SG2100 WAN+OPT ports with identical external VLAN tags
-
I want to create a second WAN interface for redundancy (failover). For this I have to create an additional discrete port using an internal VLAN configuration.
My ISPs need PPPoE with a VLAN tag. So currently my PPPoE uses a VLAN created on mvneta0, which is forwarded transparently through the internal switch in "port VLAN" mode.
To create discrete ports, I have to use internal VLANs. How could this coexist with externally needed VLANs? Both WAN interfaces would use the same VLAN. Would those be VLANs on VLANs (internally)? Is this possible? Would this have any impact on performance / max. packet length?
Thanks! -
@Stefanix Perhaps I am completely misunderstanding your thinking here... Are you saying that you want to use two WAN ports to connect to the same ISP network termination, (via a switch or something)? Or perhaps just to manually switch over should the first one fail?
Unless your ISP provides some form of redundancy towards you, in the form of two fibers or cables/wires, each one connected to discrete ports or routers at their end, I can't see any reason for such a setup...?!
And it would anyway seem extremely unlikely that any of your ports on the 2100 should fail at all! And if you were to add a switch, that would inevitably ADD another point of failure of course.
I'm thinking that a failure on the 2100 would more likely be related to something you might do in the setup, or perhaps a power failure. Always a goode idea to keep a backup of your config, especially when experimenting. And perhaps also a good idea to have a secondary firewall at hand that is all configured and ready to power up.
But if you really want to safeguard your WAN connection, perhaps you should look for the more common failover setup with two different ISP's. I have a secondary WAN connected to an LTE router as my failover for example...
-
@Gblenn, thanks for your thoughts!
The goal is to use two ISPs. Initially its DSL plus fiber, later I might use LTE/5G as backup. -
@Stefanix Aha ok, I guess I got confused by your mentioning of VLAN on the WAN side, which I relate to PPPoE. But if your second ISP is LTE/5G it's going to be DHCP and I'm guessing it may be the same with fiber...
-
@Gblenn Right, it is a bit strange in Germany. German Telekom is using PPPoE on both access types, DSL and fiber. And you have to use VLAN 7.
-
@Stefanix Well, I guess once you get fiber it's likely you will ditch your DSL, right? And then it makes more sense to use LTE/5G as failover anyway... which for sure doesn't use PPPoE even in Germany...
-
@Gblenn That’s right, will ditch DSL after a transition phase. This dual WAN setup (DSL/fiber) is meant to compare and test both access types. It has a more experimental character. If this is possible. I mean on both WAN ports VLAN 7.
-
I am not really that familiar with the 2100, but my undertanding is that the VLAN ID's used internally for the switch, are only internal to the switch unless you tell it otherwise.
So you can use e.g. VLAN 4081 for WAN and 4082 for OPT1 and that will maintain them separated in the switch. Then in the interface setting you just repeat what you already did for your WAN connection earlier. And since they are separated you are free to reuse the same VLAN ID 7 without any conflicts....