0

The Ubiquiti EdgeRouter X (ERX) has a switching chip on board so that it can be used as an L3 switch instead of as a router.

I have another router, we'll call it router-core, which is serving an internal network on VLAN 100 on my local network. What I would like is to be able to configure my ERX so that the following behavior occurs when I connect it to my network:

  • The ERX does not get an IP address on VLAN 1
  • The ERX does get an IP address from my router-core on VLAN 100
  • Any other clients I connect to the ERX are automatically dropped onto VLAN 100, and subsequently can talk to the router-core.

Essentially, I am trying to configure the ERX as a smart switch with all the ports tagged for VLAN 100. This seems like it would be straightforward, but evidently it is not. (Note: in the linked thread its stated that what I'm trying to do isn't supported, but the thread is nearly five years old now, so I'm looking for newer info if it exists)

I have tried the following configurations:

  • Attempt #1:
    • switch0 address set to DHCP
    • switch0 vlan-aware enabled
    • Switch ports eth0-eth4 set so pvid is 100
  • Attempt #2: (with this one, switch0.200 got a DHCP lease from router-core but no client did)
    • switch0.200 address set to DHCP
    • switch0 vlan-aware set to disabled
    • Switch ports eth0-eth4 set with no VLAN configuration

The only other option I'm seeing is to create a bridged interface and try to work with that, but that loses all the performance of having a dedicated switching chip, which would be very frustrating.

Any help would be greatly appreciated.

enpaul
  • 202
  • 2
  • 13

1 Answers1

0

this should be possible by now. From your question here at Server Fault it is not clear whether your "VLAN 1" is a tagged or untagged VLAN, so I go with the setup from the Ubnt link that you included in your question:

eth0:

  • untagged: VLAN 1
  • tagged: VLAN 11, 12 and 101

eth1:

  • untagged: VLAN 101
  • tagged: none

eth2:

  • untagged: VLAN 11
  • tagged: none

eth3:

  • untagged: VLAN 12
  • tagged: none

Should be implemented by a configuration as follows (under interface):

switch switch0 {
    switch-port {
         interface eth0 {
             vlan {
                 pvid 1
                 vid 11
                 vid 12
                 vid 101
             }
         }
         interface eth1 {
             vlan {
                 pvid 101
             }
         }
         interface eth2 {
             vlan {
                 pvid 11
             }
         }
         interface eth3 {
             vlan {
                 pvid 12
             }
         }
         vlan-aware enable
     }
     vif 1 {
         address 192.168.1.1/24
         description Management
         mtu 1500
     }
     vif 11 {
         address 192.168.11.1/24
         description LAN
         mtu 1500
     }
     vif 12 {
         address 192.168.12.1/24
         description Guest
         mtu 1500
     }
     vif 101 {
         address dhcp
         description WAN
         mtu 1500
     }
}
Alexander Stumpf
  • 1
  • 3
  • FYI: VLAN 1 is always untagged. It is litterally the definition on VLAN 1. :-) – Lasse Michael Mølgaard Dec 12 '22 at 15:32
  • @LasseMichaelMølgaard That's definitely incorrect! – Alexander Stumpf Dec 13 '22 at 17:34
  • Well `VLAN 1` is defined by default to be `native vlan` and therefore untagged. The purpose is it can receive network packages that does not have 802.1q tag and handle them as if they belonged to whatever vlan is the native vlan, which I stated earlier is VLAN 1 by default. – Lasse Michael Mølgaard Dec 13 '22 at 20:29
  • @LasseMichaelMølgaard "native" VLAN is whichever VLAN is defined as PVID. There is no magical meaning about number one when it comes to a VLAN tag. I run VLAN 1 in my home network both tagged and untagged, depending on port, and the attached switches from other brands (TP Link and Levelone) have also no problem with a tagged VLAN 1. Have a look at the 802.1Q tag format at https://en.wikipedia.org/wiki/IEEE_802.1Q#Frame_format. There's no reason why those 12 bits comprising the VID shouldn't be 000000000001. – Alexander Stumpf Jan 20 '23 at 17:09
  • Okay. As far as I read Wikipedia on VLAN 1, it is just the factory default vlan. If it is untagged the value would be 0x000000000000. – Lasse Michael Mølgaard Jan 22 '23 at 09:44