Omada SDN Controller - SG2428P Switch
I have a couple of posts i want to make about issues in SDN - possibly quick fixes, but this topic is about an issue i can't seem to figure out.
My setup
EAP245V3 (x2) - Connected all under the same WLAN
SG2428P (about 3 days old), configured and connected to Omada SDN - hence the topic being under this category
ISP - PfSense (VM) - ESXi - 2 x LAN ports out (non LAG/LACP) - SG2428P
Omada SDN controller running on Debian, clean install, no migrated data. All FW and OS versions are the latest.
I have posted my question here, though i believe the issue is around configuration of the switch, simply because the switch is managed by Omada, so all guides on the switch configuration itself are not relevant or have not been helpful in me finding a solution.
I have read both the Switch manual and the Omada controller manual, though i'll be honest, i may have missed or misunderstood something.
Do note that all of the above setup was the same previously with the exception of the switch, I've replaced an SG2434P with SG2428P, the configuration otherwise is all the same.
My issues;
1. I can see the switch, all ports and all physically conencted devices, where a name is listed an IP is too and the 'uptime' is stable and counting as it should, however for any VMs on the ESXi host, connected by 2 LAN ports, not LAG/LACP configured, i get a list of mac addresses, but no IP and no host names (I've added some manually) and in the log>events, these connections connect and disconnect constantly, I thought this might be the two NICs, so i disconnected one, the problem persists. Do note, the devices do not physically drop off the network, they do not drop pings either, but they log a disconnection and connection.
The PfSense firewall has multiple VLANs and both physical NICS are trunks (in VMware) and all tagged except LAN on the switch. Using the ALL profile
Nothing disconnects physically and i can always ping VMs, the LAN ports, the host, firewall etc. It's just the disconnection in the events view, it shouldn't be doing this and since i don't drop any pings, i dont know if this is accurate or something i've missed in the switch/Omada configuration. This is affecting all VMs and all VMs will use ports 23 or 24.
2. My EAP 245v3, one of them has a pass-through device connected, I've set the LAN port as a different VLAN (but same as one of the SSIDs the AP hosts) - but it never gives the guest an IP on the VLAN it's marked for, it only ever gives an IP from the VLAN the AP is connected to, if this is VLAN1, the pass-through device gets an IP from VLAN1, if this is VLAN30 it gets an IP from VLAN30, even if it's marked to be on VLAN 50 for example.
3. Also related and similar to 2. If i put the AP on a different VLAN, such as VLAN30, but also want guests on the SSID to use 30, 40 and 50, again as examples, SSIDs 40 and 50 both work, but 30 fails to get an IP - yet the AP is happily sitting on this VLAN. If i move the AP to VLAN1, all 3 SSIDs work as expected. In the settings of the switch, it says the native VLAN is tagged by default, so VLAN30 should be passing through, but it doesn't seem to. This setup worked on the old switch, just doesn't seem to on the new one.
Sorry this is a long post, i hope it all makes sense and i've simply missed something in the configuration - the configuration between my old switch and the Omada managed one is a little different, so it's possible my translation of the configuration isn't 10% accurate.
I will post the issues with Omada SDN seperately another time.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I dont think it is enterprise, That is just the label. It is for Small business use case or for advanced home use. Price point tells us that. Enterprise gear will be 5 to 10 times more.
Wi-Fi 6 / 802.11ax is more for density than speed. You may see in home use case, 20% improvement, not more. Dont go with marketing. EAP245 is a good investment for next 3 to 5 years.
Consider 1Gig fiber service at homes, that really is ultimately shared by up to 512 other customers to then uplink to a common 5Gbps to 10Gbps circuit that connects into a CO core. Compare that with a commercial dedicated business grade 1Gig service that costs you 10 to 15 times more.
Since home 1Gig services are shared, you only use that when you do a speed test. If you will measure your average use of a typical 1Gig home subscriber, you may find that it will be like 10Mbps only (you need to use something like cacti / MRTG/ Zabbix to test yourself, dont go with anyone telling you or you read about). So if today, your average speed needs are 10Mbps, in 5 years, even if they grow to 100Mbps, EAP245 will still deliver it.
I have very good experience in University Campus and dorms environment and if a 500 student dorm at peak night time before pandemic hit, was only using 400Mbps total, each student allowed to use up to 100Mbps speeds, and no one complaining, what does that tell you? of course the dedicated bandwidth 1Gbps circuit used are like 100 lane higway compared to 2 lane highway (for home 1Gig service highway).
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Rod-IT , I understand and I also was not aware that second port on the EAP245 was a simple bridged one. I assumed just like you did. Then I realized that Tplink is just following Unifi products and trying to fill the exact same need at simply better pricing. In the process, some of developers and engineer at Tplink have implemented exact same specs and almost similar designs.
