Quick question on the intended functionality of port isolation. We presently have several customers will install a CPE router with OSPF enabled and then install multiple CPEs and connect them to multiple towers to provide redundancy and failover using OSPF. As we begin to implement larger layer 2 bridges at our towers we've been making use of port isolation more and more. We put all APs at a specific tower on the same VLAN and then just isolate the ports between the AP so that the AP and their customers can't talk to one another.
The problem that were running into is that because port isolation is checked for the ports to the APs and not to the router it's still blocking the broadcast OSPF updates from the router. As a result we end up with CPE routers with adjacencies formed but no updates to the routing tables. The short question is should port isolation block broadcast traffic between isolated ports and nonisolated ports such as in this case?
Port Isolation
-
LRL - Experienced Member
- Posts: 238
- Joined: Sun Nov 23, 2014 4:00 am
- Location: Rock Springs, WY
- Has thanked: 18 times
- Been thanked: 49 times
Port Isolation
-LRL
"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson
"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson
-
sirhc - Employee
- Posts: 7347
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1597 times
- Been thanked: 1318 times
Re: Port Isolation
Not sure that feature allows granularity, remember we simply turn features on and off from the core. If it does allow granularity then we would need to allow configuration as most times people want all traffic blocked from isolated ports to protect against MC and broadcast packets would they not?
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
-
LRL - Experienced Member
- Posts: 238
- Joined: Sun Nov 23, 2014 4:00 am
- Location: Rock Springs, WY
- Has thanked: 18 times
- Been thanked: 49 times
Re: Port Isolation
Indeed, I think you would want traffic blocked between ports that are isolated, but not between isolated ports and ports that are not isolated.
For instance, having an AP in client isolation does not prohibit OSPF from working in this fashion.
For instance, having an AP in client isolation does not prohibit OSPF from working in this fashion.
-LRL
"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson
"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson
-
sirhc - Employee
- Posts: 7347
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1597 times
- Been thanked: 1318 times
Re: Port Isolation
LRL wrote:Indeed, I think you would want traffic blocked between ports that are isolated, but not between isolated ports and ports that are not isolated.
For instance, having an AP in client isolation does not prohibit OSPF from working in this fashion.
I think that is how it works now?
Is say port 2 is isolated but port 1 is not port 1 will talk to port 2 and allow BPDU and MC packets to pass?
Either way Stephen is working on getting up to speed, hopefully in a couple months and if this can be done I would ask him to do it.
Eric is splitting his time between WS and WS2 firmware for now but will lease WS and Manager to Stephen sometime this early summer.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
-
LRL - Experienced Member
- Posts: 238
- Joined: Sun Nov 23, 2014 4:00 am
- Location: Rock Springs, WY
- Has thanked: 18 times
- Been thanked: 49 times
Re: Port Isolation
Not presently. There appears to be some multicast/broadcast traffic issues between the two ports. I have not had time to fully investigate, but before I dive into it I wanted to make sure what the intended function was.
-LRL
"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson
"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson
-
mike99 - Associate
- Posts: 837
- Joined: Tue Nov 25, 2014 10:53 am
- Location: Quebec, Canada
- Has thanked: 95 times
- Been thanked: 245 times
Re: Port Isolation
Make sure the OSPF DR device is without isolation. If you didn't set DR priority, the DR will be the one with the highest IP address, so often a customer device.
6 posts
Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 13 guests