Right now, I am in the process of redesigning my network and I had the Idea to connect my two main switches and my FW with a ring like topology. I know that in a typical home network with a 50/10 WAN connection this is absolutely unnecessary. I want to do this anyway, for learning and bragging purpose.

Assuming that I have several VLANs and on each switch at least one device in each VLAN. All Connections between the two switches and the FW are trunk routes for all VLANs. The Omada Controller is running virtualized on a server connected to one of the switches.

My Goal is to distribute traffic over all connections to avoid bottlenecks. I don’t want traffic for devices within the same subnet to flow through FW and I don’t want Internet traffic flow through the connection between switches.

I first read the LACP documentation for omada and OPNsense, but it is mostly intended for two or more lines between two devices and not for a ring topology like I want.

I then read the ®STP documentation and couldn’t find an option that doesn’t simply cut one connection, but “directs” traffic base on the shortest route.

Did I miss something in the documentation, should I look at another protocol/option, or is this something prosumer hardware like I use simply isn’t capable of?

  • ElevenNotes@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    You got something wrong. Inter VLAN routing must take place on a L3 device, since you have only one L3 device, your router, all traffic will always flow to your router, to be, well routed to other networks (VLAN`s). RSTP neither LACP will help you here. If you don’t want to route all traffic back to your router, you need to use L3 switches and set the inter VLAN routing directly on the switch instead of your router. LACP is not load balancing by default, but fault tolerance. You are approaching this wrong. If you want to brag, just create a normal multi VLAN network on your router and brag about that your IoT devices are on their own VLAN to be safe and secure if they ever have issues or get hacked via their cloud connection.