Best way to manage switch from wireless (Bridging or a remote PC)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Best way to manage switch from wireless (Bridging or a remote PC)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Best way to manage switch from wireless (Bridging or a remote PC)
Best way to manage switch from wireless (Bridging or a remote PC)
2023-11-13 18:13:39 - last edited 2023-11-16 20:27:21
Model: EAP610-Outdoor  
Hardware Version: V1
Firmware Version: 1.2.0 Build 20230509 Rel. 67330

I'm looking for advice on the best way to manage a remote PoE switch on an Omada SDN network. Currently I have 12 access points (varios EAP models) and an all tp-link setup with ER605 firewall/router, OC300 controller, 2 TP-link managed PoE switches (wired) all setup on a mesh network which is working fine. However, I have one building where I have an unmanaged PoE switch connected to 5 access points and currently I have no way of managing those ports (need to reboot once in a while with adoption loops, etc.). I can't run a hard wire between the locations so I'd like advice on the best scenario.

 

Based on my thoughts I can go 3 ways:

 

1. Get two more access points (outdoor) and create a bridge to a new managed PoE switch in the remote closet. What I don't want to do is force all the mesh traffic through that bridge though and lose performance, I want mesh to still do it's job. My real goal is to just be able to manage the switch and recycle ports when needed - it is not a requirement that it be part of the Omada SDN, it can be stand alone.

 

2. Buy a throw away PC on the cheap, add it to the wireless network and connect it to the switch directly and use it to remotely manage the switch (jump box type setup). This satisfies the requirement but isn't as elegant.

 

3. Buy a smart outlet (like Kasa or Wyze) and just recycle the whole PoE switch when I need a port restarted - this is sloppy and very brute force but would do the job but would interfere with some residents.

 

Advice or thoughts on this?

  0      
  0      
#1
Options
1 Accepted Solution
Re:Best way to manage switch from wireless (Bridging or a remote PC)-Solution
2023-11-13 20:23:29 - last edited 2023-11-16 20:27:21

  @OrangeStreet 

 

Ok, you said you cannot run a wire to the remote unmanaged switch location.  So it sounds like at least 1 of the 5 APs hanging off the switch is meshed back to a wired AP hanging off one of your two wired switches.  This scenario is fine, as long as there is only 1 meshable AP attached to the unmanaged switch OR your switch is setup to isolate all the ports from each other (acts like a POE injector only).  Otherwise, you are setting yourself up for exactly the kind of problem you are experiencing.

 

The problem is that the ethernet port of a meshing AP appears to be on the same layer2 switch as the upstream AP

 

Switch----(root)AP  ))*((  (mesh)AP---(child)AP   [where --- is a wired connection]

 

In the above case, the child AP will appear to be connected to Switch, now if we extend that architecture to add a switch

 

Switch1----(root)AP  ))*((  (mesh)AP---Switch2---(child)APs[1..5]   

 

Then all the child APs will appear as though they are on Switch1, and all traffic on those APs will transit across the sole (root)<->(mesh) link.

 

Now if the (child) APs are power by POE injectors instead of something that causes an Ethernet link to show as active, then they have the ability to also mesh back to one of the APs hardwired to Switch1 increasing the available capacity around the remote building.  You could probably emulate this by just wiring the POE pairs and leaving TX and RX unwired (good enough for POE, not POE+ device which use all 4 pairs).

 

That should be enough info to come back with exactly what your architecture looks like and how ideally you'd like it work.

 

 

<< Paying it forward, one juicy problem at a time... >>
Recommended Solution
  0  
  0  
#2
Options
5 Reply
Re:Best way to manage switch from wireless (Bridging or a remote PC)-Solution
2023-11-13 20:23:29 - last edited 2023-11-16 20:27:21

  @OrangeStreet 

 

Ok, you said you cannot run a wire to the remote unmanaged switch location.  So it sounds like at least 1 of the 5 APs hanging off the switch is meshed back to a wired AP hanging off one of your two wired switches.  This scenario is fine, as long as there is only 1 meshable AP attached to the unmanaged switch OR your switch is setup to isolate all the ports from each other (acts like a POE injector only).  Otherwise, you are setting yourself up for exactly the kind of problem you are experiencing.

