Omada SDN Controller - SG2428P Switch

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada SDN Controller - SG2428P Switch

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada SDN Controller - SG2428P Switch
Omada SDN Controller - SG2428P Switch
2020-10-18 22:33:03
Model: EAP245  
Hardware Version: V3
Firmware Version:

I have a couple of posts i want to make about issues in SDN - possibly quick fixes, but this topic is about an issue i can't seem to figure out.

 

My setup

 

EAP245V3 (x2) - Connected all under the same WLAN

SG2428P (about 3 days old), configured and connected to Omada SDN - hence the topic being under this category

 

ISP - PfSense (VM) - ESXi - 2 x LAN ports out (non LAG/LACP) - SG2428P

 

Omada SDN controller running on Debian, clean install, no migrated data. All FW and OS versions are the latest.

 

I have posted my question here, though i believe the issue is around configuration of the switch, simply because the switch is managed by Omada, so all guides on the switch configuration itself are not relevant or have not been helpful in me finding a solution.

 

I have read both the Switch manual and the Omada controller manual, though i'll be honest, i may have missed or misunderstood something.

 

 

Do note that all of the above setup was the same previously with the exception of the switch, I've replaced an SG2434P with SG2428P, the configuration otherwise is all the same.

 

 

My issues;

 

1. I can see the switch, all ports and all physically conencted devices, where a name is listed an IP is too and the 'uptime' is stable and counting as it should, however for any VMs on the ESXi host, connected by 2 LAN ports, not LAG/LACP configured, i get a list of mac addresses, but no IP and no host names (I've added some manually) and in the log>events, these connections connect and disconnect constantly, I thought this might be the two NICs, so i disconnected one, the problem persists. Do note, the devices do not physically drop off the network, they do not drop pings either, but they log a disconnection and connection.

 

The PfSense firewall has multiple VLANs and both physical NICS are trunks (in VMware) and all tagged except LAN on the switch. Using the ALL profile

 

 

Nothing disconnects physically and i can always ping VMs, the LAN ports, the host, firewall etc. It's just the disconnection in the events view, it shouldn't be doing this and since i don't drop any pings, i dont know if this is accurate or something i've missed in the switch/Omada configuration. This is affecting all VMs and all VMs will use ports 23 or 24.

 

2. My EAP 245v3, one of them has a pass-through device connected, I've set the LAN port as a different VLAN (but same as one of the SSIDs the AP hosts) - but it never gives the guest an IP on the VLAN it's marked for, it only ever gives an IP from the VLAN the AP is connected to, if this is VLAN1, the pass-through device gets an IP from VLAN1, if this is VLAN30 it gets an IP from VLAN30, even if it's marked to be on VLAN 50 for example.

 

3. Also related and similar to 2. If i put the AP on a different VLAN, such as VLAN30, but also want guests on the SSID to use 30, 40 and 50, again as examples, SSIDs 40 and 50 both work, but 30 fails to get an IP - yet the AP is happily sitting on this VLAN. If i move the AP to VLAN1, all 3 SSIDs work as expected. In the settings of the switch, it says the native VLAN is tagged by default, so VLAN30 should be passing through, but it doesn't seem to. This setup worked on the old switch, just doesn't seem to on the new one.

 

Sorry this is a long post, i hope it all makes sense and i've simply missed something in the configuration - the configuration between my old switch and the Omada managed one is a little different, so it's possible my translation of the configuration isn't 10% accurate.

 

I will post the issues with Omada SDN seperately another time.

 

  0      
  0      
#1
Options
29 Reply
Re:Omada SDN Controller - SG2428P Switch
2020-10-19 10:21:39

Dear @Rod-IT,

 

1. I can see the switch, all ports and all physically conencted devices, where a name is listed an IP is too and the 'uptime' is stable and counting as it should, however for any VMs on the ESXi host, connected by 2 LAN ports, not LAG/LACP configured, i get a list of mac addresses, but no IP and no host names (I've added some manually) and in the log>events, these connections connect and disconnect constantly, I thought this might be the two NICs, so i disconnected one, the problem persists. Do note, the devices do not physically drop off the network, they do not drop pings either, but they log a disconnection and connection.

 

So both the port 23 and port 24 on the SG2428P switch are connected to the ESXi’s two LAN ports, right? 

If you disconnect one(say port 23), then leave it for half an hour, would the events still show the disconnection constantly?

Did you reserve static IP addresses for the wired clients in your network?

