OPNsense Links to Multiple Switches

Started by frankyyy, February 10, 2022, 02:07:28 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 10, 2022, 02:07:28 AM Last Edit: February 10, 2022, 02:09:10 AM by frankyyy
Hi

Doing some playing around in a home environment currently after a migration over to OPNsense.  I have a traditional setup of OPNsense to a switch and 2 links between the 2 switches (Aruba) configured within a trunk.

[WAN] --------- [OPNsense NIC4 ][OPNsense NIC 1] ------ [Switch 1] ------x2---- [Switch 2]

I am contemplating altering this slightly to:

[WAN] --------- [OPNsense NIC4 ][OPNsense NIC1 ] ------- [Switch 1] ------x2 ------ [Switch 2]
                       [OPNsense NIC2 ] ------------------------------------ [Switch 2]

While i might eventually get invest in a 2nd OPNsense box and go the CARP route, wondering if i can avoid the scenario of a dead switch bringing everything down.

Read over docs and forums, I think this is possible with a LAN bridges but not quite clear whether this is so.
I have a range of VLANs also configured so would need to support that.

If anyone has done this or has ideas of best approach, would be grateful for any insight?

Thanks
February 10, 2022, 06:08:49 AM #1
This discussion might be helpful:
https://forum.opnsense.org/index.php?topic=26555
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 10, 2022, 07:24:55 AM #2
Interesting... trying to do something similar, albeit without LAGG.

So if I see this correct, i need to do this:

1. Create VLAN-100 on igb0
2. Create VLAN-100 on igb1
3. Assign OPT interfaces for both of these (without IP?)
4. Add these to a bridge
5. Create another OPT interface for the bridge (assign IP/subnet etc as gateway)

Repeat for each VLAN :)

How do you handle DHCP if DHCP server cannot be enabled on a bridge? Or move DHCP away from OPNsense?
February 10, 2022, 09:08:16 AM #3
IIRC you don't need to create and assign an OPT interface for each VLAN. Just for the bridge. But I'm not 100% sure.

You can run the DHCP on the bridge interface. If the OPNsense is supposed to have an IP address in that marticular VLAN, the IP address MUST go on the bridge, not one of the VLAN interfaces.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 10, 2022, 09:06:55 PM #4
That would make sense, but after i create igb1_100 and igb2_100 VLANs, and move over to Other Types > Bridge, these VLANs are not shown in the drop down for bridge members.  On the other hand, if i create OPT interfaces for these two new VLANs, the OPT interfaces can be added to a bridge.
Will have to play with it a little more to understand the flow.  Seems like a lot of redundant steps and interfaces if you have a range of VLANs.

Thanks
February 10, 2022, 09:20:40 PM #5
Yes. I am repeating myself - OPNsense is not a switch but a router. The idea is to have one trunk to one switch, or one trunk to each of two switches with LACP
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 10, 2022, 10:30:52 PM #6
All good and agree, it was more of a test case than a requirement.
My switches aren't stackable so LACP is probably not an option.

Thanks the replies!
Print
Go Up Pages1
User actions