Page 1 of 1

Bridging a VLAN interface with other interfaces, hAP ac2

Posted: Sat Jun 27, 2020 8:51 pm
by allyx
Hello guys, I have a question how to achieve the following idea in a recommended way.

I have a hAP ac2, and I have a managed switch.

On the managed switch I've divided the access ports in 3 VLANs and I've made a tagged trunk port accessing the 3 of them - let's say vlan10, vlan20, vlan30.

On the hAP, I've created 3 vlan interfaces on the trunk interface with vlan10, 20, 30, and added 3 addresses - let's say 192.168.1.1/24 : 192.168.1.0, 192.168.2.1/24 : 192.168.2.0, 192.168.3.1/24 : 192.168.3.0 attached to the respective vlan interface.

Up to now this scenario works kind-of - I have access to all machines on the 3 vlans by IP. One issue I have is I can't WoL the machines, but I suppose this is some broadcasting issue I will read how to solve.

What I want is the following: I want to bridge vlan10 to the rest of the interfaces on the hAP so that ether2,3,4 and vlan10 are the same LAN.

I'm not sure what's the correct way to do that - I tried adding the vlan10 interface to the bridge containing the other ports, but I don't have access to the vlan10 devices. I tried both to set the address(192.168.1.1/24) to the bridge, or to set two equal network addresses - one to the interface and one to the bridge, but it didn't work. I'd be thankful to hear any recommendations what are the best practices for my case - I just want the devices on the vlan10 network and the ones connected to the hAP ports and wifi to be on the same LAN.

Re: Bridging a VLAN interface with other interfaces, hAP ac2

Posted: Sat Jun 27, 2020 11:42 pm
by kujo

Re: Bridging a VLAN interface with other interfaces, hAP ac2

Posted: Sun Jun 28, 2020 12:25 am
by xvo
Using bridge vlan filtering on non-CRS3XX switch chips will severely degrade performance, as the bridge will lose hw-offloading.
So only the part of this manual, where all vlan interfaces are created on top of the bridge should be used.
The rest of vlan setup has to be done in the switch menu.

Re: Bridging a VLAN interface with other interfaces, hAP ac2

Posted: Sun Jun 28, 2020 3:46 am
by anav
xvo, can you quantify degrade loss of performance please.
You make it sound like the world will come to an end but I used it on both hex and RB450gx4 and my apologies but I didnt notice any horrible performance.

Re: Bridging a VLAN interface with other interfaces, hAP ac2

Posted: Sun Jun 28, 2020 11:43 am
by xvo
xvo, can you quantify degrade loss of performance please.
You make it sound like the world will come to an end but I used it on both hex and RB450gx4 and my apologies but I didnt notice any horrible performance.
As I remember, you traded RB450gx4 for CCR1009 because the first didn’t keep up?!

There is a table of max l3 performance for each device in the product page.
Why spend the CPU power on tasks that can be offloaded to the switch chip, and use CPU for some other stuff? Or let it run idle and cool...

Re: Bridging a VLAN interface with other interfaces, hAP ac2

Posted: Sun Jun 28, 2020 12:03 pm
by sindy
@anav, the difference between presence and absence of hardware L2 forwarding only becomes noticeable when there is some traffic heading from one LAN port to another, which is not your case at home. If all packets from LAN have to be handled by the CPU in order to be routed through WAN, no L2 forwarding happens at all.

When hardware forwarding is active, and just two devices, each connected to another LAN port, talk to each other using IP addresses from a subnet common for both, the switch chip is not a bottleneck. So if the sender is able to send on the negotiated interface speed, the receiver will receive the frames on the same speed (unless it has negotiated a slower interface speed of course). If hardware forwarding is disabled and the CPU (using the "bridge") has to forward each frame, the throuput degradation depends on the CPU power; with a strong enough CPU, you may not notice a degradation of the L2 forwarding itself if tested alone, but as the CPU is loaded by the forwarding, the overall throughput may be affected if other tasks have to be processed simultaneously. So it is not possible to say what the difference is because the above mentioned factors (CPU throughput and the volume of other CPU jobs) heavily affect the result.

Re: Bridging a VLAN interface with other interfaces, hAP ac2

Posted: Sun Jun 28, 2020 2:32 pm
by anav
xvo, can you quantify degrade loss of performance please.
You make it sound like the world will come to an end but I used it on both hex and RB450gx4 and my apologies but I didnt notice any horrible performance.
As I remember, you traded RB450gx4 for CCR1009 because the first didn’t keep up?!

There is a table of max l3 performance for each device in the product page.
Why spend the CPU power on tasks that can be offloaded to the switch chip, and use CPU for some other stuff? Or let it run idle and cool...
No Xvo, the issue was a hardware problem with the RB,,,,,,, and partially a misconfigured icmp jump ruleset

Re: Bridging a VLAN interface with other interfaces, hAP ac2

Posted: Sun Jun 28, 2020 3:36 pm
by xvo
No Xvo, the issue was a hardware problem with the RB,,,,,,, and partially a misconfigured icmp jump ruleset
Anyway, you should get my point: it's always better to configure router the right way from the start, than reconfigure it afterward, when you'll start noticing some problems.
That's not even harder or longer to do so, just different.

Re: Bridging a VLAN interface with other interfaces, hAP ac2

Posted: Sat Jul 04, 2020 11:49 pm
by anav
Concur!