Two Physical Router Uplinks To One Unifi Pro Switch

Hello, I am having FTTH installed in my home soon, but it is a first install in my area to help the ISP test their side. I am keeping Comcast for atleast the first month or two until I know how things work out. I use pfSense for my Comcast WAN and uplink to a Unifi Pro switch.

I am not sure how the FTTH is going to authenticate, ie PPPOE or a routed assigned IP via DCHP. I know they use CG-NAT, so I plan to either pay for a static IP, or maybe use a remote VPS to VPN back in to my LAN for remote access.

I know I can bridge the FTTH to a second WAN interface on pfSense, and then swap the default WAN via the webconfigurator. I would really like to be able to run both simultaneously for comparison, but have never done this so wanted to reach out for some help.

Is it possible to connect two separate router uplinks to a single Unifi switch, using separate subnets, and connect separate hosts to them? I looked at the switch config in the Unifi controller, and a new switch config would require a new VLAN tag. My thought is for this to have any hope of working, I would have to use a different profile for both the uplink port and the port the host connects to for this to potentially work.

I hope this makes some sense. I know I could run them on separate switches and cable, but wondered if what I am proposing is even possible. I think it would be interesting to run traceroutes, ping, and speedtests against each WAN simultaneously using a PC and a VM connected to each WAN at the same time. Then again, maybe I am just asking for trouble. Thoughts are appreciated. Thank you.

Creating a VLAN subdivides a physical network into separate logical broadcast domains meaning you can use each VLAN as it’s own independent network. So yes, it’s possible. My preference is to use one router, such as pfsense, to handle all of so it’s easier to manage.

1 Like

I agree with @LTS_Tom on using firewalls as your device for routing between networks. Not only is it centralized, but you can protect your different networks with FW policies and leverage inspection, etc. Most layer 3 switches don’t offer this.