Hi,
Firstly I love the switches, bullet proof hardware and a GUI with everything at your finger tips and so quick to load.
However I have a problem which Im out of ideas on so I'm hoping for suggestions or someone to confirm the switches won't do it before I have to replace them with something made by u**t.
So I have an 8 port and a 6 port mini, the 6 port mini is powered from the 8 port and also powers a UBNT AF which is used for backhaul and a camera.
The power load on the 8 port is about half (~60w)
Our customers are segregated out by VLAN's so vlan 1,2,3,4 etc come in tagged on the port from the UBNT AF and we use another (tagged) VLAN for management.
Now we use FreeBSD as routers, when FreeBSD does VLAN's it re-uses the mac address so vlan1,2,3,4 will all have the same mac address, now this appears to work fine with everything we've come across so far, cisco, hp, netgear, ubnt switches see the same mac in multiple vlans and they don't seem to mind / care and work as they should.
However.... while our mini-6 see's the mac of our router in multiple vlans happily, it never gets to the 8 port one which only see's one of the mac's (the one local to it rather than coming in tagged on the uplink port)
Config pics
Mini-6, vlan43, sees two devices.
Mini-6 VLAN settings
8 port only the locally connected device, not learning anything from its trunk connection with the mini-6
mini-6 one mac two vlans
8 port vlan settgins
Finally - 8 port has learnt mac in vlan46 (46 and 43 are basically set-up the same)
But the 8 port just see's one.
Now I can discount everything between my router the AF backhaul and the mini-6 as they have both macs, the only thing that doesn't is the 8 port...
Any ideas?
Is there a way to add a static mac record on a port?
I suspect I can get around it by setting my router mac to something else and leaving it in promiscuous mode, but I'd rather not...
same mac on multiple vlans
-
Eric Stern - Employee
- Posts: 532
- Joined: Wed Apr 09, 2014 9:41 pm
- Location: Toronto, Ontario
- Has thanked: 0 time
- Been thanked: 130 times
Re: same mac on multiple vlans
We use the same switch core and software in all our models, so the 8 port is the same as the 6 port expect for the number of ports. So if it works with the 6 port it will work with the 8 port.
If the 8 port is not showing the mac address on the second vlan it is because it has not received a packet with that mac address and that vlan tag yet, so it has not "learned" about it.
Other than the mac not showing in the mac table you haven't described any actual problem, ie some part of the network not working.
If the 8 port is not showing the mac address on the second vlan it is because it has not received a packet with that mac address and that vlan tag yet, so it has not "learned" about it.
Other than the mac not showing in the mac table you haven't described any actual problem, ie some part of the network not working.
Re: same mac on multiple vlans
Hi
The problem is the mac address isn't getting passed from the 6 to the 8.
I don't know if the 6 isn't broadcasting it or the 8 isn't learning it, but obviously the lack of it learning for whatever reason prevents packets from being able to work on the link.
As a work around I've just put two customers in the same vlan (so just amended it so vlan43 is now untagged on that customer port instead of vlan46) and it works.
The problem is the mac address isn't getting passed from the 6 to the 8.
I don't know if the 6 isn't broadcasting it or the 8 isn't learning it, but obviously the lack of it learning for whatever reason prevents packets from being able to work on the link.
As a work around I've just put two customers in the same vlan (so just amended it so vlan43 is now untagged on that customer port instead of vlan46) and it works.
- bayamon
- Member
- Posts: 25
- Joined: Wed Apr 20, 2016 6:26 pm
- Has thanked: 0 time
- Been thanked: 0 time
Re: same mac on multiple vlans
I see a similar problem.
I've the same MAC from a router (which I did not have control) on 3 differents VLANs.
I've little room for testing, because is a live network and don´t have control of the router with the same MAC.
Some things that happens:
If the same MAC is in the same netonix in different vlan and different ports, it appears to work ok.
If another VLAN containing the same MAC address is transported trough this netonix, it appears that the netonix discard most of the packets (>80%) in this another VLAN.
If I disable the ports containing the repeated MAC, the VLAN affected with packet loss now works correctly and is transported without packet loss.
In all cases the MAC table of the netonix sometimes show a wrong IP address associated with the repeated MAC address in that particular VLAN, instead showing the IP corresponding to that MAC but in a different VLAN. (As also noted in viewtopic.php?f=17&t=2424)
Replacing the netonix with a different switch with the same VLAN config solves the problem.
It appears to be some VLAN leakage (cannot test at the moment with wireshark), at least internally, because the netonix "sees" IP address of this MAC in VLAN that should not have this IP in any package.
I've the same MAC from a router (which I did not have control) on 3 differents VLANs.
I've little room for testing, because is a live network and don´t have control of the router with the same MAC.
Some things that happens:
If the same MAC is in the same netonix in different vlan and different ports, it appears to work ok.
If another VLAN containing the same MAC address is transported trough this netonix, it appears that the netonix discard most of the packets (>80%) in this another VLAN.
