The data sheet for Ubiquiti's TouchSwitch series indiacates VLANs are supported, however, it does not specifically state that the switches are compliant with 802.1Q VLAN. Has anyone successfuly used these switches in their mesh network?
Thanks and 73,
Bob
I have not used one, It looks like the basics may be there. Yes the datasheet doesnt say 802.1q in it however that really is the only type of vlan in active usage on gear like this (the only other type I've heard of is Cisco ISL and I don't see that outside of Cisco gear that often, I'm not even sure how often its really used I know I was trained on it but I haven't worked with it since Cisco courses in highschool)
I see one item that may be an 'annoyance' (with how I deploy my networks) in that you can only set one single "native vlan" (pvid).
On my switches im using each node has its own native vlan on each port (so I can isolate the devices and not have to disable DHCP on each node)
This may not be an issue for you, but is something to be aware of.
Otherwise it APPEARS (having not tested) to support setting vlan 1 to tagged on the ports for the devices and and port 2 tagged on on Ubiquiti ports (all Ubiquiti devices would be on a "trunked" port)
The only issue I see is you will end up with as I mentioned above is all the "LAN" connections for each mesh node are connected together (because of the native vlan) so you will want to disable DHCP on all but one node. You will also want the native vlan to be something like 10, certainly should NOT be 1 because that would combine the untagged lan packets with the "wan" (local existing) network.
** Note: Above is taken by looking at the Switch User Guide and having not actually used the switch in question. If someone has one of them they may be able to comment better
I have one on front of me and just configured it. Yes, there are limitations as noted above.
However, my test configuration has an Internet connection on port 1, a Nanostation on port 2, and the 3 remaining ports as a LAN for the Nanostation - with a laptop on port 3 and AIrCams on ports 4 and 5 powered by the switch. All devices are operating normally and the POE to the cameras cuts down on some cable clutter.
So for 1 node, this works OK.
Edited (deleted) in favor of Randy's screen shot - a picture is worth a lot of words.
Here is one example from a ToughSwitch I have in active use. It is set up to provide ports for 3 AREDN nodes and a WAN Internet connection.
I have used both 5 and 8 port ToughSwitches in many configurations. There is a 5-port switch in a weatherproof box on the roof of the Fair Lawn ARC which connects the 3 nodes for the club.
Port 1,2,3 = Node 1 with 2 LAN ports Port 2 POE is ON
Port 4,5 = Node 2 with 1 LAN port Port 4 POE is ON
Port 6,7 = Node 3 with 1 LAN port Port 6 POE is ON
Port 8 = WAN port for Internet connection
Here is my 5-port/2-node version. Note that (unlike WU2S example), only the ports where I plug in the nodes have been tagged for DtD. I do not have to turn off the DHCP servers on the nodes. Plugging a device into port 2 gets an address from node 1; plugging a device into port 4 gets a (different) address from node 2. Both nodes have access to the WAN which connects to port 5.
I believe I have left the management interface as static on 192.168.1.20. The switch is operating on a different network (not 192.x.x.x). I am having no luck reaching the management interface from the LAN, WAN, or management ports. Any ideas? Perhaps I need to disconnect the WAN (or all ports) and power cycle?
With the VLANs in place it seems the ONLY way to get to the management port was by plugging directly into it. Its as if the management-port-only checkbox was checked. But it is not.
So I did what you did and put the management port on one of the LANs with DHCP. I am actually accessing it through the mesh rather than the WAN, which has a couple of disadvantages. One of them is that it was an https: connection going over the air. That was easy to fix by turning off the secure connection feature. Another is that I am accessing it through a node that is itself being supplied POE from the switch. If I turn off power to that node I can never turn it back on.
I had an idea of plugging a jumper from the management port to a nearby gateway router. Its the same router that supplies the WAN connection so I am not sure if that will form some sort of loop. (I do have RSTP turned on).
= = = =
BTW to find the address of the switch (which was mis-labeled) I finally downloaded a copy of the Ubiquiti discovery tool. https://www.ubnt.com/download/utilities/
Very handy for Ubiquti (OEM firmware) equipment.
When will we have an ARDEN discovery tool?
;-)
Thinking out loud, if the management port is on default vlan 1 and one of the ports on the toughswitch is configured as a WAN port (untagged on vlan 1), then plugged into the other gateway router for internet (or other network) access, then the touchswitch should received an IP address from your wan dhcp (and so would the mesh node if vlan 1 is tagged going to the mesh nodes). A mesh device can access the admin console wan IP address as long as the default route takes it to the right mesh gateway on this toughswitch. (and if your wan router has a hostname resolution setup, it would also be known by hostname on the mesh.)
I was trying to access a statically-assigned management port IP from the WAN side of the switch. It did not work on the bench. Of course, under that condition, the WAN port actually has no address. Maybe that was the problem. When connected to the router, it would get an address assignment. But in my case, that address would be on a different network than the static one previously assigned by me. Oh what a tangled web we weave ....
Thanks, Joe - this thread was very helpful. I enabled the watchdog to bounce my PowerBeam M5-400. Warning about bricking it on firmware upload made me set it to 60 second ping interval with 10 retries. Does this seem overly conservative?
LAN 2-3 are empty. I must need a camera and a Pi3.
Reading the thread here there are different ideas on the management VLAN assignments so I am wondering if I need to alter from the VLAN11 which seems most popular in the illustrations. Is there a best practice that facilitates remote access to a switch providing the DTD link to several nodes at a site?
Keith