Hi,
I got 4 WS-6-POE switches with the same problem, i am unable to get data from camera to computer through the switch, it is the same for all ports, but if i turn on port isolation, save it and turn it back off it works. But when the switch loses power i have to do that again?
Thanks,
Tórfríður
Port isolation
- JT-Electric
- Member
- Posts: 5
- Joined: Wed Feb 03, 2016 10:25 am
- Has thanked: 0 time
- Been thanked: 1 time
-
Omniflux - Experienced Member
- Posts: 113
- Joined: Tue Feb 24, 2015 3:04 pm
- Has thanked: 5 times
- Been thanked: 32 times
Re: Port isolation
Please post complete configuration or screenshots of configuration pages
- JT-Electric
- Member
- Posts: 5
- Joined: Wed Feb 03, 2016 10:25 am
- Has thanked: 0 time
- Been thanked: 1 time
Re: Port isolation
Status: https://ibb.co/PQpsvbr
QOS: https://ibb.co/dmyJCWL
Power: https://ibb.co/g48Q2WR
Ports: https://ibb.co/wcPCmR7
STP: https://ibb.co/7YwtSZJ
LAG: https://ibb.co/1J39RVw
VLANs: https://ibb.co/XyfqPNw
Configuration: https://ibb.co/d4YmnHd
Firmware version 1.5.5
QOS: https://ibb.co/dmyJCWL
Power: https://ibb.co/g48Q2WR
Ports: https://ibb.co/wcPCmR7
STP: https://ibb.co/7YwtSZJ
LAG: https://ibb.co/1J39RVw
VLANs: https://ibb.co/XyfqPNw
Configuration: https://ibb.co/d4YmnHd
Firmware version 1.5.5
- JT-Electric
- Member
- Posts: 5
- Joined: Wed Feb 03, 2016 10:25 am
- Has thanked: 0 time
- Been thanked: 1 time
Re: Port isolation
Any idea what to try? we just got 4 more switches with same problem?
Re: Port isolation
So, been reading about port isolation a bit here (and looking), as I have an issue that is related.
So, feature request? Not sure if there is a better area or not - so Ill post here, and elsewhere if needed.
Mikrotik has an option called "Switch Port Isolation" and within that - you can tick a box for "Forwarding Override" allowing you to choose what other ports a port forwards to.
With the current port isolation in Netonix - you can only prevent port X from talking to port Y and port Z say. There is no "groups" of port isolation. A clean and neat feature might be something like what Mikrotik does.
For our guy with the camera problem - you may have some other sort of "LOOP" - you may want to find it / and or switch OFF RSTP - and see if that helps / or helps you see a problem and track it down.
Kinda feels like port isolation may be masking a problem on your network / or there is something funny with the 1.5.5 firmware?
Not sure - but 1.5.6 is out - go try that if you have not : viewtopic.php?f=17&t=240
Also, give us an update if you solved it / fixed your problem!
:)
Thoughts?
So, feature request? Not sure if there is a better area or not - so Ill post here, and elsewhere if needed.
Mikrotik has an option called "Switch Port Isolation" and within that - you can tick a box for "Forwarding Override" allowing you to choose what other ports a port forwards to.
With the current port isolation in Netonix - you can only prevent port X from talking to port Y and port Z say. There is no "groups" of port isolation. A clean and neat feature might be something like what Mikrotik does.
For our guy with the camera problem - you may have some other sort of "LOOP" - you may want to find it / and or switch OFF RSTP - and see if that helps / or helps you see a problem and track it down.
Kinda feels like port isolation may be masking a problem on your network / or there is something funny with the 1.5.5 firmware?
Not sure - but 1.5.6 is out - go try that if you have not : viewtopic.php?f=17&t=240
Also, give us an update if you solved it / fixed your problem!
:)
Thoughts?
-
Stephen - Employee
- Posts: 1033
- Joined: Sun Dec 24, 2017 8:56 pm
- Has thanked: 85 times
- Been thanked: 181 times
Re: Port isolation
Hello mcnnetops,
I'm not familiar with this feature from mikrotik but it sounds like you might be able to accomplish something similar with port mirroring, you can find the options under Tools->Mirror.
Would that work for what you want to do?
I'm not familiar with this feature from mikrotik but it sounds like you might be able to accomplish something similar with port mirroring, you can find the options under Tools->Mirror.
Would that work for what you want to do?
-
mike99 - Associate
- Posts: 837
- Joined: Tue Nov 25, 2014 10:53 am
- Location: Quebec, Canada
- Has thanked: 95 times
- Been thanked: 245 times
Re: Port isolation
Seem like he would like to be able to allow more granular port isolation like
2 and 3 can forward in between, 4 and 5 can forward in between, but those not with other isolated ports, etc.
Seem like that kind of stuff should be handled by vlans.
mcnnetops, could you explain in what scenario that could be useful ? Maybe the're other way to achieve it.
A possibly nice addon to the PS feature would be by VLAN and ports instead of only ports. I use this scenario on a FTTH deployment,. isolation disable on every ports on the camera VLAN but isolation on all port except uplink on the Internet VLAN. With Netonix, could be useful if you mix cameras, IoT and customers on same wireless AP that support multiple SSID with different VLAN or VLAN assignation through 802.1x authentication.
2 and 3 can forward in between, 4 and 5 can forward in between, but those not with other isolated ports, etc.
Seem like that kind of stuff should be handled by vlans.
mcnnetops, could you explain in what scenario that could be useful ? Maybe the're other way to achieve it.
