Ubiquiti does have the equivalent feature... it's called "Client isolation"
On Mon, Jun 21, 2021 at 9:01 AM Adam Moffett <[email protected]> wrote: > I'd consider putting the data VLAN on the switch port rather than the > wireless gear. Make the switch port facing the AP a hybrid port with a > native VLAN so all untagged traffic gets tagged with the native VLAN ID. > You can still retain your universal management VLAN that way. And yeah a > different ID for each AP which is on the same switched network. If you add > the data VLAN to the wireless devices then the config of the devices will > be different at each tower and that'll complicate your life quite a bit. > > SM Isolation is a feature on Cambium PMP and ePMP. The AP won't forward > traffic from one SM to another, if SM's need to exchange traffic that has > to go through the router upstream from the AP's. This might be slightly > less efficient in the case that someone actually does this, but it's pretty > rare to have intentional traffic going SM to SM......usually that's just > broadcast chatter which you're better off if you drop. I do not know if > Ubiquiti has an equivalent feature. > > > On 6/20/2021 12:52 PM, Jan-GAMs wrote: > > I thought I had mentioned earlier an "all Ubiquiti" network? And I'm > fairly certain you're not discussing mechanical isolation mounts for motors > when you are referring to SM isolation for Canopy? (laugh time). > > I think we are small enough that a seperate VLAN per AP is possible to > do. Thanks for the suggestion, plus it will save us money we don't have. > Now you are saying the AP should have it's own VLAN. Are you also saying > the Downlinks which connect the next tower which are also configured as an > AP should also have their own VLAN? Or are you saying that only APs which > have customer radios connected should have their own VLAN? > > Presently we have every device on the same VLAN for management and most of > the new radios seem to have only one setting for one VLAN, the older stuff > you can add more VLANs by clicking the "add" button. Can you point me to a > white paper on deploying multiple VLANs in a network so I can better wrap > my feeble brain around this? > On 6/19/21 9:57 AM, Chuck McCown via AF wrote: > > Assuming you use some form of Canopy or Cambium, I presume you have SM > isolation turned on too, right? > > *From:* Chuck McCown via AF > *Sent:* Saturday, June 19, 2021 10:27 AM > *To:* [email protected] > *Cc:* Chuck McCown > *Subject:* Re: [AFMUG] BNG dynamic provisioning Re: strange outage > > You need to use VLANs to pipe each AP back to your router on its own tag. > Then the router can make sure there is no AP to AP traffic. > > This is the same as having a router at the tower with each AP on its own > router port. > > *From:* Jan-GAMs > *Sent:* Saturday, June 19, 2021 9:28 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] BNG dynamic provisioning Re: strange outage > > > That's what we been doing for a long time. The ubiquiti switches are > manageable from the UISP. We use a VLAN for management. > On 6/19/21 7:10 AM, Chuck McCown via AF wrote: > > UBNT US-8-60W is $109 > > VLAN tag each AP port. Set up your downlink as a VLAN trunk. Then each > AP will have its own private channel back to your core/edge router. > I am no VLAN expert by any means. There are lots of experts here. But > this is the method I used literally 18 years ago when faced with this same > problem. I used a cisco managed switch that was built for wide temperature > conditions. 2900 or 2500 or something like that. Worked like a champ. > > Are you sure the ubiquity switch you have at each tower does not support > VLANs? > > *From:* Jan-GAMs > *Sent:* Saturday, June 19, 2021 6:23 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] BNG dynamic provisioning Re: strange outage > > > We have in each tower a ubiquiti switch and one or two APs plus an > uplink(to next tower towards the gateway) and a downlink(away from the > gateway). We don't have that many customers to support a huge investment. > > Ok, looks like the advice is to replace the ubiquiti switches with > ubiquiti routers? I haven't seen in router setup any provision for BNG, > maybe I'm missing something. I'd never get