Where do I find this "Client Isolation" to activate it?
On 6/21/21 10:18 AM, Mathew Howard wrote:
Ubiquiti does have the equivalent feature... it's called "Client
isolation"
On Mon, Jun 21, 2021 at 9:01 AM Adam Moffett <[email protected]
<mailto:[email protected]>> wrote:
I'd consider putting the data VLAN on the switch port rather than
the wireless gear. Make the switch port facing the AP a hybrid
port with a native VLAN so all untagged traffic gets tagged with
the native VLAN ID. You can still retain your universal
management VLAN that way. And yeah a different ID for each AP
which is on the same switched network. If you add the data VLAN
to the wireless devices then the config of the devices will be
different at each tower and that'll complicate your life quite a bit.
SM Isolation is a feature on Cambium PMP and ePMP. The AP won't
forward traffic from one SM to another, if SM's need to exchange
traffic that has to go through the router upstream from the AP's.
This might be slightly less efficient in the case that someone
actually does this, but it's pretty rare to have intentional
traffic going SM to SM......usually that's just broadcast chatter
which you're better off if you drop. I do not know if Ubiquiti
has an equivalent feature.
On 6/20/2021 12:52 PM, Jan-GAMs wrote:
I thought I had mentioned earlier an "all Ubiquiti" network? And
I'm fairly certain you're not discussing mechanical isolation
mounts for motors when you are referring to SM isolation for
Canopy? (laugh time).
I think we are small enough that a seperate VLAN per AP is
possible to do. Thanks for the suggestion, plus it will save us
money we don't have. Now you are saying the AP should have it's
own VLAN. Are you also saying the Downlinks which connect the
next tower which are also configured as an AP should also have
their own VLAN? Or are you saying that only APs which have
customer radios connected should have their own VLAN?
Presently we have every device on the same VLAN for management
and most of the new radios seem to have only one setting for one
VLAN, the older stuff you can add more VLANs by clicking the
"add" button. Can you point me to a white paper on deploying
multiple VLANs in a network so I can better wrap my feeble brain
around this?
On 6/19/21 9:57 AM, Chuck McCown via AF wrote:
Assuming you use some form of Canopy or Cambium, I presume you
have SM isolation turned on too, right?
*From:* Chuck McCown via AF
*Sent:* Saturday, June 19, 2021 10:27 AM
*To:* [email protected]
*Cc:* Chuck McCown
*Subject:* Re: [AFMUG] BNG dynamic provisioning Re: strange outage
You need to use VLANs to pipe each AP back to your router on its
own tag.
Then the router can make sure there is no AP to AP traffic.
This is the same as having a router at the tower with each AP on
its own router port.
*From:* Jan-GAMs
*Sent:* Saturday, June 19, 2021 9:28 AM
*To:* [email protected]
*Subject:* Re: [AFMUG] BNG dynamic provisioning Re: strange outage
That's what we been doing for a long time. The ubiquiti
switches are manageable from the UISP. We use a VLAN for
management.
On 6/19/21 7:10 AM, Chuck McCown via AF wrote:
UBNT US-8-60W is $109
VLAN tag each AP port. Set up your downlink as a VLAN trunk.
Then each AP will have its own private channel back to your
core/edge router.
I am no VLAN expert by any means. There are lots of experts
here. But this is the method I used literally 18 years ago
when faced with this same problem. I used a cisco managed
switch that was built for wide temperature conditions. 2900 or
2500 or something like that. Worked like a champ.
Are you sure the ubiquity switch you have at each tower does
not support VLANs?
*From:* Jan-GAMs
*Sent:* Saturday, June 19, 2021 6:23 AM
*To:* [email protected]
*Subject:* Re: [AFMUG] BNG dynamic provisioning Re: strange outage
We have in each tower a ubiquiti switch and one or two APs plus
an uplink(to next tower towards the gateway) and a
downlink(away from the gateway). We don't have that many
customers to support a huge investment.
Ok, looks like the advice is to replace the ubiquiti switches
with ubiquiti routers? I haven't seen in router setup any
provision for BNG, maybe I'm missing something. I'd never get
management willing to replace a $100 switch with a $3,000 Cisco
router, especially on a network where we wouldn't make that
much ROI in several years (we have a board of directors who
keep threatening to shut us down, they're mostly from last
century and barely know how to use a cell-phone).