A possibly nice addon to the PS feature would be by VLAN and ports instead of only ports. I use this scenario on a FTTH deployment,. isolation disable on every ports on the camera VLAN but isolation on all port except uplink on the Internet VLAN. With Netonix, could be useful if you mix cameras, IoT and customers on same wireless AP that support multiple SSID with different VLAN or VLAN assignation through 802.1x authentication.
Re: Port isolation
mike99 has describe the situation better than I was able to.
Basically, I have a "ring" that I am setting up. Each site has a Netonix switch with 2 Back Haul's getting bandwidth from "upstream" and sending it "downstream" - or from one site to the next.
When I hook the ring together in the middle I get a network loop!
If I was able to have more granular isolation - I could just allow port 1 to talk to port 2 only, allow port 3 to talk to port 4, and port 5 to port 8 etc, then I think I could prevent my loop.
The sucky thing is that this is my own doing I am pretty sure, as all my network is a routed network - but my admin VLAN is a bridged network.
This seemed to be the easiest setup, as my BackHaul Radios need to be on an admin VLAN for management as do my routers / AP's etc...
The idea was to have the Netonix power each Back Haul and AP - but the data for each was supposed to go to the router directly.
I am sure there are things that one can do for situations like this that I am unaware of - so I have been researching some options like RSTP MSTP etc - but in my lab I set up MSTP just seems to disable data from a whole port? I keep getting OSPF drops and then re-syncs as the port is disabled / enabled.
I did set CIST and MST instance 1 with the VLAN. I tried to set priory as 32768 on SW2 and 4096 on SW3 - MST Instance 1 defines my admin VLAN.
Again, I am kinda green when it comes to a lot of switch networking like this - but have a fair amount of experience network wise.
I can say perhaps I do not have enough Netwonix switches in my lab, as I only have 2 for now.
Here is a diagram (sort of ) of my lab to simulate my production ring. (ASCII Art Fail) - Ill upload something soon... (See attachment)
The idea is that if we lose a backhaul traffic will flow in another direction. I have tested this, and it works, but I guess I did not test it with switches - just router to router directly.
Sooooo - (I know this has been long winded) - if there are suggestions out there on how to prevent looping in an environment like this - please let me know.
One thought I had was to put in a second Netwonix switch at each location - but would get expensive. Or ditch them all together? and just use POE injectors? Dont want to do that as I like the switches, just missing the port isolation feature that I need - but again if there is another option config wise - please let me know!
Thanks.
Basically, I have a "ring" that I am setting up. Each site has a Netonix switch with 2 Back Haul's getting bandwidth from "upstream" and sending it "downstream" - or from one site to the next.
When I hook the ring together in the middle I get a network loop!
If I was able to have more granular isolation - I could just allow port 1 to talk to port 2 only, allow port 3 to talk to port 4, and port 5 to port 8 etc, then I think I could prevent my loop.
The sucky thing is that this is my own doing I am pretty sure, as all my network is a routed network - but my admin VLAN is a bridged network.
This seemed to be the easiest setup, as my BackHaul Radios need to be on an admin VLAN for management as do my routers / AP's etc...
The idea was to have the Netonix power each Back Haul and AP - but the data for each was supposed to go to the router directly.
I am sure there are things that one can do for situations like this that I am unaware of - so I have been researching some options like RSTP MSTP etc - but in my lab I set up MSTP just seems to disable data from a whole port? I keep getting OSPF drops and then re-syncs as the port is disabled / enabled.
I did set CIST and MST instance 1 with the VLAN. I tried to set priory as 32768 on SW2 and 4096 on SW3 - MST Instance 1 defines my admin VLAN.
Again, I am kinda green when it comes to a lot of switch networking like this - but have a fair amount of experience network wise.
I can say perhaps I do not have enough Netwonix switches in my lab, as I only have 2 for now.
Here is a diagram (sort of ) of my lab to simulate my production ring. (ASCII Art Fail) - Ill upload something soon... (See attachment)
The idea is that if we lose a backhaul traffic will flow in another direction. I have tested this, and it works, but I guess I did not test it with switches - just router to router directly.
Sooooo - (I know this has been long winded) - if there are suggestions out there on how to prevent looping in an environment like this - please let me know.
One thought I had was to put in a second Netwonix switch at each location - but would get expensive. Or ditch them all together? and just use POE injectors? Dont want to do that as I like the switches, just missing the port isolation feature that I need - but again if there is another option config wise - please let me know!
Thanks.
- Attachments
-
- Lab_Ring.jpg (3.33 KiB) Viewed 8594 times
-
Stephen - Employee
- Posts: 1033
- Joined: Sun Dec 24, 2017 8:56 pm
- Has thanked: 85 times
- Been thanked: 181 times
Re: Port isolation
mcnnetops wrote:The idea is that if we lose a backhaul traffic will flow in another direction. I have tested this, and it works, but I guess I did not test it with switches - just router to router directly.
Well, for this scenario we actually have something for that, ERPS, I gave an example on how to set it up here:
viewtopic.php?f=33&t=3924&p=24910&hilit=ERPS#p24910
Although, I'm not certain if it will work within an OSPF ring. It's an option you can consider though.
mike99 had pointed out some bugs that were on it back then that where fixed later on. However, I should let you know that we didn't have many people using it so I would definitely test it first to make sure it works before deploying as technically it's still in development. But I never got more feedback on it and as far as I know - it works.
Probably easier though, would be to enable loop protection. As STP is excellent for preventing loops between devices, but specifically in a ring, it tends not to do as well.
You can test out loop protection by going to Device->Config and under "Storm Control" there is a checkbox for "Loop Protection" which may help.
Let us know if any of those work for you.
Who is online
Users browsing this forum: No registered users and 42 guests