I have a hotspot up and running using a 750G as the access controllers and three radios connected via ethernet.
I would like to change from using the switch chip (master port/slave setup… e2-master, e3slave, e4slave…) to using a bridge (e2-e5 bridged together). However when I did this, I lost my hotspot firewall filter rules. What is the best way to make this switch ?
Also, would I need this option ? use-ip-firewall
You just create the bridge interface, edit the Hotspot server instance to run on the bridge interface and then change the ports to be not slaves, and to be part of the new bridge. In that order.
You don’t need use-ip-firewall because you’re not trying to firewall between the bridge ports, but between the bridge and the rest of the world.
Tanks fewi. I will try that. I had tried MOST of those steps… but did not change the hotspot to run on the bridge interface.
Don’t forget to change the interface of the DHCP server to the bridge, and the IP addresses that were on the switch to the bridge as well.
Hello,
First post here. I’m using a 750G in much the same way and my question is, what is the advantage in bridging the ports, as opposed to operating them in a master/slave mode?
I’m still in learning mode and so apologies if the question is newb-ish.
Harry.
Using the switch chip completely bypasses the CPU for processing local traffic between the LAN ports. However, you have very little control over the traffic that goes over these ports.
Using a bridge uses the CPU for this processing, but you gain the control of being able to pass all of the packets through the firewall and therefore have a lot more control over the traffic.