Port isolation

DOWNLOAD THE LATEST FIRMWARE HERE
User avatar
mcnnetops
Member
 
Posts: 36
Joined: Wed Nov 07, 2018 2:58 pm
Has thanked: 1 time
Been thanked: 1 time

Re: Port isolation

Thu Nov 05, 2020 4:37 pm

ERPS: Awesome - I will give it a try!

I will also check out "Storm Control"

I guess the biggest hang up at this point for me is that when "loop protection" is doing its "thing" - a link goes down / is not usable for ALL traffic - not just the VLAN.

The hope here was to have the Management for each back haul device be tied back to the router - but going through the Netonix - those ports need to be tagged as the radios are directly connected to it.

I could look into Q in Q tagging - but that seemed to be making my situation more complicated then it needed to be.

I will test out these options, and let you all know what I settle on to make this work.

I should ask - what DO people do for OSPF rings out there?

User avatar
mcnnetops
Member
 
Posts: 36
Joined: Wed Nov 07, 2018 2:58 pm
Has thanked: 1 time
Been thanked: 1 time

Re: Port isolation

Thu Nov 05, 2020 4:40 pm

Stephen wrote:Well, for this scenario we actually have something for that, ERPS, I gave an example on how to set it up here:
viewtopic.php?f=33&t=3924&p=24910&hilit=ERPS#p24910
Although, I'm not certain if it will work within an OSPF ring. It's an option you can consider though.


So, when I try to go there - I get:
Information
You are not authorised to read this forum.

User avatar
Stephen
Employee
Employee
 
Posts: 1033
Joined: Sun Dec 24, 2017 8:56 pm
Has thanked: 85 times
Been thanked: 181 times

Re: Port isolation

Thu Nov 05, 2020 4:55 pm

Ahh yes, that's right I forgot. pretty old post. I will move the thread and post here so you can access it.

User avatar
Stephen
Employee
Employee
 
Posts: 1033
Joined: Sun Dec 24, 2017 8:56 pm
Has thanked: 85 times
Been thanked: 181 times

Re: Port isolation

Thu Nov 05, 2020 4:58 pm

mcnetops, try accessing it now. Let me know if you can see it.

User avatar
mcnnetops
Member
 
Posts: 36
Joined: Wed Nov 07, 2018 2:58 pm
Has thanked: 1 time
Been thanked: 1 time

Re: Port isolation

Thu Nov 05, 2020 5:13 pm

Yes I am reading it now - thanks.

User avatar
mike99
Associate
Associate
 
Posts: 837
Joined: Tue Nov 25, 2014 10:53 am
Location: Quebec, Canada
Has thanked: 95 times
Been thanked: 245 times

Re: Port isolation

Fri Nov 06, 2020 3:30 pm

ERPS need at less 3 nodes (switchs) in ring to work.

MSTP is the best solution if you need to use all link at same time. Else, RTP can do the job. It could probably be handled without STP or ERPS if using OSPF but I couldn't tell since something wrong with the provided schema since the image is just too small.

User avatar
mcnnetops
Member
 
Posts: 36
Joined: Wed Nov 07, 2018 2:58 pm
Has thanked: 1 time
Been thanked: 1 time

Re: Port isolation

Mon Nov 09, 2020 5:08 pm

This is kinda ugly as I threw it together - but here is my production set up in a PDF - hopefully?

Also, I have included my Lab / Ring / test bed...
Let me know if you can not see them they are too small / or if not enough info /etc...

I was / am attempting to set up ERPS and as I needed 3 Netonix switches... I am substituting my POE 1 and 2 for a 12 Port Netonix in the LAB - so that is different from production.
However, the more I read about it / and MSTP - MSTP seems to be more of what I want / need / should use?

Basically, Ill say it again - I have a fully routed network with OSPF - but I have a "bridged" management network on a specific VLAN.

At the end of the day - I dont mind a VLAN / Management link being "broken / offline" - but I do want regular OSPF / routing traffic to be un-usable on all links.
That way if a link goes down - OSPF can send the traffic another way, and I can still get to my Management network / devices.
Or, if I have a bandwidth need to go another direction say?....

So, with ERPS - it looks like it is port based?
Attachments
Current Ring.pdf
(411.2 KiB) Downloaded 546 times
Lab_Ring_Test.pdf
(224.2 KiB) Downloaded 482 times

User avatar
mike99
Associate
Associate
 
Posts: 837
Joined: Tue Nov 25, 2014 10:53 am
Location: Quebec, Canada
Has thanked: 95 times
Been thanked: 245 times

Re: Port isolation

Sun Nov 15, 2020 8:20 pm

From you schema, you seem to have a router at each tower. If it's the case, you don't need STP or ERPS. Those are use when you have no router on secondary tower. Make sure your VID are different at each tower, by exemple 1xx for tower 1, 2xx, for tower 2, etc. Vlan ID must be the same on each side of the backhaul, unless untag, but make sure each backhaul have a different vlan.

Once done, you can disable STP but you should leave broadcast storm protection on just in case.

User avatar
mcnnetops
Member
 
Posts: 36
Joined: Wed Nov 07, 2018 2:58 pm
Has thanked: 1 time
Been thanked: 1 time

Re: Port isolation

Mon Nov 23, 2020 9:22 pm

I do have a different VLAN at each tower (For back Haul OSPF links) - but ALL routers have the same management VLAN (As do the Netonix).

I think that is really the crux of the problem that I am having.

All sites are like totally separated VLAN wise for OSPF backhaul's - but all sites have the same management VLAN.

So, I seem to have a "Routed" OSPF network - but a "bridged" management network. (A flaw for sure -but hindsight is 20/20!)

Are there options that I have other than changing the management VLAN across my whole network?

I was hoping to try out ERPS - but it appears it does not support VLAN. MSTP seemed to be my next best bet - the idea being to keep a link (VLAN) down till another link dies… But let all other stuff flow through that link - like OSPF etc...

Baring all of that I suppose I will have to change the management VLAN on the sites in say the “middle” of the ring?

Not totally sure as each backhaul radio has a VLAN specified for management, so I guess I just have to match that up to the VLAN that is at that site, so I dont loose the ability to admin a radio.


If there is a way to make this work without changing it all around - I would prefer that, as I hope / plan to have a few “Rings” as I build out my infrastructure down the road!

I have attached another PDF showing the VLAN’s, what they are assigned to, and what devices they are present on. Kinda a kludge, some may be displayed different - but concept should be there.

Let me know what you think.

:headb:
Attachments
VLAN_Ring_Lab_Setup.pdf
(420.33 KiB) Downloaded 545 times

User avatar
JustJoe
Experienced Member
 
Posts: 266
Joined: Sat Aug 02, 2014 11:33 pm
Has thanked: 94 times
Been thanked: 59 times

Re: Port isolation

Mon Nov 30, 2020 12:43 am

Our network designs are different, but I am also on the learning path for MSTP.

Nothing as frustrating as dealing with unexpected configuration behavior. So you might want to subscribe to this other thread about a potential MSTP bug I uncovered:

viewtopic.php?f=17&t=6787&p=33868#p33866

PreviousNext
Return to Hardware and software issues

Who is online

Users browsing this forum: Google [Bot] and 61 guests