If I disable the ports containing the repeated MAC, the VLAN affected with packet loss now works correctly and is transported without packet loss.
In all cases the MAC table of the netonix sometimes show a wrong IP address associated with the repeated MAC address in that particular VLAN, instead showing the IP corresponding to that MAC but in a different VLAN. (As also noted in viewtopic.php?f=17&t=2424)
Replacing the netonix with a different switch with the same VLAN config solves the problem.
It appears to be some VLAN leakage (cannot test at the moment with wireshark), at least internally, because the netonix "sees" IP address of this MAC in VLAN that should not have this IP in any package.
-
sirhc - Employee
- Posts: 7416
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: same mac on multiple vlans
Post up a screen grab of the following TABs:
VLAN / Device/Status / MAC Table
Also post a network diagram, the more details the more I can help.
VLAN / Device/Status / MAC Table
Also post a network diagram, the more details the more I can help.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
- bayamon
- Member
- Posts: 25
- Joined: Wed Apr 20, 2016 6:26 pm
- Has thanked: 0 time
- Been thanked: 0 time
Re: same mac on multiple vlans
I've encountered a workaround, Isolating (ISO option) the offending ports resolves the packet loss, so it appears to be an internal VLAN leakage of the netonix.
Can't share in public this specific configuration.
With this simulated setup you should be repeating the issue:
In a netonix make three VLAN: 101, 102, 103
VLAN 101 Tagged on port 1, and untagged on port 2
VLAN 102 Tagged on port 1, and untagged on port 3
VLAN 103 tagged on port 1 and tagged on port 4
Port 1 goes to another machine that have the three VLAN with different MAC address on each and different IP config
Port 2 goes to the machine with the repeating MAC address (say aa:bb:cc:dd:ee:ff) and an unique IP config
Port 3 goes to the machine with the repeating MAC address (say aa:bb:cc:dd:ee:ff) and an unique IP config
Port 4 goes to another netonix switch, which have a VLAN 103 tagged in the incoming port and untagged on another port with a thrid connection to the machine with repeating MAC address and unique IP config
In this setup port2 and port3 of the netonix should behave normal, but the connection going to port4 should loss 80%+ of packets. If you setup ISO in port 2, 3 and 4, the problem goes away.
For reference the repeating MAC address machine in this case is a cablemodem CMTS with differents IP subnets, but as says in another thread you can emulate it with a freebsd machine making vlan in the same interface, and reusing the MAC of the parent interface.
With the ISO function set I still see incorrect IP addresses in the netonix MAC table: i.e. in VLAN 103 and 102 I see the IP address which is passing trough VLAN 101. But the packet loss is effectively eliminated and netowrking is working correctly.
There should not be a necessity of enabling ISO, because the VLAN should provide the isolation here.
Can't share in public this specific configuration.
With this simulated setup you should be repeating the issue:
In a netonix make three VLAN: 101, 102, 103
VLAN 101 Tagged on port 1, and untagged on port 2
VLAN 102 Tagged on port 1, and untagged on port 3
VLAN 103 tagged on port 1 and tagged on port 4
Port 1 goes to another machine that have the three VLAN with different MAC address on each and different IP config
Port 2 goes to the machine with the repeating MAC address (say aa:bb:cc:dd:ee:ff) and an unique IP config
Port 3 goes to the machine with the repeating MAC address (say aa:bb:cc:dd:ee:ff) and an unique IP config
Port 4 goes to another netonix switch, which have a VLAN 103 tagged in the incoming port and untagged on another port with a thrid connection to the machine with repeating MAC address and unique IP config
In this setup port2 and port3 of the netonix should behave normal, but the connection going to port4 should loss 80%+ of packets. If you setup ISO in port 2, 3 and 4, the problem goes away.
For reference the repeating MAC address machine in this case is a cablemodem CMTS with differents IP subnets, but as says in another thread you can emulate it with a freebsd machine making vlan in the same interface, and reusing the MAC of the parent interface.
With the ISO function set I still see incorrect IP addresses in the netonix MAC table: i.e. in VLAN 103 and 102 I see the IP address which is passing trough VLAN 101. But the packet loss is effectively eliminated and netowrking is working correctly.
There should not be a necessity of enabling ISO, because the VLAN should provide the isolation here.
-
sirhc - Employee
- Posts: 7416
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: same mac on multiple vlans
How could posting a screen grab compromise security in any form of the VLAN and Device/Status TAB?
If there is a routable IP I can see masking it out but other than that there is no security concern.
I pretty much post up my entire WISP config in this thread and there is no security risk: viewtopic.php?f=30&t=452#p2961
Please post the 2 requested TABs
If there is a routable IP I can see masking it out but other than that there is no security concern.
I pretty much post up my entire WISP config in this thread and there is no security risk: viewtopic.php?f=30&t=452#p2961
Please post the 2 requested TABs
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
7 posts
Page 1 of 1
Who is online
Users browsing this forum: No registered users and 59 guests