Unless you have switches in between handling the VLANs and untagging you aren’t going to reduce much of anything.
The MAC tables will still be there, but then have to also track VLAN tables as well. The MAC table won’t shrink unless that device is completely removed from one or more VLANs. If each AP is on one VLAN only and whatever port it’s tied to is on an untagged port, then I don’t see why it would reduce performance. Most any device now days except a $20 dumb switch will do port based VLAN and trunk to an uplink no problem (at wire speed). If your router can’t handle assigning a subnet to a VLAN one to one without CPU going up, then something is really wrong. We can meet at my office sometime this week and take a closer look. From: Af [mailto:[email protected]] On Behalf Of Brett A Mansfield Sent: Tuesday, January 26, 2016 7:28 PM To: [email protected] Subject: Re: [AFMUG] Router for VLANs I do give every customer a public. I had a router port to each AP before, so that is kinda the same thing. But I'm still not sure how this would eliminate the issue of maxing out the CPU on the router? It's still a bunch of VLANs bridged to the WAN port. Thank you, Brett A Mansfield On Jan 26, 2016, at 7:21 PM, Josh Reynolds <[email protected]<mailto:[email protected]>> wrote: Divide part of the block you were given and hand out the ips allocated to the block on the vlan. Only works if you are given every customer a public though, and each site or group of APs / AP would be on its own vlan. On Jan 26, 2016 8:18 PM, "Brett A Mansfield" <[email protected]<mailto:[email protected]>> wrote: You said I could allocate a subnet per VLAN. How would I do that and not max out the CPU? Is that the FastPath you speak of? Thank you, Brett A Mansfield On Jan 26, 2016, at 6:21 PM, Josh Reynolds <[email protected]<mailto:[email protected]>> wrote: Yes, you can create /30 for each client, which which is fairly wasteful, or you could allocate a subnet per vlan, which you can under/over estimate during provisioning there. PPPoE is another option, and one I'm personally not a fan of. You could 1:1 NAT them, but that scales very poorly. You could also simply get more IPv4, which is likely the easiest. At some point soon, you really need to be looking at IPv6 though. On Jan 26, 2016 7:14 PM, "Brett A Mansfield" <[email protected]<mailto:[email protected]>> wrote: I currently have a router with two ports that are not bridged to each other, but are statically routed. On each port I have the untagged Public LAN with Public IPs, and a tagged VLAN with internal IPs for management. But yes, after the router it is just a large bridged/switched network. Some of my older devices have run out of ram due to a large bridge table. The newer devices do not have that issue. I'm not really having any major issues. I did have each and every access point on their own dedicated port to the router with their own network. My issue with that was I had several ports running out of public IPs while others had more than enough to spare. I don't want to waste all of these IPs routing them like that, and I want to be able to move them around at will. PPPoE is not an option for me. Thank you, Brett A Mansfield > On Jan 26, 2016, at 5:38 PM, Josh Reynolds > <[email protected]<mailto:[email protected]>> wrote: > > So, if you tried to create a bunch of vlans and then bridged them all > together to terminate them on a single router interface/subnet/ip, > thats not going to work. What you just did didn't really segment > anything at all, and turned a fairly high performance (relatively > speaking) router into a kind of "hub". Remember hubs? Before swithces? > Terrible, terrible things. > > VLANs are not complicated constructs, and it drives me nuts that they > are so poorly understood. > > For you to segment your network, there are two ways to do it. You can > do it at layer2 with vlans, but those vlans will still terminate on > their own subnet at a router somewhere. The other way to do it is via > layer3, and route everything through your network. Both have > advantages, and the advantages of both depend on the network design, > transport medium used, etc. > > Are you currently running a large bridged/switch network and having issues? > > On Tue, Jan 26, 2016 at 6:06 PM, Brett A Mansfield > <[email protected]<mailto:[email protected]>> wrote: >> What is a good router with FastPath. If I recall, the CCR had that, but I >> wasn't impressed with anything Mikrotik. >> >> I just want to segment my network into VLANs to limit the broadcast domain. >> I would also like to segregate services such as video and Internet. >> >> Thank you, >> Brett A Mansfield >> >>> On Jan 26, 2016, at 4:57 PM, Josh Reynolds >>> <[email protected]<mailto:[email protected]>> wrote: >>> >>> Okay, bridging a VLAN is where you are going wrong. Bridging is ALWAYS >>> going to send traffic to a low performance management CPU as opposed >>> to some type of FastPath hardware offloaded implementation. >>> >>> You need to attach a network diagram, and explain what you are trying to do. >>> >>> On Tue, Jan 26, 2016 at 5:54 PM, Brett A Mansfield >>> <[email protected]<mailto:[email protected]>> wrote: >>>> I'm looking for the best router available to handle Internet over VLANs >>>> that doesn't peg the CPU. >>>> >>>> Currently I use a UBNT EdgeRouter Pro, but I cannot get more than 100Mb >>>> from a bridged VLAN and that pegs the CPU to 100%. I get the same issue on >>>> CCRs. >>>> >>>> Thank you, >>>> Brett A Mansfield
