  • Hi everyone,

    my current setup is as follows:

    My pfsense Firewall is connected to a fiber switch (Unifi US16XG). A lot of Unifi Switches are connected to that fiber switch. One of those switches is located in the same cabinet as the firewall and a ups. Lots of servers are connected to the switch and the ups. The servers run a network shutdown software by APC. So I need an ethernet connection between the UPS and the Servers. The servers are on different networks so I need a connection between the servers, the switch and the pfsense box (to route between vlans).

    The problem is: The fiber switch is not covered by the ups. In case of a power outtage there is no connection between the Firewall and the switch in the cabinet anymore.

    Now I want to make a fallback connection between the firewall and the switch so that when the route through the fiber switch is not available it will "go direct". I've attached a drawing of the setup. From what I understand I need to use Spanning Tree Protocol but I can't figure out what to do with it. Can anyone here set me up with some link explaining this further? Also what do I need to configure on the pfsense side? Do I need to bridge the interfaces? How can I tell pfsense which interface to prefer over the other?

    Any hints welcome.

  • You image is waay to big.

    The way spanning works is it tracks all the routes between switches and stops dual routes. If you add a second connection between switches and create a dual route which causes a loop this is a storm which can take a switch down trying to resolve the loop. STP, spanning tree blocks this second connection which kills the storm.  But you can use this method with the second link for redundancy and it becomes a hot stand by.  When the first connection goes down STP, spanning stops blocking the second connection and you have redundancy.

    You need to buy switches with spanning tree.  I have only ever used Cisco switches but others have it.

