Hi all,

I'm redoing my network and I had some questions about the best practices for employing multiple trunks (without a LAGG) from my router (OPNSense) to my TL-SG3428X-M2 switch. Currently my setup is as follows:

Router:

• igc1: (Will be used for wired LAN)
  • VLAN0.10: Management
  • VLAN0.11: Lan
• igc2: (For EAP773 Access Point)
  • VLAN0.13: Personal
  • VLAN0.14: Guest
  • VLAN0.15: IOT
  • VLAN0.16: Cameras
• igc3: (Will be used for Server/Smart Home)
  • VLAN0.20: Server
  • VLAN0.21: Smart Home Server

Switch:

Port 22, 23, 24: Connected to igc1-3 respectively with tagged vlans as described above.

Port 1-2: Untagged (PVID 10)

Port 3-6: Untagged (PVID 11)

Port 21: Tagged with igc2 vlans (vlan 13-16), and management vlan (vlan0.10) for the access point managemennt vlan

Port 7: Untagged (PVID 20)

Port 8: Untagged (PVID 21)

I have connected all three of these ports (igc1-3) to my switch directly without any LAGG set up. The idea is for each of the networks to have their own dedicated 2.5gb line to the router to prevent saturation of the line especially if multiple people are accessing resources on the net (e.g. devices connected to the wifi streaming from the server while devices connected to LAN are downloading/streaming multiple things at once). While I have set up everything, and it all "works" I want to make sure I'm not doing anything that's going to have security implications or cause issues (e.g. Spanning Tree).

Are there any issues with my setup that can cause problems or slowdowns? I also at some point will like to do Inter-Vlan communication on the switch itself to avoid going back to the firewall for specific applications like streaming media from the server, but I'm new to Layer 3 switching so I'm not quite confident in the Layer 3 interfaces that are available to use and/or I can incorporate that with ACLs since I was not able to successfully set up the Layer 3 Interfaces to get VLAN 13 <-> 20 to talk to each other.