Messages

I implemented this today and everything's working perfectly. Thanks very much for your help!

Great, thanks for confirming. It looks like there are options for enabling STP and configuring bridge priority through the web GUI. I'll try and set it all up tomorrow.

You need to bridge each vlan individually. This works.

But why would you want such a setup? FreeBSD performs ways worse as a bridge than any run off the mill switch.
At least make sure, your OPNsense

- will not become the root bridge
- has STP enabled on all bridge interfaces

If your switches can do multi-chassis LACP, I would recommend using that.

Thanks for the quick reply! The reason I want to do this is for redundancy - if one of the switches goes down then I would still have a connection to the firewall.

Unfortunately, the switches don't support multi chassis LACP, which would have been my preferred option.

Should it just be a case of creating a VLAN interface on both LAGGs (i.e. LAGG0.3 and LAGG1.3) and then adding each of these as members of a bridge interface (repeating for each VLAN)?

I'll definitely pay close attention to the STP settings.

Hello, I was looking for some advice on the best way to achieve this setup.

I have two managed Cisco switches (which are directly connected to each other) and would like to connect them both to my OPNSense firewall, like in the attached image. Both switches have two physical connections to the firewall, each with an LACP link aggregation.

The bit I'm struggling with (red section on the image) is how to essentially combine two LAGG interfaces in OPNSense, so that I can then create VLAN interfaces across both LAGG interfaces. I tried creating a bridge interface with both LAGGs as members but from what I've read elsewhere, VLAN interfaces don't work correctly when a bridge is used as the parent.

Is my desired approach possible or will I need to rethink the link aggregation method used, i.e. a single static, non-LACP LAGG interface which has 4 members with 2 connections to each switch?