First of all I am not a complete network novice but am a systems guy and new to Pfsense and Unifi. My previous network was Maraki and Cisco, but the last time it came to buy the licenses, it was time to switch. I have a few questions I would like to ask to finish my setup.
I have a Pfsense 6100 with three Wan connections from three different ISPs for redundancy and traffic shaping. I would like to set up 5 LAN connections, 3 on 1 gig and 2 on 10 gig.
All my traffic is separated on VLANs Main for workstations, Management for servers and network, Storage, VoIP, IOT, and Guest.
Questions:
-
- Should I combine the two groups into LAGG or bridge them? Or assign each interface an IP space that is really not used and is just for the interface. With LAGG, they would have to be in the same switch, which is not optimal for a switch failure Bridged. I need to know if I can put them in different switches. The different “dummy” IP’s on each interface allow me to put the connections in multiple switches but have to dedicate each VLAN to a separate interface.
-
- Static IPs or DHCP reservations?
Thanks in advance for any help you can provide!
In terms of using different physical interfaces for different purposes, pfSense is completely flexable and you can use any interface you want for whatever you want.
-
If you are using unifi switches then setting up a LAGG on multiple switches for redundancy will not work. Unifi does not do stackable LAGG. If you are looking for that type of redundancy then it might not be worth it unless you are wanting more bandwidth.
-
I am always a fan of DHCP reservations, but it depends on your home network and level of security if you are wanting to use DHCP.
Thanks for the reply; my 1st priority is to have the 2 10 gig interfaces available to the three main networks. The rest could share a one gig interface and be happy as they don’t need much internet bandwidth. Almost all the switches have ten gig connections between them, so I’m not concerned about internal bandwidth. I was wondering if I bridged the interfaces if I could split the 10gig connections and put one in each of two switches or I could do a LAGG and put both sfp’s in one switch and use 1gig for redundancy. The problem I am seeing is I can only assign one interface per vlan if that goes down there is no redundancy if that interface goes down. But then if it goes down the Netgate probably went down so it is still a single point of failure…
Bridging is so messy. You can setup a load balancing on multiple interfaces under the LAGG and use the load balance option. You can’t use LACP because of the unifi stack LAGG issue. I currently use this in production business and it works like a champ.
Thanks again! This is at my home but is mostly production for remote work but also has an extensive lab as well.