s connected to port 12 of Zyxel switch using a 10gbe DAC cable. Pfsense is set up with VLAN1 for LAN and VLAN10 for WAN.

I connected the modem to port 8 on the switch.

My PC is connected to port 11 on the switch.

I’m just trying to get a WAN IP address within Pfsense so I could get on the internet. Did I set up the VLAN properly within the switch configuration for this type of setup? Im pretty sure I set up Pfsense properly. I just don’t know why I cannot get an IP address from my modem.

Zyxel_Kay

Hello @tonynca

Thanks for providing detailed information about your setup.

Based on the information you've shared, I recommend conducting a test to further isolate the issue. Please configure another port on the switch with VLAN 10 and connect your PC or AP to this port. Once done, verify if the PC or AP can successfully obtain a DHCP IP address from your Arris modem. This step will help us determine if the issue is with the Pfsense VLAN configuration or the DHCP service from your modem.

tonynca

Hi Kay,

Unfortunately, I'm giving up on this venture. I found out that what I was trying to achieve requires LACP which is not supported with this switch. I do not have an extra 1Gbe port on my server to make this happen.

Although, if I do decide to try this in the future, are those VLAN configs in my previous post correct for what I was trying to achieve? My understanding is that port 8 would be subject to VLAN10 and any data being carried to port 12 with VLAN10 tags would be routed to port 12. Not sure if that's the correct way to think of it.

Zyxel_Kay

Hi @tonynca

Your understanding and configuration of VLAN setup on the switch is correct. Based on your VLAN configuration, port 8 is assigned to VLAN10, and any data transmitted to port 12 carrying VLAN10 tags should be correctly routed to this port.

However, the potential issue could be related to the NIC/Pfsense's capability to support multiple VLANs or handle tagged packets. If the NIC/Pfsense is unable to process these tagged packets, it will cause Pfsense couldn’t receive DHCP IP from modem.