 

2. My EAP 245v3, one of them has a pass-through device connected, I've set the LAN port as a different VLAN (but same as one of the SSIDs the AP hosts) - but it never gives the guest an IP on the VLAN it's marked for, it only ever gives an IP from the VLAN the AP is connected to, if this is VLAN1, the pass-through device gets an IP from VLAN1, if this is VLAN30 it gets an IP from VLAN30, even if it's marked to be on VLAN 50 for example.

 

Which port is connected to the LAN (pass-through) port of the EAP245? Could you please upload the VLAN settings for checking?

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:Omada SDN Controller - SG2428P Switch
2020-10-19 11:43:00

@Fae 

 

Fae wrote

Dear @Rod-IT,

 

So both the port 23 and port 24 on the SG2428P switch are connected to the ESXi’s two LAN ports, right? 

 

If you disconnect one(say port 23), then leave it for half an hour, would the events still show the disconnection constantly?

Did you reserve static IP addresses for the wired clients in your network?

 

I already tried this, and yes, this still happens. I tried physically removing the cable, i also removed the NIC from ESXi's active list so it wasn't even being seen, it still happened.

 

Note this ONLY happens for ports 23 and 24 where they connect to ESXi and this hosts multiple machines on varying VLANs.

 

Something to note in case it helps, PfSense is virtual and uses the same 2 physical NICs through ESXi, this is where my VLANs are created, in the client list, this changes what IP it's presenting, it's always a gateway IP, but it could be any VLAN. It doesn't always match the VLAN it's on either.

 

For example, if it returns IP = 192.168.10.1 - this is the client VLAN, but the SDN will report this as the Dirty network (IoT) which is 94

 

 

Wired clients are a mixed setup, for example i have my work laptop and my home PC both on DHCP and they are fine, but both are hard wired in their own port, the 2 connected APs are also DHCP and also work fine (except as noted above with the VLAN and ETH1 port). I have other issues related to FW or the SDN i will post seperately.

 

I have a physical NAS that connects to 2 VLANs with 2 separate cables and this is also not showing any issues - i did wonder is this is causing a loop, but nothing is triggering in the alerts and this doesn't seem to disconnect either.

 

None of the machines physically disconnect, but the logs show, specifically the VM machines on any VLAN disconnecting randomly - but it's not all devices, maybe 2 seem to show as connected for almost a day now, but i get no IP and no hostname from them.

  0  
  0  
#3
Options
Re:Omada SDN Controller - SG2428P Switch
2020-10-19 11:48:48

 

Fae wrote

 

2. My EAP 245v3, one of them has a pass-through device connected, I've set the LAN port as a different VLAN (but same as one of the SSIDs the AP hosts) - but it never gives the guest an IP on the VLAN it's marked for, it only ever gives an IP from the VLAN the AP is connected to, if this is VLAN1, the pass-through device gets an IP from VLAN1, if this is VLAN30 it gets an IP from VLAN30, even if it's marked to be on VLAN 50 for example.

 

Which port is connected to the LAN (pass-through) port of the EAP245? Could you please upload the VLAN settings for checking?

@Fae 

ETH1 (PoE) is connected to my switch, ETH2 is connected to another device, i specify this in the SDN under devices > AP > Config > advanced > ETH Port Settings

ETH1 VLAN:

 

Though looking at it this suggests the VLAN for the PoE port, so i may have misread or misunderstood this.

 

Either way, it doesn't matter what value is set here, whatever VLAN the AP is put on, the ETH2 port also connects to the same I can't seem to specify a different VLAN for this port.

 

 

And thank you for the reply, appreciate any guidance.

  0  
  0  
#4
Options
Re:Omada SDN Controller - SG2428P Switch
2020-10-20 02:27:32

Dear @Rod-IT,

 

whatever VLAN the AP is put on, the ETH2 port also connects to the same I can't seem to specify a different VLAN for this port.

 

 

The ETH2 is a bridged LAN port, the VLAN settings will follow the ETH1, sorry that we cannot set different VLANs for it.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#5
Options
Re:Omada SDN Controller - SG2428P Switch
2020-10-20 08:02:10

Then that makes sense; either i missed it in the manual or it's not clear what this VLAN setting is actually for.

 

 

I'm not a networking guy so some things are not as clear to me as other people.

