OPNsense Links to Multiple Switches

[frankyyy]

Hi

Doing some playing around in a home environment currently after a migration over to OPNsense.  I have a traditional setup of OPNsense to a switch and 2 links between the 2 switches (Aruba) configured within a trunk.

[WAN] --------- [OPNsense NIC4 ][OPNsense NIC 1] ------ [Switch 1] ------x2---- [Switch 2]

I am contemplating altering this slightly to:

[WAN] --------- [OPNsense NIC4 ][OPNsense NIC1 ] ------- [Switch 1] ------x2 ------ [Switch 2]
                       [OPNsense NIC2 ] ------------------------------------ [Switch 2]

While i might eventually get invest in a 2nd OPNsense box and go the CARP route, wondering if i can avoid the scenario of a dead switch bringing everything down.

Read over docs and forums, I think this is possible with a LAN bridges but not quite clear whether this is so.
I have a range of VLANs also configured so would need to support that.

If anyone has done this or has ideas of best approach, would be grateful for any insight?

Thanks

[Patrick M. Hausen]

This discussion might be helpful:
https://forum.opnsense.org/index.php?topic=26555

[frankyyy]

Interesting... trying to do something similar, albeit without LAGG.

So if I see this correct, i need to do this:

1. Create VLAN-100 on igb0
2. Create VLAN-100 on igb1
3. Assign OPT interfaces for both of these (without IP?)
4. Add these to a bridge
5. Create another OPT interface for the bridge (assign IP/subnet etc as gateway)

Repeat for each VLAN

How do you handle DHCP if DHCP server cannot be enabled on a bridge? Or move DHCP away from OPNsense?

[Patrick M. Hausen]

IIRC you don't need to create and assign an OPT interface for each VLAN. Just for the bridge. But I'm not 100% sure.

You can run the DHCP on the bridge interface. If the OPNsense is supposed to have an IP address in that marticular VLAN, the IP address MUST go on the bridge, not one of the VLAN interfaces.

[frankyyy]

That would make sense, but after i create igb1_100 and igb2_100 VLANs, and move over to Other Types > Bridge, these VLANs are not shown in the drop down for bridge members.  On the other hand, if i create OPT interfaces for these two new VLANs, the OPT interfaces can be added to a bridge.
Will have to play with it a little more to understand the flow.  Seems like a lot of redundant steps and interfaces if you have a range of VLANs.

Thanks

[Patrick M. Hausen]

Yes. I am repeating myself - OPNsense is not a switch but a router. The idea is to have one trunk to one switch, or one trunk to each of two switches with LACP

[frankyyy]

All good and agree, it was more of a test case than a requirement.
My switches aren't stackable so LACP is probably not an option.

Thanks the replies!