Hello. I’m trying to figure out how to run Hotspot server on VLAN intend of physical interface or bridge.
At this moment we have bridge wheres connected 7 PtP UBNT NB5M (WDS) going to 7 relay towers around the zone and around 6k clients connected. At the end i have plenty of drops on bridge, broadcast and many undesired issues.
i would like to build something like this:
I physical interface, for example Eth2 with 7 VLANs for 7 PtP dishes (All should go through UBNT PoE switch which supports Vlans but problem is that i was trying a week and couldn’t understand anything about VLANs )
7 hotspot servers running on 7 Vlan interfaces (is it possible ? or Hotspot can’t run on VLAN interface? )
7 different DHCP servers with different pools
1 VLAN for device management , all UBNT APs have static IPs
1 Physical proxy server (how can i route bandwidth to that box if all clients will be in different subnets??)
Things i’m trying to understand:
I never could make VLANs work. i created them and set in UBNT device VLAN ID, one for management another for LAN interface, had DHCP servers running on both VLANS - 0 bites, no activity.
How to make Tough PoE UBNT switch to work with MT Vlans ? same problem - it didn’t work, 0 bytes
How to route HTTP bandwidth from 7 different subnets to 1 physical interface (Squid is running there)
What are the link parameters for those NB5Ms? How about the bandwidth utilization? Generally you don’t want to pass broadcast traffic of so many clients through directed radio links. Since they’re sharing the same broadcast domain you’ll most likely face congestion through broadcasts being carried across all bridge links. I think what you want is a fully routed environment with OSPF and NBMA/PtP neighbor configuration. Perhaps even MPLS with VPLS on top.
Do you have any existing diagram that you can share with us?
As stated above, I wouldn’t consider using VLANs here. Build up OSPF areas based on dedicated ip pools - one per site.
We’re talking about 802.1q port-based VLANs here. In a nutshell - physical ports can either be tagged (“vlan aware”) or untagged (“non aware”). If you want to pass a VLAN between two devices, both ports have to be tagged with the respective VLAN ID (that’s a 802.1q VLAN TRUNK). Ports can run untagged and tagged traffic at the same time (mostly referred to as dual-mode operation). Actually I suggest you start building up a deeper understanding of the technologies mentioned above. Put up a lab incl. diagrams and documentation so you can always go back and re-use it for later reference. Next stop IMHO would be to learn about routing and basic firewalling.
You should slowly consider updating your routers to the latest release (6.17). There were some severe bugs been fixed in regards to the way the scripting engine works and flaws with the import/export functionality (backup/restore).