VLAN disabled on the AP, and consequently on the SMs as well, still lets
you send/receive VLAN tagged frames transparently. Just like a dumb
switch would. It sounds like that's what you're doing now? Using routers
at the customers that are capable of VLAN tagging on their WAN interface?
To get that one SM in NAT mode and have its NAT WAN interface on a
specific VLAN will require enabling VLAN at the AP. In bridge mode, the
SM strips the VLAN tag for default port VID frames leaving its ethernet
interface. Untagged ingress frames on the ethernet then get the default
port VID added and sent out of the RF interface. Exactly the same as an
access-mode switch port, for port type=Q anyway.
I think the problem you're going to run into is dynamic learning.
Customer inactivity could cause delays because of dynamic membership
timeouts. You could always log into every bridged SM and add your
'public' VLAN as a static member. But that's messy.
I would used the radios as designed. Take the tagging off of the
customer devices/routers and use default port VID on the SMs. This
shouldn't be too difficult to achieve with cnMaestro or RADIUS. I guess
the customer equipment could be another issue, unless you have control
of it.
On 7/21/2017 3:57 PM, Ethan E. Dee wrote:
Basically, we typically leave the SM as a bridge. Leaving it untagged
on VLAN 1 is fine it gets an IP on a private network. Then on the
router, we will tag the wan interface with the Public IP vlan which
gets bridged thru the AP and SM to the router and the router gets them
out to the internet.
In this case, I want the radio to start off with a Public IP on that
Public Vlan and not bridge anything thru, Enable nat on the SM and
have the LAN port carry DHCP on a private range. Basically putting the
SM in 'Router mode' instead of 'bridged mode'.
On 07/21/2017 04:21 PM, George Skorup wrote:
The AP is always a bridge. Enabling VLAN simply turns it and the SMs
into managed VLAN trunking devices. Dynamic learning (enabled by
default) will add VLAN memberships based on SM VLAN settings when
they register. There's more to it than that, but I don't think you
need to worry about it.
Just note that VLAN ID 1 on Canopy is always untagged. Using it for a
management VID is fine, and is typically what I do.
Are you asking what to do with the switch/router config? Say a
MikroTik with some ethernet ports are members of bridge1. Add a VLAN
and make the interface=bridge1. Set the VLAN ID to whatever you
configured as the default port VID on the SM. Add an IP address, DHCP
server, etc. to the VLAN interface.
On 7/21/2017 2:39 PM, Ethan E. Dee wrote:
I think I understand your 'Step 2'.
Can you break down 'Step 1' for me?
I have done nothing but bridging so far with these. So it is kind of
a special use case.
On 07/21/2017 03:12 PM, George Skorup wrote:
Configure the VLANs on your switch/router. Enable VLAN on the AP
and configure for your environment/prefs.
Configure NAT mode on the SM. Set default port VID on the VLAN
config page. The SM's NAT WAN interface will be on that VLAN on the
RF side and come out of the AP's ethernet interface tagged.
On 7/21/2017 1:26 PM, Ethan E. Dee wrote:
Is there a way to put a VLAN interface on the WLAN side of a
PMP450i 900mhz? And then nat through the radio so that LAN port
hands off a private IP? Played around with it about an hour and
couldn't get it. Obviously missing something.
--
Ethan Dee
Network Admin
Globalvision
864 704 3600
[email protected]
For Support:
[email protected]
864 467 1333
For Sales:
[email protected]
864 467 1333
--
This message has been scanned for viruses and dangerous content by
*E.F.A. Project* <http://www.efa-project.org>, and is believed to
be clean.
_______________________________________________
Cambium-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/cambium-users
_______________________________________________
Cambium-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/cambium-users
--
Ethan Dee
Network Admin
Globalvision
864 704 3600
[email protected]
For Support:
[email protected]
864 467 1333
For Sales:
[email protected]
864 467 1333
_______________________________________________
Cambium-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/cambium-users
_______________________________________________
Cambium-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/cambium-users
--
Ethan Dee
Network Admin
Globalvision
864 704 3600
[email protected]
For Support:
[email protected]
864 467 1333
For Sales:
[email protected]
864 467 1333
_______________________________________________
Cambium-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/cambium-users
_______________________________________________
Cambium-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/cambium-users
