VLAN/Mid-span POE without loops

[mtngoat]

I have tried to follow sirhc example of mid-span port segregation for powering a Airfiber 24 on port 1 and then passing this traffic through port 11 onto a Mikrotik router. However I get port 12 disabled due to a loop. So how do I isolate or segregate the traffic from port 1 to port 11 so that only these two ports see the traffic. Right now the other ports see the traffic and a loop is detected. I have tried different iso options, but I haven't fix the loop.

[sirhc]

What firmware version are your running, I assume v1.1.0rc19?

Your VLAN config looks correct this should work fine.

I would look at your router configuration but if you can remove the switch from the airFIBER using a POE brick and it works fine then this should work.

The port feeding the airFIBER from your router is a routed port and not a switched port, and packets going to the airFIBER are not tagged?

[mtngoat]

I am running v1.1.0r19.

I suppose my configuration is whacked, but here is what it looks like.

The port feeding the airfiber is my main mikrotik router that handles the handoff from my ISP and all traffic is untagged. This Airfiber ptp uplink feeds a secondary mikrotik router that attaches to the Netonix. The only tagged traffic is between the secondary Mikrotik and the Netonix.

Both routers are on the same subnet. So for instance main router is 10.0.0.1 and secondary router is 10.0.0.87 assigned on port 1 of Mikrotik.
Netonixs ip address is 10.0.0.76.
Airfiber ips are 10.0.0.90 and 10.0.0.91.
Netonix port 1 powers the airfiber, netonix port 12 is hooked to port 12 (ip 10.0.0.88) of the secondary mikrotik router.

So I was thinking this midspan POE from port 1 to 11 should be able to hook into port 1 of the secondary mikrotik for the uplink, like the airfiber POE is currently doing.

So there is a loop, but if port 1 to 11's traffic was truly isolated then I should not have a loop.

[sirhc]

I am not sure why your having a problem but it has to be something in your router setup?

Here is a simplified picture of our setup, you can also see all the switch Tab screen shots from one of our switches HERE and it works great?

Standard setup.jpg (15.43 KiB) Viewed 25990 times

Now with our setup Each airFIBER is in it's own sub-net, here is the relevant part of our Cisco config to the router for the screen shots in the other post.

One address/sub-net on each interface is for the IP assigned to the AF connected to the router.
One address/sub-net on each interface is for the IP assigned to to this router and the other router interface on the other side of this link for OSPF communications.

interface Vlan97
description QR2SR AF24Ghz on G0/0/0
bandwidth 650000
ip address 172.18.0.249 255.255.255.252 secondary
ip address 172.16.255.1 255.255.255.252
no ip redirects
ip ospf message-digest-key 1 md5 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
ip ospf dead-interval minimal hello-multiplier 5
!
interface Vlan98
description QR2AK AF24Ghz on G0/0/1
bandwidth 650000
ip address 172.18.0.53 255.255.255.252 secondary
ip address 172.16.6.2 255.255.255.248
no ip redirects
ip ospf message-digest-key 1 md5 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
ip ospf dead-interval minimal hello-multiplier 5
!
interface Vlan99
description QR2HC AF24Ghz on G0/0/2
bandwidth 650000
ip address 172.18.0.57 255.255.255.252 secondary
ip address 172.16.7.1 255.255.255.248
no ip redirects
ip ospf message-digest-key 1 md5 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
ip ospf dead-interval minimal hello-multiplier 5

[adairw]

I am running v1.1.0r19.

I suppose my configuration is whacked, but here is what it looks like.

The port feeding the airfiber is my main mikrotik router that handles the handoff from my ISP and all traffic is untagged. This Airfiber ptp uplink feeds a secondary mikrotik router that attaches to the Netonix. The only tagged traffic is between the secondary Mikrotik and the Netonix.

Both routers are on the same subnet. So for instance main router is 10.0.0.1 and secondary router is 10.0.0.87 assigned on port 1 of Mikrotik.
Netonixs ip address is 10.0.0.76.
Airfiber ips are 10.0.0.90 and 10.0.0.91.
Netonix port 1 powers the airfiber, netonix port 12 is hooked to port 12 (ip 10.0.0.88) of the secondary mikrotik router.

So I was thinking this midspan POE from port 1 to 11 should be able to hook into port 1 of the secondary mikrotik for the uplink, like the airfiber POE is currently doing.

So there is a loop, but if port 1 to 11's traffic was truly isolated then I should not have a loop.

It seems like you have a bridge somewhere you shouldn't. anything bridged anywhere?

I think I understand what you're trying to do so you can manage everything and it really seems like ports 1 & 12 are in a bridge.. HOWEVER, even if they are there shouldn't be a loop since you aren't untagged in vlan 100 on port 12. This would make it seem like the WS has a problem..

[mtngoat]

I do have a bridge on my router which I will remove. I appreciate the quick response and the insight. I like the Netonix interface and how easy it setup vlans. I also am appreciative of sirhc for his examples he shares from real life situations with screen shots and configurations.

[sirhc]

Yes thank you Adair - EXCELLENT catch. I would send you a SWAGE shirt if we had them......coming soon! - We owe you one!

[mtngoat]

One other item to note, you do not enable flow control for your airfibers? It seems Ubiquiti recommends to enable flow control. What are your thoughts or ideas for not enabling?

[sirhc]

One other item to note, you do not enable flow control for your airfibers? It seems Ubiquiti recommends to enable flow control. What are your thoughts or ideas for not enabling?

I do not run Flow Control on airFIBER.

[mtngoat]

I just wanted to post a followup to say that I fixed the loop. I had initially put the bridge on the router so I had access while I programmed the Netonix. Once I tried going live with my new router/switch combo while doing the midport span, I had a loop since port 1, 11, 12 had access to each other through the router bridge causing the loop.

To gain management access to the Netonix, I had to use untagged management vlan.

I had a persistent issue with FCS errors on my Mikrotik routers hooked to the AirFiber 24. The fcs error would show on both routers on either side of the link, although putting a switch in between stopped the error. Once I plugged the AirFiber 24 into the Netonix to power it up, I had issues with link negotiations. It would try 1 Gbps, then ultimately settle on 100 Mbps. I ran the cable diagnosstics on Netonix and it showed an issue with one pair. When I plugged the AirFiber 24 into it's factory POE it worked fine as far as negotiating 1 Gbps. The AirFiber 24 showed this same pair at a lower dB. I removed the outdoor Ethernet inline surge suppressor and hooked straight into Airfiber. This solved my FCS errors on both ends. I turned off flow control (as I see sirhc does) and have been pleased with the results on this AirFiber link. Kudos to Netonix for helping to track down my Airfiber problem.

I don't know what the recommendation is for Netonix and inline Ethernet surge suppressors, but I need to find a better suppressor that doesn't strain the cables if they are recommended.

Thank you for producing a quality, easy to understand and program switch. Well worth my investment and highly recommended.