VLANs and 2 switches - Can you aggregate interfaces?

[TheAutomationGuy]

I have set up OPNsense in a lab environment to try out.  I have a situation I need to figure out before I can roll it out to my home network.  I have two network switches - both managed.  I have multiple VLANs set up.  I have three different wireless access points spread around my home that run multiple SSIDs for most of the VLANs.  All of the APs will be plugged into one switch.  I have some wireless networks that are assigned to VLANs that will be handled by the second switch.  Therefore I need to be able to access some of the VLANs on both switches.

I'd like to attach each switch directly to my OPNsense device via 10gb SFP+ ports (the firewall has two of those ports available).  Since OPNsense assigns VLANs to interfaces, and it doesn't seem possible to assign an interface to more than one network port, what are my options?  Is it possible through some sort of aggregation option?

I realize one answer is to run the firewall to the first switch and then the first switch to the second switch, but that seems to waste bandwidth of the 1st switch unnecessarily.  A second answer is to use the layer 3 functionality of my switches and take the VLAN assignment away from OPNsense.  I may go this route but will need to set up a DHCP server on the network as well as set up rules in the switches.  That's certainly possible (and probably the most "professional" answer), but I'm hoping for a simpler solution.

Hopefully this question makes sense.  I'm not an IT professional, so I might not be using the correct terminology to describe my situation.  Thanks for the help!

[bartjsmit]

Do your switches support stacking? Most prosumer ones don't. The main advantage would be that you can restart one switch for updates without causing down time. Otherwise a stack of switches is logically like one big switch. If one of your switches has enough ports, you may as well make that your core.

You can bond (aggregate, lagg) two NIC's in FreeBSD and that gives you 20 Gbps but only makes sense if you have multiple concurrent traffic flows that make use of it. Every single connection is still "limited" to 10 Gbps.

You absolutely need to trunk your VLAN's to OPNsense. It is a layer 3 device. If you keep tags on the switch, you'll need one firewall interface per VLAN.  Easy enough if it's virtual but an absolute pain if it's physical

Bart...

[Seimus]

As said by @bartjsmit. By the description what you want to do the simple answer is no.

In order to do it like you described you need to have switches that support MEC.

At CISCO there are several ways:

• Stack-wise
• VSS
• VPC

At Juniper:

• Virtual chassis

The best way for you would be do it in a cascade, where you connect SW2 to SW1 and SW1 to OPNsense.
On OPN you can create a LAG (LACP) and a LAG (LACP) as well on the SW1. This will Create aggregation of ports, between the OPN and the SW1 giving you more BW as well redundancy. Also you can create VLANs on the LAG as it support L2 as well L3.

Regards,
Seimus

[TheAutomationGuy]

I think trying to stack the switches is going to be the best option.  I currently run an Aruba S2500-48p in my current network.  I also have a second Aruba S2500-24-p at my parents house that I could "swap" and use at my house if needed.

I have purchased a Brocade ICX6610-48 and a ICX6450-48p as well.  I have come to learn that those two units will "stack" to some degree, but apparently there are some limitations in the way Brocade handles the stacking of these two models.  Honestly I wasn't even sure they would stack together at all due to being different models.

I am currently only using LVANs (L2) on my Aruba switch and I have no idea the advanced capabilities of that switch, although I do know it supports stacking with like models so I should have no problem stacking the S2500s together.

Any suggestions as to which set of switches I should use?  I guess I am leaning towards the Brocade since it is the easiest to try out without disrupting my current network.

[Seimus]

Personaly, I use only Cisco and Juniper (at work). So I can't directly advise you on the Aruba vs. Brocade topic.


I looked a bit on Brocade, and they support mixed stack-wise. Meaning you can Stack two different Switch types using the correct ports and configuration per their manual and best practices.

At home, I am using Zyxel. The reason is power efficiency and feature set.

And I believe this would also meet your needs. Depending on what features you need, choose based on that one of them.

Also, if there is no specific reason for it, don't do L3 on a switch; keep the GWs on the OPN.


Regards,
Seimus

[TheAutomationGuy]

Thanks for everyone's help with this.  I utilized the stacking capability of the Brocade switches and it works great. Being a non-professional and having zero experience with stacking, I thought it was going to be a challenge for me to accomplish because I was expecting to have to do a lot of the switch configuration manually.  In the end, all I really had to do was connect the two switches together correctly and then initiate the stacking setup on the "primary" switch.  It found the second switch and set both switches up in the stack automatically.  It couldn't have been easier to do!

[Seimus]

Good to hear it went smoothly for you as well that you solved your desing by MEC.

Stacking switches is usualy very straight forward and 99% of the time it works out of the box.

Just one side NOTE:
When you will upgrade the OS of the switches both needs to have the same OS.

A lot of time this is one of two and half (the other is to have correct ports connected for the STACK, the half is basicaly hard set who is the Primary/Master Switch of the Stack cause Master is the one that handles control plane and forwarding decisions - best practices) needed requirements to properly build the Stack-wise setup. If switches in a Stack-wise setup would have different OS you could run into a OS/Version mismatch and thus the cluster would not build properly.

Just keep that in mind

Regards,
S.