 

The problem is that the ethernet port of a meshing AP appears to be on the same layer2 switch as the upstream AP

 

Switch----(root)AP  ))*((  (mesh)AP---(child)AP   [where --- is a wired connection]

 

In the above case, the child AP will appear to be connected to Switch, now if we extend that architecture to add a switch

 

Switch1----(root)AP  ))*((  (mesh)AP---Switch2---(child)APs[1..5]   

 

Then all the child APs will appear as though they are on Switch1, and all traffic on those APs will transit across the sole (root)<->(mesh) link.

 

Now if the (child) APs are power by POE injectors instead of something that causes an Ethernet link to show as active, then they have the ability to also mesh back to one of the APs hardwired to Switch1 increasing the available capacity around the remote building.  You could probably emulate this by just wiring the POE pairs and leaving TX and RX unwired (good enough for POE, not POE+ device which use all 4 pairs).

 

That should be enough info to come back with exactly what your architecture looks like and how ideally you'd like it work.

 

 

<< Paying it forward, one juicy problem at a time... >>
Recommended Solution
  0  
  0  
#2
Options
Re:Best way to manage switch from wireless (Bridging or a remote PC)
2023-11-14 15:22:16 - last edited 2023-11-14 15:23:49

@d0ugmac1

 

So in your second diagram with switch 2 - can that switch be an Omada SDN device and managed by my OC300 from the switch 1 side or will it have to be stand-alone? I thought a bridge was necessary to connect two LAN segments but maybe mesh can do that? If that is the case then I can manage the power at the port level and setup port isolation as you have suggested.

  0  
  0  
#3
Options
Re:Best way to manage switch from wireless (Bridging or a remote PC)
2023-11-14 15:33:28

  @OrangeStreet 

 

Yes, Switch2 can (and probably should be) omada managed, making remote resets of APs pretty easy via POE port control.

Mesh is effectively a bridge (like both root and child AP are attached to the same logical L2 switch)

 

The question still remains what happens with an AP that can 'see' valid ethernet link attached to it's ethernet port.  Will it endlessly reboot waiting for a DHCP packet, or will it give up and try to mesh instead...my experience has been that a valid ethernet link (not necessarily with any packets) will prevent meshing.  So in order to bypass that, you'll need to 'break' the ethernet link so the AP cannot detect a valid link being 'up'.  The reason you might want to do this is to allow those 'powered but not connected' APs to actually mesh back to a different wired AP thus reducing the load on the single root AP and 5.8G channel currently being used.

 

For performance reasons you may choose to allow 1 or 2 of the 5 remote powered APs to actually be bridged though the local switch.  The reason for this is that would allow you to use force a fixed and different 5.8Ghz frequency on those APs, which would greatly increase the user utilization of 5.8G channels around that location and should improve performance/client experience.

 

There you go...some potential performance enhancements. :)

 

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#4
Options
Re:Best way to manage switch from wireless (Bridging or a remote PC)
2023-11-14 16:00:05 - last edited 2023-11-14 16:03:43

@d0ugmac1 From my reading when you enable port isolation in a port profile the setting won't allow isolated ports to communicate with each other but if I leave a few ports non-insolated then those isolated ports can still communicate with the non-isolated ports - which seems to defeat the benefit of your explanation of performance enhancements. It almost seems like you must isolate them all or "break" the tx/rx wires as you suggested - which I'm not a fan of. Thoughts? Maybe use port isolation in combination with a separate VLAN that nothing else can get to for those 2 that I'd bridge?

  0  
  0  
#5
Options
Re:Best way to manage switch from wireless (Bridging or a remote PC)
2023-11-14 17:07:30

  @OrangeStreet 

 

port isolation only breaks broadcast traffic, the actual ethernet physical link is very much alive and well.  Not a solution unfortunately.

 

I understand not wanting to mess with perfectly good cables, the alternative is POE injectors which are unmanaged and at least $20/ea.  So maybe add a short patch device in-between, and clip the signal connection there?

 

 

 

Or honestly, if you can't get the cover off to cut the circuit traces for pins1/2, just mangle the pins directly in the connector (pull them back and break them off).  You want to get pins 1/2 and not 7/8, the former kills data, the latter kills POE :)

 

 

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#6
Options