It should be in wireless settings, under Advanced at the bottom (assuming airOS 8.x)
On Mon, Jun 21, 2021 at 1:42 PM Jan-GAMs <[email protected]> wrote: > Where do I find this "Client Isolation" to activate it? > On 6/21/21 10:18 AM, Mathew Howard wrote: > > Ubiquiti does have the equivalent feature... it's called "Client isolation" > > On Mon, Jun 21, 2021 at 9:01 AM Adam Moffett <[email protected]> wrote: > >> I'd consider putting the data VLAN on the switch port rather than the >> wireless gear. Make the switch port facing the AP a hybrid port with a >> native VLAN so all untagged traffic gets tagged with the native VLAN ID. >> You can still retain your universal management VLAN that way. And yeah a >> different ID for each AP which is on the same switched network. If you add >> the data VLAN to the wireless devices then the config of the devices will >> be different at each tower and that'll complicate your life quite a bit. >> >> SM Isolation is a feature on Cambium PMP and ePMP. The AP won't forward >> traffic from one SM to another, if SM's need to exchange traffic that has >> to go through the router upstream from the AP's. This might be slightly >> less efficient in the case that someone actually does this, but it's pretty >> rare to have intentional traffic going SM to SM......usually that's just >> broadcast chatter which you're better off if you drop. I do not know if >> Ubiquiti has an equivalent feature. >> >> >> On 6/20/2021 12:52 PM, Jan-GAMs wrote: >> >> I thought I had mentioned earlier an "all Ubiquiti" network? And I'm >> fairly certain you're not discussing mechanical isolation mounts for motors >> when you are referring to SM isolation for Canopy? (laugh time). >> >> I think we are small enough that a seperate VLAN per AP is possible to >> do. Thanks for the suggestion, plus it will save us money we don't have. >> Now you are saying the AP should have it's own VLAN. Are you also saying >> the Downlinks which connect the next tower which are also configured as an >> AP should also have their own VLAN? Or are you saying that only APs which >> have customer radios connected should have their own VLAN? >> >> Presently we have every device on the same VLAN for management and most >> of the new radios seem to have only one setting for one VLAN, the older >> stuff you can add more VLANs by clicking the "add" button. Can you point >> me to a white paper on deploying multiple VLANs in a network so I can >> better wrap my feeble brain around this? >> On 6/19/21 9:57 AM, Chuck McCown via AF wrote: >> >> Assuming you use some form of Canopy or Cambium, I presume you have SM >> isolation turned on too, right? >> >> *From:* Chuck McCown via AF >> *Sent:* Saturday, June 19, 2021 10:27 AM >> *To:* [email protected] >> *Cc:* Chuck McCown >> *Subject:* Re: [AFMUG] BNG dynamic provisioning Re: strange outage >> >> You need to use VLANs to pipe each AP back to your router on its own >> tag. >> Then the router can make sure there is no AP to AP traffic. >> >> This is the same as having a router at the tower with each AP on its own >> router port. >> >> *From:* Jan-GAMs >> *Sent:* Saturday, June 19, 2021 9:28 AM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] BNG dynamic provisioning Re: strange outage >> >> >> That's what we been doing for a long time. The ubiquiti switches are >> manageable from the UISP. We use a VLAN for management. >> On 6/19/21 7:10 AM, Chuck McCown via AF wrote: >> >> UBNT US-8-60W is $109 >> >> VLAN tag each AP port. Set up your downlink as a VLAN trunk. Then each >> AP will have its own private channel back to your core/edge router. >> I am no VLAN expert by any means. There are lots of experts here. But >> this is the method I used literally 18 years ago when faced with this same >> problem. I used a cisco managed switch that was built for wide temperature >> conditions. 