Network Layout > redesign for LACP+RSTP between Unifi Switch+pfsense

Networking & Firewalls
1

Hello!

I’m using my existing Unifi Network now for about 2 years. I use 2x HPE DL180 Server with pfSense as HA Firewall.

Everything works fine so far. But now I want to plan to give the connections between my Core Switches more Bandwidth using LACP and Redundancy with RSTP Connections. I’m not really sure if my idea will work. That’s why I ask you guys for help. Can you please check my plan if it is correct and will work. Feedback would be great.

You can see my existing Network (already works) in this image and the new Idea:

old_new_network
old_new_network3000×3960 744 KB

Full Resolution Image (images.pomberger.com/jpprivat/old_new_network.jpg)

Would be great if you can tell me if this could work. Or how it could be better.
THX

2

My networking knowledge is not advanced enough to inspect your enterprise setup but I can say I have a main netgear switch which connects to another netgear switch over LACP, providing both more bandwidth and redundancy.

There seems to be a difference between LACP and LAG, however, I’m not sure if this is just between manufacturers or standards. Either way I happened to have LACP so never looked into it but I’ve had no issues so far albeit it’s a home network.

BTW your diagrams look very pretty what software did you use to create them ?

3

Thanks for your message. I also use the LACP function of my Unifi Switches. I just call it LAG in the diagramm to keep it simple. :wink:

I use the yEd Software. http://www.yWorks.com
If i remember it righter than i saw it on a youtube video of Lawrence.

4

Ah ok I know that tool, the results look great, I’ve been a bit tardy and still use Visio though I’d be laughed out of town if I post any of my diagrams :grimacing:

5

Can someone tell me if this layout will work for redundancy at the core switches?

THX

6

It should work, but it all depends on the STP costs of the links. I would make Core 1 your root bridge. Assuming the cost of your 2x10G LAGs are lower than the single 10G uplinks spanning tree should converge based on your drawing. If it doesn’t, then you will need to look into creating a higher cost of the single ports on Core 1. It is almost always best to do this on the root bridge first and work your way downstream if needed.