  0  
  0  
#6
Options
Re:Omada SDN Controller - SG2428P Switch
2020-10-21 15:17:11 - last edited 2020-10-21 15:41:58

Hello Fae,

 

please can you comment on and/or ask R&D for further clarification on this point:

 

Fae wrote

The ETH2 is a bridged LAN port, the VLAN settings will follow the ETH1, sorry that we cannot set different VLANs for it.

 

VLAN-mapped ports can be bridged in the Linux kernel, too. For example, if setting eth2 to VLAN 78 the resulting virtual interface eth2.78 could be easily bridged with eth1.78 to process VLAN tags. At least the Linux kernel is capable of doing this with kernel VLANs.

 

What's more, the EAP245 does not have eth1 and eth2 (that are the labels on the EAP245 case only), but in Linux Ethernet interfaces usually start at eth0. This might explain why Omada Controller and the User's Guide labels the »local LAN port« eth1, but not eth2.

 

The PoE input port is eth0 (see ssh dialog below) and if I want to set a VLAN on eth0, I have to set the Management VLAN. So I think the local LAN port is eth1, but labeled eth2 on the EAP's case for whatever reason.

 

Now, in Omada Controller v3 the setting's help box reads:

 

If enabling the VLAN for eth1, I can't neither find a bridge to eth0 when logging in through ssh nor does the port eth1 follow eth0. eth1 is just dead, no connection to the network present on eth0.

 

The same happens when enabling Management VLAN and disabling VLAN for eth1: eth1 does not follow eth0. Note that on eth0 I have a trunk to the EAP245 including VLANs 2, 11 and 78. There is even a SSID mapped to VLAN 78 which works as expected.

 

In SDN Controller v4 the local LAN port setting is this:

 

 

Here the behavior is different, in fact eth1 is »bridged« with eth0 and follows the settings of eth0. However, the VLAN setting for eth1 is ignored.

 

But it seems to be no Linux bridge, in fact the (Linux) interface eth1 doesn't even exist as shown by ifconfig and brctl:

 

 

 

Now my questions are:
 

  1. What kind of bridge is used for bridging both interfaces? Is it implemented somewhere else in the Java code on application layer and why not use Linux native interfaces for bridging which would allow kernel VLANs?
     
  2. What are both settings supposed to do at all in both controller versions if a VLAN can't be set to eth1, the local LAN port?
     
  3. What about the EAP-Wall models with additional Ethernet interfaces? Can those interfaces be mapped to a VLAN and do they work?

 

 

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#7
Options
Re:Omada SDN Controller - SG2428P Switch
2020-10-21 16:56:11

Thanks for jumping in.

 

I am also confused by the VLAN option in the settings and you're correct on the labelling, ETH1 and ETH2 on the sticker, ETH0 and ETH1 in the underlying OS.

 

I am neither an expert on networking or any form of linux, but part of the reason i went with APs and the new switch is to force myself to understand things better, i run my controller on Debian too for that very reason.

 

It is entirely possible i misunderstand some of the verbage, the context or i've read it correct but it's not clear, so having someone else post too does help.

  0  
  0  
#8
Options
Re:Omada SDN Controller - SG2428P Switch
2020-10-22 20:56:22

@Rod-IT 

 

I find it is the same thing in Ubiquity Unifi controller plus their AC Pro AP that has a passthru port.

 

In that solution, the VLAN field is not exposed for the AP secondary port,  and the two ports on the AP are bridged and POE is not passed thru. The way I had used that solution in the past was to first set up a management vlan for the AP  under device management (which by the way causes AP to send tagged dhcp request or for management traffic), and then that safeguards to some extent anyone unplugging AP or plugging their laptop and gain access to the management network. Then I use a small managed 5 or 8 port switch to connect the passthru port into. And the downstream ports on that switch can then be set to untagged to whatever you need, as well as dual voice+data vlan on a port for IP phone + PC applications etc. That is the only way you can leverage using this passthru port (unless you want to have regular VLAN 1 / untagged AP VLAN.

  0  
  0  
#9
Options
Re:Omada SDN Controller - SG2428P Switch
2020-10-22 21:23:47

@dpsguard 

 

Thanks for the reply.

 

I think in hindsight, if i knew this before (either if it was clearer or i understood networks better), i might have simply opeted for the 225s and not the 245 (I do have a few of each, but i only got the 245s due to the pass-throguh port).