management willing to replace a > $100 switch with a $3,000 Cisco router, especially on a network where we > wouldn't make that much ROI in several years (we have a board of directors > who keep threatening to shut us down, they're mostly from last century and > barely know how to use a cell-phone). > > Am I wrong in thinking we can configure an Edgerouter X to prevent these > multicast storms we're having in our networks? I'm loathe to use any > natting, can I leave these in bridge-mode and get a solution to the problem? > > > On 6/18/21 5:24 PM, Mark Radabaugh wrote: > > Absolutely! Glad to hear others are doing this - it’s what Amplex has > been doing for years. > > I get really tired of the ‘experts’ telling everyone there is only one > ‘right’ way to build a network, yet have never heard of this. > > Mark > > On Jun 18, 2021, at 3:48 PM, Carl Peterson <[email protected]> > wrote: > > We use the same BNG for all our residential subs in a market. GPON, > Active Ethernet, and Fixed Wireless. Some of the fixed wireless stuff > requires a hack to run the CVLANS through another box to add the second tag > but that's cheap and easy enough. A Netonix 6 mini hanging off a switch can > do it with either 0x88a8 or a second 0x8100 tag. Cambium supports QinQ > natively. > > On Fri, Jun 18, 2021 at 2:36 PM D. Bernardi <[email protected]> > wrote: > >> >> Thanks. This seems fairly common on GPON >> networks as well so you could use this feature >> for both GPON and Fixed Wireless on the same BGN. >> >> >> At 01:59 PM 6/18/2021, you wrote: >> >Juniper. We have a MX5 in production and a >> >MX204 I'm setting up right now to replace it.  >> >Subscriber management is additional >> >licensing. Not sure if just dynamic interface >> >creation requires subscriber management >> >licensing. I just looked on our production BNG >> >and it isn't using subscriber-vlan.  >> > >> >subscriber-accounting >> >        1      1      0  >> permanent >> > >> > subscriber-authentication >> >      0      1      0  permanent >> > >> > subscriber-address-assignment >> >    1      1      0  permanent >> > >> > subscriber-vlan >> >           0     >> > 1      0  permanent >> > >> > >> >< >> https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/dynamic-interfaces-overview.html >> > >> https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/dynamic-interfaces-overview.html >> > >> >On Fri, Jun 18, 2021 at 12:34 PM D. Bernardi >> ><<mailto:[email protected]>[email protected]> wrote: >> >At 12:35 PM 6/18/2021, Carl Peterson wrote: >> > >We've gone full circle - Flat to fully routed to >> > >MPLS/VPLS over a routed network back to >> > >flat. You hit a scaling issue with routed >> > >networks as you hit 10G and above, especially if >> > >you aren't using Mikrotik or other low cost >> > >routing. Real carrier grade switching is a lot >> > >lower cost, lower power, and much easier to manage.  >> > > >> > >Every customer has their own dedicated circuit >> > >(SVLAN.CVLAN). The corresponding interface on >> > >the BNG is dynamically created for the >> > >subscriber with attributes out of radius. Â >> > >Something like this isn't the right answer at >> > >100 customers but you should consider it or >> > >something like it once you go north of a few k subs. Â >> > >> > >> >What are you using for the BNG and does it >> >require an additional license for dynamic interface creation? >> > >> > >> > >> > >> >-- >> >AF mailing list >> ><mailto:[email protected]>[email protected] >> >http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > >> > >> > >> >-- >> > >> >Carl Peterson >> > >> >PORT NETWORKS >> > >> >401 E Pratt St, Ste 2553 >> > >> >Baltimore, MD 21202 >> > >> >(410) 637-3707 >> >-- >> >AF mailing list >> >[email protected] >> >http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > > > -- > > Carl Peterson > > *PORT NETWORKS* > > 401 E Pratt St, Ste 2553 > > Baltimore, MD 21202 > > (410) 637-3707 > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > > > ------------------------------ > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > ------------------------------ > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > ------------------------------ > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
