I'm lucky enough to have two gigabit WAN connections (primary and failover). These both have their modems in my living room. From the living room there's single-core OS2 fibre installed to where my rack is. I'm trying to get VLANs working so I can have both WANs and LAN connectivity pass through a single fibre connection. However, this is causing trouble.
I have a CSS610 in the living room and a CSS326 in the rack, with the fibre connecting the two. I've set port 1 on the CSS610 for WAN 1 (VLAN31), and port 2 on the CSS610 for WAN 2 (VLAN 32). Ports 3-8 are set as standard untagged VLAN 1, with the SFP+ port which has the optic being a member of VLANs 31 and 32, but having a default VLAN ID of 1.
The CSS326 has ports 23 set for WAN 1 (VLAN31), and 24 set for WAN 2 (VLAN32), so I can plug those directly into pfsense. The SFP+ port with the optic is also a member of VLAN 31 and 32 but has default VLAN ID of 1.
The setup should look a bit like this (noting that I also need LAN on the CSS612 for a ATA adapter and computer (not drawn) in the living room:
This setup works intermittently, so sometimes pfsense can pull a WAN IP for both interfaces, then randomly drops it and no amount of forcing DHCP release/renew fixes it. The switch randomly got given a WAN IP before too. The PD-delivered IPv6 from WAN 1 also isn't pulled by pfsense. If I connect the fibre to a media converter on each end, it works perfectly and I can get IPv6. But this means I can't have WAN 2 and LAN on the same fibre.
I think I've incorrectly configured VLANs on both switches so would appreciate any guidance. How do I essentially get port 1 of the CSS610 to transparently output to port 23 of the CSS326, same with port 24 as if there's no switch there, AND have a LAN connection on untagged VLAN on the remaining ports? Is this even possible - and if so, what settings do I need here?
Config screenshots are in the attachments. To note I also posted this on reddit but thought the MT forum will likely be better. Thanks in advance for any guidance!