Problems with bridge between network adapters

[nsl_94]

Hello All.

I recently changed my firewall mini computer for a new, more powerful mini computer.

I used the instructions on https://docs.opnsense.org/manual/how-tos/lan_bridge.html#lan-bridge and there were no errors.
I also applied the changes to the Tunables as described in the instructions.

The problem that I have is, whenever I connect more than one network cable to the 5 LAN ports in my mini computer, I lose connectivity with all the appliances connected.
If I remove all network cables but one, my network returns.

Is there any other change that I need to do for everything to start working?

In my old mini computer, everything worked after following the instructions.

Thank you for your help

Nuno Lopes

[Patrick M. Hausen]

What are those ports connected to when you try to use more than one?

[nsl_94]

Hello.

One of the cables connects to my office switch, where I have my PC and my NAS server (the only one that is connected now), the other connects to my home tv, the other to my WIFI AP.

There are no more DHCP Servers in my network, except the OPNSense router.

Thank you

Nuno Lopes

[Patrick M. Hausen]

A bridge interface across multiple physical ports turns your OPNsense LAN into a "software switch". The feature is intended to connect multiple end devices like a PC, a printer, and possibly an AP.

If you already have a switch (and an AP is just a wireless switch by another name) there is nothing to be gained by using the OPNsense bridge. What is it you are really trying to achieve?

To your situation: if you connect multiple switches by more than one cable between any pair or by a loop across all of them, you are creating a bridging loop which will bring down your network. This is what you experience.

Any sane switch will run a protocol named STP - Spanning Tree Protocol - which is supposed to detect loops and disable all redundant links.

FreeBSD and hence OPNsense support STP, too, but the default is "off". You can enable STP in the bridge interface settings.

But then the system would just disable all ports but one.

So what is your goal?

- redundancy - yes, bridging with STP can make sense, because if the active connection fail, the system will move to one of the STP-disabled ports.
- increasing bandwidth - no, this is not how this works. You would need to set up a link aggregation interface and you must have a managed switch that supports LACP to do that.

HTH,
Patrick

[nsl_94]

Hello Patrick.

Thank you for taking time to answer my doubts.

After your explanation about STP, I found out that I had an older cable that doubled the connection between my firewall and my Switch in the office. STP was the reason why I lost the connection when I connected all cables in my firewall. Sorry about my distraction.

As for the reason that I use all my firewall ports as a bridge (all except one that is the WAN) is because I need all of them to connect to my network devices in my living room.

In my house, my internet access enters in my living room. My Internet router is configured as a bridge and connects to my opnsense WAN port. The remaining lan ports, configured as bridge, connect to my TV, to my main mesh access point and to my office Switch. In my office Switch I have my home PC, my NAS, my secondary mesh access point and my sons PC.

Is there any other way to configure my opnsense to allow all this connections? Or is this the best way?

Thank you, once again, for your help.

Nuno Lopes

[Patrick M. Hausen]

That's perfectly ok. Just make sure to never run more than one connection from your OPNsense bridge to your switch.

N.B. It was not STP that brought your network down but it's the other way round. STP would prohibit your network coming down even in case there is more than one connection. But the default for STP in FreeBSD is "disabled".