I have two Unifi 24-port switches and have exhaused the ports on the newer (PoE) one. The other is not currently used. I’m running Untangle on a Protectli 6-port box (and in the process of switching to pfSense). To add more switch ports, I could bridge two ports on the Protectli and run a link from each of those ports to each of the switches. (I have several VLANs, which could be a complication.) Alternatively, I could use one of the 24-port switches as a distribution switch and plug the other switch into it. (I have three small Unifi switches at remote locations plugged into the 24-port switch already.) Bridging the Protectli ports and using the two 24-port switches as co-equals seems diagramitically more elegant than making one a subsidiary of the other, but from what I read could be more problematic, especially for VLANs. I’d be interested in any comments, particularly those with a rationale for making a choice.
I should add that I’d keep the computers and NAS on one of the bridged switches, so there wouldn’t be a lot of traffice flowing across the bridge from one switch to the other.
Doing the bridge means that you need to process the LAN traffic going through it in software - this is less CPU usage than traffic that actually leaves the bridge, but still might pose a bottleneck. If the CPU hits 100% usage then you are being slowed, otherwise it should be equal performance to a hardware switch. (Terminology time: “bridge” is the original term for connecting multiple ports at Layer 2, and “switch” is a later term meaning a bridge that is implemented in hardware which may have fewer features but operates at line-rate all the time).
The complication with VLANs is that they need to be created on the bridge, not one of the child interfaces. This is true of everything including IP address and DHCP server for the non-VLAN traffic. Basically those interfaces cease to exist aside from being a part of the bridge. If your management of the firewall is over one of the interfaces you want to put in the bridge, then you may have hoops to jump through.
Bridges can be a helpful tool when used properly. Having everything on a switch is preferred, and only have a single connection from your router to the switches is easier to troubleshoot, but overall I don’t have a significant preference one way or the other.
Thanks, brwainer. That is helpful.