Right, so I have a pfsense box and I am wondering there there is a way to have redundant paths in case a switch dies the other switch can still function as normal. Now I know you can only have all your VLAN’s go over one interface from pfsense but, I was wondering If a LAGG could be used and each LAGG member could be on different switchs?
Yes, it is possible with LAGG. Netgate’s documentation does discuss briefly about LAGG in their HA Layer 2 Redundancy documentation, High Availability — Layer 2 Redundancy | pfSense Documentation. It would allow you to connect multiple interfaces into one or more switches.
I figure that would be the way to do it. Does anyone by chance know if this can be accomplished with UniFi switches? As far as I know the switches would need to be in a stacked config and I don’t believe UniFi supports that.
I can’t answer that question since I’ve never done it. However, this video that Tom did might give a better sense, Tutorial: pfsense LAGG & LACP & Setup - YouTube.
Yes you could but when you’re looking for High Availability. Negate says that HA is not compatible with bridging, High Availability — High Availability with Bridging | pfSense Documentation
But is this really an HA setup? As I understand it, there is only one router in play. But instead of a core switch, Maximus wants both edge switches connected directly to the router.
That’s true, it’s not a true HA Setup. There is still a SPOF in the design. If this is just for home use, not really a big deal. But if it’s for commercial use then more hardware would be needed. @xMAXIMUSx is looking for
And when I think HA I think redundancy. But in this case it’s not HA/Redundancy as you would need more hardware then what is in the diagram. However, with that said a LAGG will still do what Maximus wants to. I’ve always been told not to bridge unless you have no other options.
To create the redundancy for home use. Maximus needs, something like this. But this will not work in a commercial environment. Unless they don’t care about HA.
Creates a Link Aggregation on both switches either using the SFP ports (if available). Or you can do it with cooper ports.
Connect the switches to the aggregation ports
Create the LAGG in pfSense and configure for failover (or round robin) and set Switch A as primary. Connect the primary port to Switch A Port 24 and failover to Switch B Port 24. Or whatever port, like Port 21 or Port 1.
Now, this setup only is in case a port or cable fails between the switches. Maximus would also need to have dual nics or more on the devices in use for redundancy if a switch fails. Then setup NIC teaming and connect one port to each switch. By the way, you could do this on a Unifi US-8-60W if you needed to.
Hello!
I found this thread almost two years after the first post because I’m looking for something similar. In my case, I would like to know if I can use LAGGs for HA between 2 pfsense firewalls and 2 switches that also have LAGG between them.
Please, take a look at my drawing below:
The idea is to have 2 ports of pfsense 1 (igc0 and 1) in LAGG with SW1 as active, and the other 2 ports of pfsense 1 (igc2 and 3) in LAGG with SW2 but as stand-by, something like bonding. So, my doubts are:
We eventually got the proper switches that support stackable LAGG. When I set mine up I didn’t have a LAGG per port channel. I had a LAGG per device. So I had the primary pfsense with a single LAGG to both switches.
If the switches don’t support stackable LAGG then you would have to choose the load balance option and then connect your primary to both switches and then your secondary to both switches.
If you go down the route in your diagram I think you would end up causing a loop in your network because of the redundant LAGG going into the same switches.