EAP245 should not be an issue with 100 devices even. But I agree, all your needs could have been met with 225. I myself have not tested if performance of 2.4 band is magically better in Wi-Fi 6. But even in the interfered environment today, with 10 of my own home devices (like printer, smartwatches, couple of older phones that only support 2.4Ghz and two older desktops with a card that is 2.4GHz), I have not seen any issues even with High def streaming). So I have not thought of trying Wi-Fi 6 so far. I only have two clients / a phone and a laptop that could benefot from using Wi-Fi 6, but never felt I needed any improvement for these devices.
Anyway, let us hope sometime early next year, Tplink will have another upgrade that will help make use of secondary port to a programmble VLAN. For your home use case, you can still use it as you may not need to put it into a different vlan than the AP vlan itself. The Wifi networks though can be put into any VLAns that you need and you can add isolation by simple things like Guest network feature and at more granular level by leveraging EAP ACL feature.
I have 2428P that I am now testing for LAG (server teaming / bundling and for resilient uplinks) as well as use with copper SFPs to make use of couple of unused SFP ports. Good luck learning. Feel free to post any questions. We are fortunate to have a very helpful soul here @R1D2 who will generally chime in regularly to share his knowledge and experirnce.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I believe they have just added support for the switch and the gateway (routers) and many things I have seen not work or show as they show for APs. So these are the bugs and they will take couple of revisions to get resolved. remember SDN controller 4.1.5 is the first release for any switch or router. Previous ones only supported APs.
- Copy Link
- Report Inappropriate Content
I agree, but the switch would have been tested in-house and with the SDN, since that's it's unique selling point.
Basics like being able to see the traffic shouldn't be a glitch, being able to see devices connected to multiple ports or on VM hosts should be fairly simple too and while i can see them, the switch reports they are disconnecting - when they are not, i can't see traffic totals for VMs, i can't see their device names or IPs.
I accept this is the first release of the switch and the SDN controller, but these are basic things, my setup is not an unusual one, but i am happy to help, provide logs, show screenshots etc in order to help make this better.
I wouldn't be so quick to adopt new technologies if i couldn't put up with a glitch here and there.
If you need anything specific from me, from the switch, the controller (Debian based VM) the APs or additional screenshots or need me to run specific commands to assist you with understanding what is happening - please, feel free to ask, i am more than happy to work with you and the team to solve any bugs and figure out what is going on in my situation.
None of the above are impacting me or my network directly, so nothing is urgent either. I want to make that clear, i am by no means complaining.
- Copy Link
- Report Inappropriate Content
@Rod-IT, I'm not familiar with ESXi VMs, but did you try to search the web for »ESXi VM loses network connectivity«? Lots of results appear for this search term ... including seeing IPs from the guest system or other VMs, but not from outside.
- Copy Link
- Report Inappropriate Content
Thanks for your reply @R1D2
This isnt a VMware / ESXi issue, the VMs themselves do not physically disconnect, the switch claims they disconnect - but of course they are not directly connected to the switch, but virtual NICs connected to physical NICs.
I am not facing an issue here, i want to be clear about that, if this was a VMware issue i'd be right on it.
I can have a ping run all day against any of the VMs, the host or the gateway and it does not drop
Any device hardwired to the switch show stable conenctions and uptime according to the device, it's hostname and IP where available, but the VMs only show a MAC address, so i've manually added hostnames to some of them, i never see an IP and the host name is never resolved, but the switch will show them disconnecting and reconnecting - like a client roaming between APs.
To be fair, this could have also been the behaviour with the old switch but i had no visual of this and it was one reason i wanted an SDN compatible switch - everything is (or should be) visible in one place.
I have a feeling its related to the physical NICs of the ESXi host sending multiple mac addresses to the switch that is causing this, simillarly to how NLB would work and I've known in work the network guy has had to do something at the switch end, i believe to do with multicast mac addressing - i'm purely guessing here, but could this be it?
Any VM could pass any NIC and will likely use whichever is least in use, this is why i am wondering about multicast/unicast and multiple macs.
Is there any further logs that might help diagnose?
Given that nothing actually disconnects or goes offline, i believe this is more software/configuration related than hardware or the VMs themselves.
Obviously this is not a show stopper, but it does make me wonder.
- Copy Link
- Report Inappropriate Content
Rod-IT wrote
Any device hardwired to the switch show stable conenctions and uptime according to the device, it's hostname and IP where available, but the VMs only show a MAC address, so i've manually added hostnames to some of them, i never see an IP and the host name is never resolved, but the switch will show them disconnecting and reconnecting - like a client roaming between APs.
Without source code it's difficult to say what SDN Controller uses to recognize non-SDN devices. Could be arp table entries as a last resort. Then, when entries expire, the correspoding MAC will go away in the switch's table until traffic to this device occurs again.
My router shows connected devices with static IPs this way and they always disappear when idle for some time.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 5609
Replies: 29
Voters 0
No one has voted for it yet.