2900 or 2500 or something like that. Worked like a champ. >> >> Are you sure the ubiquity switch you have at each tower does not support >> VLANs? >> >> *From:* Jan-GAMs >> *Sent:* Saturday, June 19, 2021 6:23 AM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] BNG dynamic provisioning Re: strange outage >> >> >> We have in each tower a ubiquiti switch and one or two APs plus an >> uplink(to next tower towards the gateway) and a downlink(away from the >> gateway). We don't have that many customers to support a huge investment. >> >> Ok, looks like the advice is to replace the ubiquiti switches with >> ubiquiti routers? I haven't seen in router setup any provision for BNG, >> maybe I'm missing something. I'd never get management willing to replace a >> $100 switch with a $3,000 Cisco router, especially on a network where we >> wouldn't make that much ROI in several years (we have a board of directors >> who keep threatening to shut us down, they're mostly from last century and >> barely know how to use a cell-phone). >> >> Am I wrong in thinking we can configure an Edgerouter X to prevent these >> multicast storms we're having in our networks? I'm loathe to use any >> natting, can I leave these in bridge-mode and get a solution to the problem? >> >> >> On 6/18/21 5:24 PM, Mark Radabaugh wrote: >> >> Absolutely! Glad to hear others are doing this - it’s what Amplex has >> been doing for years. >> >> I get really tired of the ‘experts’ telling everyone there is only one >> ‘right’ way to build a network, yet have never heard of this. >> >> Mark >> >> On Jun 18, 2021, at 3:48 PM, Carl Peterson <[email protected]> >> wrote: >> >> We use the same BNG for all our residential subs in a market. GPON, >> Active Ethernet, and Fixed Wireless. Some of the fixed wireless stuff >> requires a hack to run the CVLANS through another box to add the second tag >> but that's cheap and easy enough. A Netonix 6 mini hanging off a switch can >> do it with either 0x88a8 or a second 0x8100 tag. Cambium supports QinQ >> natively. >> >> On Fri, Jun 18, 2021 at 2:36 PM D. Bernardi <[email protected]> >> wrote: >> >>> >>> Thanks. This seems fairly common on GPON >>> networks as well so you could use this feature >>> for both GPON and Fixed Wireless on the same BGN. >>> >>> >>> At 01:59 PM 6/18/2021, you wrote: >>> >Juniper. We have a MX5 in production and a >>> >MX204 I'm setting up right now to replace it.  >>> >Subscriber management is additional >>> >licensing. Not sure if just dynamic interface >>> >creation requires subscriber management >>> >licensing. I just looked on our production BNG >>> >and it isn't using subscriber-vlan.  >>> > >>> >subscriber-accounting >>> >        1      1      0  >>> permanent >>> > >>> > subscriber-authentication >>> >      0      1      0  permanent >>> > >>> > subscriber-address-assignment >>> >    1      1      0  permanent >>> > >>> > subscriber-vlan >>> >           0     >>> > 1      0  permanent >>> > >>> > >>> >< >>> https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/dynamic-interfaces-overview.html >>> > >>> https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/dynamic-interfaces-overview.html >>> > >>> >On Fri, Jun 18, 2021 at 12:34 PM D. Bernardi >>> ><<mailto:[email protected]>[email protected]> wrote: >>> >At 12:35 PM 6/18/2021, Carl Peterson wrote: >>> > >We've gone full circle - Flat to fully routed to >>> > >MPLS/VPLS over a routed network back to >>> > >flat. You hit a scaling issue with routed >>> > >networks as you hit 10G and above, especially if >>> > >you aren't using Mikrotik or other low cost >>> > >routing. Real carrier grade switching is a lot >>> > >lower cost, lower power, and much easier to manage.  >>> > > >>> > >Every customer has their own dedicated circuit >>> > >(SVLAN.CVLAN). The corresponding interface on >>> > >the BNG is dynamically created for the >>> > >subscriber with attributes out of radius. Â >>> > >Something like this isn't the right answer at >>> > >100 customers but you should consider it or >>> > >something like it once you go north of a few k subs. Â >>> > >>> > >>> >What are you using for the BNG and does it >>> >require an additional license for dynamic interface creation? >>> > >>> > >>> > >>> > >>> >-- >>> >AF mailing list >>> ><mailto:[email protected]>[email protected] >>> >http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> > >>> > >>> > >>> >-- >>> > >>> >Carl Peterson >>> > >>> >PORT NETWORKS >>> > >>> >401 E Pratt St, Ste 2553 >>> > >>> >Baltimore, MD 21202 >>> > >>> >(410) 637-3707 >>> >-- >>> >AF mailing list >>> >[email protected] >>> >http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >>> >>> -- >>> AF mailing list >>> [email protected] >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >> >> >> -- >> >> Carl Peterson >> >> *PORT NETWORKS* >> >> 401 E Pratt St, Ste 2553 >> >> Baltimore, MD 21202 >> >> (410) 637-3707 >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> >> >> ------------------------------ >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> ------------------------------ >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> ------------------------------ >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