 

If i knew i was only going to have the same VLAN as the AP and i still needed another cable run or switch the other side of it for other traffic i would have simply run another cable 

 

For clarification this could simply be my lack of network knowledge, i am still in the very early understanding stages - by job i am a server administrator, so only know what i need to from a networking perspective as we have another person who does all the really technical stuff.

 

Teaching myself slowly though and the more i learn the more i understand, so appriciate those of you who have replied guiding me.

  0  
  0  
#10
Options
Re:Omada SDN Controller - SG2428P Switch
2020-10-22 21:31:32

@Rod-IT , I think it is a design flaw. Other (but much expensive) vendors have this option for many years (even from the days of Colubris like 15 plus years ago), this type of solutions (though on the wallplate type of hospitality main use APs) existed. So as R1D2 mentioned, it is failry easy to implement it. That is why they have included port vlan support in the controller, may be in future software upgrade, you will have that option or maybe that is meant for a new AP hardware.

 

Regradless, hardware of 245 is much more capable than 225 and will support much higher speeds than 225 can deliver. I have both. 225 can deliver close to 350Mbps (on a 80MHz 5Ghz channel) and 245 can deliever close to 500Mbps (and that is the limitation then of my Internet service). It will probably deliver higher, but I have not tested it. 

Rod-IT wrote

I have a couple of posts i want to make about issues in SDN - possibly quick fixes, but this topic is about an issue i can't seem to figure out.

 

My setup

 

EAP245V3 (x2) - Connected all under the same WLAN

SG2428P (about 3 days old), configured and connected to Omada SDN - hence the topic being under this category

 

ISP - PfSense (VM) - ESXi - 2 x LAN ports out (non LAG/LACP) - SG2428P

 

Omada SDN controller running on Debian, clean install, no migrated data. All FW and OS versions are the latest.

 

I have posted my question here, though i believe the issue is around configuration of the switch, simply because the switch is managed by Omada, so all guides on the switch configuration itself are not relevant or have not been helpful in me finding a solution.

 

I have read both the Switch manual and the Omada controller manual, though i'll be honest, i may have missed or misunderstood something.

 

 

Do note that all of the above setup was the same previously with the exception of the switch, I've replaced an SG2434P with SG2428P, the configuration otherwise is all the same.

 

 

My issues;

 

1. I can see the switch, all ports and all physically conencted devices, where a name is listed an IP is too and the 'uptime' is stable and counting as it should, however for any VMs on the ESXi host, connected by 2 LAN ports, not LAG/LACP configured, i get a list of mac addresses, but no IP and no host names (I've added some manually) and in the log>events, these connections connect and disconnect constantly, I thought this might be the two NICs, so i disconnected one, the problem persists. Do note, the devices do not physically drop off the network, they do not drop pings either, but they log a disconnection and connection.

 

The PfSense firewall has multiple VLANs and both physical NICS are trunks (in VMware) and all tagged except LAN on the switch. Using the ALL profile

 

 

Nothing disconnects physically and i can always ping VMs, the LAN ports, the host, firewall etc. It's just the disconnection in the events view, it shouldn't be doing this and since i don't drop any pings, i dont know if this is accurate or something i've missed in the switch/Omada configuration. This is affecting all VMs and all VMs will use ports 23 or 24.

 

2. My EAP 245v3, one of them has a pass-through device connected, I've set the LAN port as a different VLAN (but same as one of the SSIDs the AP hosts) - but it never gives the guest an IP on the VLAN it's marked for, it only ever gives an IP from the VLAN the AP is connected to, if this is VLAN1, the pass-through device gets an IP from VLAN1, if this is VLAN30 it gets an IP from VLAN30, even if it's marked to be on VLAN 50 for example.

 

3. Also related and similar to 2. If i put the AP on a different VLAN, such as VLAN30, but also want guests on the SSID to use 30, 40 and 50, again as examples, SSIDs 40 and 50 both work, but 30 fails to get an IP - yet the AP is happily sitting on this VLAN. If i move the AP to VLAN1, all 3 SSIDs work as expected. In the settings of the switch, it says the native VLAN is tagged by default, so VLAN30 should be passing through, but it doesn't seem to. This setup worked on the old switch, just doesn't seem to on the new one.

 

Sorry this is a long post, i hope it all makes sense and i've simply missed something in the configuration - the configuration between my old switch and the Omada managed one is a little different, so it's possible my translation of the configuration isn't 10% accurate.

 

I will post the issues with Omada SDN seperately another time.

 

 

  0  
  0  
#11
Options