Am I wrong in thinking we can configure an Edgerouter X to
prevent these multicast storms we're having in our networks?
I'm loathe to use any natting, can I leave these in bridge-mode
and get a solution to the problem?
On 6/18/21 5:24 PM, Mark Radabaugh wrote:
Absolutely! Glad to hear others are doing this - it’s what
Amplex has been doing for years.
I get really tired of the ‘experts’ telling everyone there is
only one ‘right’ way to build a network, yet have never heard
of this.
Mark
On Jun 18, 2021, at 3:48 PM, Carl Peterson
<[email protected]> wrote:
We use the same BNG for all our residential subs in a
market. GPON, Active Ethernet, and Fixed Wireless. Some of
the fixed wireless stuff requires a hack to run the CVLANS
through another box to add the second tag but that's cheap
and easy enough. A Netonix 6 mini hanging off a switch can do
it with either 0x88a8 or a second 0x8100 tag. Cambium
supports QinQ natively.
On Fri, Jun 18, 2021 at 2:36 PM D. Bernardi
<[email protected]> wrote:
Thanks. This seems fairly common on GPON
networks as well so you could use this feature
for both GPON and Fixed Wireless on the same BGN.
At 01:59 PM 6/18/2021, you wrote:
>Juniper. We have a MX5 in production and a
>MX204 I'm setting up right now to replace it. Â
>Subscriber management is additional
>licensing. Not sure if just dynamic interface
>creation requires subscriber management
>licensing. I just looked on our production BNG
>and it isn't using subscriber-vlan. Â
>
>subscriber-accounting
>Â Â Â Â Â Â Â Â 1Â Â Â Â Â Â 1 Â Â Â Â Â
0Â Â permanent
>
>Â subscriber-authentication
>Â Â Â Â Â Â 0Â Â Â Â Â Â 1 Â Â Â Â Â 0Â
 permanent
>
>Â subscriber-address-assignment
>Â Â Â Â 1Â Â Â Â Â Â 1 Â Â Â Â Â 0Â Â
permanent
>
>Â subscriber-vlan
>Â Â Â Â Â Â Â Â Â Â Â 0Â Â Â Â Â
>Â 1 Â Â Â Â Â 0Â Â permanent
>
>Â
><https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/dynamic-interfaces-overview.html
<https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/dynamic-interfaces-overview.html>>https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/dynamic-interfaces-overview.html
<https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/dynamic-interfaces-overview.html>
>
>On Fri, Jun 18, 2021 at 12:34 PM D. Bernardi
><<mailto:[email protected]>[email protected]>
wrote:
>At 12:35 PM 6/18/2021, Carl Peterson wrote:
> >We've gone full circle - Flat to fully routed to
> >MPLS/VPLS over a routed network back to
> >flat. You hit a scaling issue with routed
> >networks as you hit 10G and above, especially if
> >you aren't using Mikrotik or other low cost
> >routing. Real carrier grade switching is a lot
> >lower cost, lower power, and much easier to manage. Â
> >
> >Every customer has their own dedicated circuit
> >(SVLAN.CVLAN). The corresponding interface on
> >the BNG is dynamically created for the
> >subscriber with attributes out of radius. Â
> >Something like this isn't the right answer at
> >100 customers but you should consider it or
> >something like it once you go north of a few k
subs. Â
>
>
>What are you using for the BNG and does it
>require an additional license for dynamic interface
creation?
>
>
>
>
>--
>AF mailing list
><mailto:[email protected]>[email protected]
>http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
>
>
>
>--
>
>Carl Peterson
>
>PORT NETWORKS
>
>401 E Pratt St, Ste 2553
>
>Baltimore, MD 21202
>
>(410) 637-3707Â
>--
>AF mailing list
>[email protected]
>http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
Carl Peterson
*PORT NETWORKS*
401 E Pratt St, Ste 2553
Baltimore, MD 21202
(410) 637-3707
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
------------------------------------------------------------------------
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
------------------------------------------------------------------------
--
AF mailing list
[email protected] <mailto:[email protected]>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
------------------------------------------------------------------------
--
AF mailing list
[email protected] <mailto:[email protected]>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
[email protected] <mailto:[email protected]>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
