We are trying to set up a new WISP Switch and consolidate multiple switches (Tough Switches) in the process.
However, because of the way we have things setup through a Netequalizer (a bandwidth shaper that is essentially a transparent bridge with two Ethernet interfaces) we have had to use two separate switches to make everything work. The Netequalizer bridges all of the traffic from our internal network and connects it to our 'Internet' feed, managing our bandwidth in the process.
Basically we have one VLAN (1) that is untagged as well as several other tagged VLANs (100,120,140,160) that flow through two separate switches. We use an Edgerouter Pro for our Internet facing router which has its internal LAN interface (eth0 configured with VLAN 1 untagged; 100, 120,140, and 160 tagged) connected to port 1 on a ToughSwitch, which has the same configuration (VLAN 1 untagged; 100, 120,140, and 160 tagged) while port 2 has the same configuration (VLAN 1 untagged; 100, 120, 140, and 160 tagged) that is connected to the 'External' port on the Netequalizer. The 'Internal' port on the Netequalizer is connected to another ToughSwitch entirely with the same VLAN config I have referenced on every port (VLAN 1 untagged; 100,120,140, and 160 tagged) while port 2 on this ToughSwitch is configured identically (VLAN 1 untagged; 100, 120, 140, and 160 tagged) with an AirFiber plugged into it and then which backhauls the VLANs to another WISPSwitch on a port that has the same VLAN Configuration (VLAN 1 untagged; 100,120,140 and 160 tagged). The WISPSwitch at the other end of the AirFiber link, breaks out the VLANs and connects them to the respective Access Points so that VLAN 120 breaks out untagged on Port 5. The Netequalizer has proven to sometimes be finicky in linking up with the AirFiber and the EdgeRouter directly, which is why we have had the ToughSwitches in between.
I was thinking I could basically just set two ports in their own 'Untagged' VLAN (VLAN 500 for example) that wouldn't be shared with any other ports to eliminate the need for another switch with just two devices plugged in (the LAN port on the EdgeRouter and the 'External' port on the Netequalizer) along with the tagged VLANs, but keep going around and around in seeing a loop being created and the WISPSwitch not knowing the direction packets should flow (through the Netequalizer).
I realize I probably could do a better job in explaining but am hoping Port Isolation would allow this to work. Am I on the right track?
Is port isolation the answer?
-
sirhc - Employee
- Posts: 7415
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: Is port isolation the answer?
I will have Rory work with you tomorrow on this for you.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
- Rory
Re: Is port isolation the answer?
First, I would like to apologize if I am not understanding your setup 100%. It can be a little confusing to envision this type of stuff from a text description, so please bear with me if I'm off in left field somewhere.
The problem here is the Vlan tagging. If everything passing through your U U Vlan was untagged it would work no problem. As you are passing tagged Vlans, really the only way to do this AFAIK would be to use QinQ. If we encapsulated your other Vlan traffic inside another Vlan, and that outer Vlan was different on the two sets of ports, things would flow normally. Without that you would get packets being forwarded out the port that is closest to its destination, in my opinion the largest issue would be the traffic flow bypassing your Bandwidth appliance altogether.
I'm not sure that port isolation will work in this application. Port isolation disallows communication between ports in a Vlan, I'm not sure that I can envision a setup where that would be useful in regards to your configuration. I can see how it would kinda work with traffic flowing in one direction, but it would fail in the reverse. Maybe I'm not envisioning that properly, but I'm almost 100% sure that isolation isn't the solution for this specific scenario.
If we did not have all that tagged traffic we could make this work as well, if for sake of argument we could allow the traffic between the Net Equalizer and the Edge Router to be completely untagged, I could suggest a setup that would work right now (its basically what you suggested in your initial post). If you HAVE to have your traffic tagged the only way I can envision this working is with QinQ.
The good news is that the switch supports QinQ in a general sense. The bad news is that it is not implemented in our current firmware. I do not have a concrete time-frame on adding that feature, but I am 100% certain that it is on the horizon.
The problem here is the Vlan tagging. If everything passing through your U U Vlan was untagged it would work no problem. As you are passing tagged Vlans, really the only way to do this AFAIK would be to use QinQ. If we encapsulated your other Vlan traffic inside another Vlan, and that outer Vlan was different on the two sets of ports, things would flow normally. Without that you would get packets being forwarded out the port that is closest to its destination, in my opinion the largest issue would be the traffic flow bypassing your Bandwidth appliance altogether.
I'm not sure that port isolation will work in this application. Port isolation disallows communication between ports in a Vlan, I'm not sure that I can envision a setup where that would be useful in regards to your configuration. I can see how it would kinda work with traffic flowing in one direction, but it would fail in the reverse. Maybe I'm not envisioning that properly, but I'm almost 100% sure that isolation isn't the solution for this specific scenario.
If we did not have all that tagged traffic we could make this work as well, if for sake of argument we could allow the traffic between the Net Equalizer and the Edge Router to be completely untagged, I could suggest a setup that would work right now (its basically what you suggested in your initial post). If you HAVE to have your traffic tagged the only way I can envision this working is with QinQ.
The good news is that the switch supports QinQ in a general sense. The bad news is that it is not implemented in our current firmware. I do not have a concrete time-frame on adding that feature, but I am 100% certain that it is on the horizon.
-
nelson05 - Member
- Posts: 47
- Joined: Mon Nov 03, 2014 2:35 am
- Location: Springville, CA
- Has thanked: 11 times
- Been thanked: 11 times
Re: Is port isolation the answer?
Thank you for the detailed reply. The tagged VLANs were my concern as well and we actually had this setup working as described when we were not using VLANs. QinQ definitely sounds like the solution and am very glad to hear it is coming at some point. For the moment, we will continue to use two switches.
Thanks again for the help!
Thanks again for the help!
- Rory
Re: Is port isolation the answer?
I'm always glad to provide any assistance I can. We will definitely be communicative about our future feature support once the timeline is more clearly defined.
Thank you for your understanding.
Thank you for your understanding.
5 posts
Page 1 of 1
Who is online
Users browsing this forum: No registered users and 22 guests