Port-based VLANs

[sporkman]

Possible?

I just want to use a wisp switch for power and not have it touch anything.

For example: port 1 has AP1, port 5 goes to another switch, port 2 has AP2, port 6 goes to another switch. Port 1 and 5 are just a transparent bridge, port 2 and 6 are a separate transparent bridge, etc.

I suspect it's possible, but I'm just not seeing it.

I'll also add, I've seen this, and this is not port-based VLANs:

viewtopic.php?f=6&t=2589&p=18218&hilit=port+based+vlan#p18218

Maybe it's not possible, it looks like all the VLAN-related stuff deals with permitting/denying tagged/untagged and there's not really a "dumb pipe between two ports" options that would pass anything, tagged or not.

Also, totally random, but I'm really on the fence with continuing to buy used cisco switches for routing at PoPs. They handle traffic well, but they are not very fun to work with when you try to go all standards-based and not automagic vlans and the like. Offhand, I can't think of anything other than Miktrotik that can do basic OSPF and stuff, and I'm not a giant fan of their stuff either...

[Julian]

Do you need to preserve existing VLAN tags between AP and other switch? if so, just add both ports to an exclusive 'q' VLAN, you should be fine.. so ports 1 and 6 would be 'q' on VLAN 121, 2 and 7 would be 'q' on VLAN 122, etc..

[sporkman]

Thanks! "Q" is normally used for QinQ setups? What does it do with untagged frames?

[mike99]

Pass through the Q-in-Q just like vlan. If you don't need vlan, you can use U instead of Q but Q leave you the option to pass vlan throuth AP and uplink port.

[sporkman]

Not really having any luck with this. I'm basically kind of trying to turn the Netonix into not much more than a managed mid-span POE injector.

I tried the "pick a VLAN ID, and then put the ports i want to tie together into that VLAN" method, both with "U" and "Q" and no matter what I did, traffic was not making it through the Netonix. One one side, a UBNT AP at 192.168.4.178, port 4 of Netonix (and a CPE bridged beyond that as well @ 192.168.4.179). On the other side a port on a Cisco 3750 configured first as a switchport in a VLAN with the IP 192.168.4.177 (mode switchport, switchport access vlan xxx) and then as a routed interface, also with that IP, just to make the config as simple as possible.

To be clear, neither device, the cisco nor the ubiquiti were configured with any trunking. Just a device with an IP and no tags.

Some pics below, perhaps that will explain this better:

UBNT config - no VLANs setup

Cisco config - as basic as possible, and no VLANs - not a trunk port

Netonix VLAN config - just trying to put ports 4 and 12 in the same VLAN, don't want any tags, just a dumb pipe between those ports

Cisco sees its own MAC, but no others

Netonix sees UBNT MACs on port 4, Cisco MAC on port 12, even sees the IPs. But devices on either side of Netonix don't see each other

This should be easy, but I'm at a loss here. Am I totally not getting how port-based vlans work on these units?

[sirhc]

I use midspan just like your going here and it works great for me. In fact EVERY switch/tower I have relies on midspans for every backhaul.

You can see my config here: viewtopic.php?f=30&t=452#p2961
And you can see it live in the video I posted: https://www.youtube.com/watch?v=8JvBEAD4MFM

If your using U and U then you can only pass Untagged packets.
If you use Q and Q you can pass both Untagged and Tagged but never tried it as I do not run VLANs between towers.

[mike99]

The config seem fine. If you plug the ubnt AP, via PoE brick, directly to the Cisco, can those communicate togheter ? Have you try to set an IP address on the netonix VLAN to check if the Netonix can ping any of the devices ? To add an IP address, click on the gear between the vlan description and VLAN config by port.

[sporkman]

Hmmm. So I am doing it right then - and in this case (not using any trunks) it should work with either "Q" or "U". And the VLAN ID in this use case is really just anything I want, right, it just has to be something that's unique.

In the "working" case, I can tell you that putting setting this so that the UBNT AP remains "U", AND a trunk port back to the cisco is set to "T", AND the VLAN on the cisco is moved from the access port and to an "allowed vlan" on the trunk port, communications is A-OK. That is the current, working setup. Not sure what that tells you other than to confirm that the UBNT is untagged.

Are there any other settings that I might be missing here? Should I need to fiddle with disabling RSTP on these ports? Anything else? I'm on 1.4.9.

I'll try this after business hours tonight again and try the ping shenanigans.

[sirhc]

Hmmm. So I am doing it right then - and in this case (not using any trunks) it should work with either "Q" or "U". And the VLAN ID in this use case is really just anything I want, right, it just has to be something that's unique.

In the "working" case, I can tell you that putting setting this so that the UBNT AP remains "U", AND a trunk port back to the cisco is set to "T", AND the VLAN on the cisco is moved from the access port and to an "allowed vlan" on the trunk port, communications is A-OK. That is the current, working setup. Not sure what that tells you other than to confirm that the UBNT is untagged.

Are there any other settings that I might be missing here? Should I need to fiddle with disabling RSTP on these ports? Anything else? I'm on 1.4.9.

I'll try this after business hours tonight again and try the ping shenanigans.

PLEASE UPGRADE TO v1.5.0 FINAL