Hello,
I would like to get some suggestions and thoughts. Here is my scenario.
My neighborhood is fortunate enough to be in service area for two ISPs.
I currently have a SG-5100 for ISP-A. But my neighborhood will be switching over to new ISP-B.
ISP-A is useful for my work and makes things a little bit easier. So I will be keeping ISP-A. On the SG-5100 running 22.05 I have DDNS/ACME SSL setup as well as port forwarding to some internal servers that I use.
VLAN 10 - home network (everything I use phones/tablets/pcs connects)
VLAN 30 - IoT stuff
VLAN 40 - Guest/testing
VLAN-60 - VPN
VLAN 100- management
Cisco 10 port PoE switch
APs are unifi
All vlans above ingress and egress via ISP-A.
Thought process (open to suggestions)
The SG-5100 can support dual wan so I can connect it to both ISPs. Then perform policy based routing so that only specific hosts like my work laptop on VLAN 10 - static DHCP assignment and ethernet and work server (static IP) vlan 40. Egress on ISP-B but ingress ISP-A - I have asymmetrical situation. I am ok with that (if its supported). I use DDNS/cloudflare/ACME-SSL CERT that advertises ISP-A WAN IP. I shouldnt need to do that with ISP-B though?
Another thing is that I am thinking is configuring a new vlan and just put all the devices I need in it and trunk it up to SG-5100 and use policy based routing to route the traffic to ISP-B.
last thing is that I have a SG-1100 available that I can connect and use incase and dedicate that to ISP-B. I would create a new VLAN and assign it only to the SG-1100 on 10 port switch. However ports are getting tight on it. I would prefer to use SG-5100 since it has available ports and I would have to use ports on the switch.