I plan to set up VLANS on these and would be interested to hear the recommended method.
The CCR will handle routing and a trunk to CRS with approx. 3 VLANS
SInce I believe those are mainly switches and may be able to take advantage of switch chips etc…
THis is also an excellent guide for the other way… https://www.youtube.com/watch?v=Rj9aPoyZOPo
Thanks for the replies and clarification. I had noticed that YouTube video before so will spend some time on it now I can use it.
So the wiki states “For more complex setups (for example, VLAN filtering) you should use the port isolation feature instead.”
I assume that means I can follow the Port Based VLAN section on that page?
AFAIK that refers to private VLANs which are different to 802.1Q virtual LANs, the latter are what most people are referring to VLANs.
The switch chip in CRS1xx/2xx devices can be programmed to do either, and also protocol or MAC-based VLANs neither of which are particularly common these days.
Thanks. I should have read further down the page to see there is a separate port based isolation section.
That makes things much clearer - Essentially I want a setup like shown example 1 under port based VLAN. Hopefully that will match up to what is said in the Youtube video - saving that excitement for tomorrow!
Port-based VLAN versus bridge vlan filtering depends whether you want to use device as router/switch combo or as plain router. The guy in video is using leftmost device as plain router and bridge is not needed at all. If you want to use multiple ports on CCR to carry same (V)LAN, then you should use bridge with vlan-filtering.
Switch-chip setup is highly dependant on actual switch chip used. Guy in video is using hAP lite with AR8227 switch chip while yours is CRS226 with QCA8519 (or whatever name it’s known under since QCA8519 is a SoC). So yes, you should follow the document you linked in your last post to properly configure your device.
I have this set up and working now. I can connect into the desired VLAN port on the switch and receive an appropriate DHCP address for that VLAN.
As it stands now I have router on a stick. CCR does all the routing with a single trunk to CRS acting as a switch.
Now I want to make sure I can get maximum speed between certain VLANS. If I am not mistaken, the trunk is going to be a bottleneck and I need some inter VLAN routing on the CRS.
You could but it isn’t worth it:
The various client devices would require static routes to the VLAN IP addresses on the CRS as they will send all traffic not destined for their subnet to their gateway address on the CCR.
You can easily end up with firewall issues stemming from triangular routes.
As CRS devices are intended to be switches, not routers, forwarding using the CPU may well be slower than the 1Gbps link to the CCR.
@tdw - thanks, very good point about the client machines gateway. I think things could get messy quite quickly if I start configuring firewall rules and routes on the CSR.
The link aggregation looks good. I will study the wiki page you have listed and try and implement that.
So I set up port trunking today as per the guide - I am using two ports on each device
I have tested client to client speed across VLANS by running iperf. I get an average of about 940Mbps. Interestingly if I remove one of the trunk cables. the speed stays the same?
Why does in not decrease? This implies all the data is not going through the router.
Maybe I should have tested first, but at least I have some redundancy.
Documentation about switch trunks, supported by CRS1xx/CRS2xx, is slightly scarce, but judging from configuration example shown in this document it is possible to assume it’s similar to bonding with layer2-and-3 transmit policy. And with this kind of bonds pair of hosts (same pair of MAC addresses - L2 - and same pair of IP addresses - L3) always use single (and same) physical link (not necessarily same in both directions though). So trunk/bond doesn’t speed up connections between single pair of network devices, it offers higher overall throughput (e.g. when multiple pairs are communicating at the same time) as traffic gets statistically distributed over all available physical links. At the same time trunk/bond offers redundancy, in case of failure of one link traffic gets (more or less) seamlessly redistributed/migrated to the rest of links.
Thanks for the explanation. I am getting near Gigabit speeds between 2 laptops so I can’t ask for much more. I used documentation as linked by tdw above and explains setting up the crs and also the router.