Add Redirect VLAN action to Managed Switch ACL policy
Please add the redirect VLAN action in the Managed Switch ACL policy. This feature was available in older switches, as can be seen in the CLI reference:
https://static.tp-link.com/res/down/doc/TL-SG3216(UN)_V2.0_CLI.pdf
Unfortunately, it is not available in the newest switches, which makes some use cases impossible e.g. configuring IPTV with some operators like Orange in Poland.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @phawrylak
Thanks for posting in our business forum.
phawrylak wrote
Hi @Clive_A,
1. I don't think it's possible using Protocol VLAN. Right now, Protocol VLAN only allows the specification of EtherType, which is the same for IPv4 multicast and unicast. This would be possible if it were possible to additionally specify the protocol number (for IPv4 multicast it is 2).
2. Unfortunately, I'm not sure how to use MAC ACL for that - it doesn't have Redirect VLAN action, so still the same issue. If you meant MAC VLAN - I will verify if it works.
It would be really great if you could add possibility to specify Protocol Number in Protocol VLAN and Redirect VLAN action for ACL. This would solve such issues for good.
Correct. Protocol VLAN is not possible. I double-checked. MAC VLAN it is.
Currently, there is only your feedback on adding redirect VLAN back. Not sure if there is other feedback on this. I think this might not be possible to be added to all models yet.
This thread will be kept open to collect more feedback.
To do what you need at this moment, you can use the MAC VLAN or configure the 802.1Q VLAN for the devices that you expect to populate in one VLAN. Configure them in the same VLAN is what you do with the current system.
If you have more to add, please do. Would be more helpful if you could point out the reason why you need to place them in the regular VLAN while expecting to populate only the multicast into another VLAN.
- Copy Link
- Report Inappropriate Content
Hi @phawrylak
Thanks for posting in our business forum.
There is no such a function now. Even the layer 3 SG(X)6000 series does not support it.
Can you show us what you expect to achieve in your network? We'll see if there is an alternative way to do it. Please describe in detail.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A,
Basically I need to be able to have two untagged VLANs (838 and 839) for one port where STB decoder is connected. It should be tagged when sent to port where ONT is connected. Therefore I need ACL rules to tag frames sent from STB to ONT. The logic is pretty simple - tag untagged IGMP traffic with VLAN 839 (802.1p=5) and all other untagged traffic with VLAN 838 (802.1p=4) for frames sent from specific port. I don't see the way to achieve it now with SG3428X-M2. I will be grateful for your suggestions if it's possible to achieve. It's really not so uncommon use case and it's a pity that TP-Link managed switches don't seem to support it (competition like Zyxel does).
- Copy Link
- Report Inappropriate Content
Hi @phawrylak
Thanks for posting in our business forum.
phawrylak wrote
Hi @Clive_A,
Basically I need to be able to have two untagged VLANs (838 and 839) for one port where STB decoder is connected. It should be tagged when sent to port where ONT is connected. Therefore I need ACL rules to tag frames sent from STB to ONT. The logic is pretty simple - tag untagged IGMP traffic with VLAN 839 (802.1p=5) and all other untagged traffic with VLAN 838 (802.1p=4) for frames sent from specific port. I don't see the way to achieve it now with SG3428X-M2. I will be grateful for your suggestions if it's possible to achieve. It's really not so uncommon use case and it's a pity that TP-Link managed switches don't seem to support it (competition like Zyxel does).
OK. No way to work it out now.
Is that okay for you to use MAC VLAN? Test team got an idea on MAC VLAN if you need the multicast on a single VLAN.
Will also report this to the PM as a request for VLAN redirect.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A,
Thanks. Yes, I can use MAC VLAN. I understand that suggestion would be to set VLAN 839 for IPv4 Multicast MAC address range and set 802.1p priority for this VLAN in ACL? This can potentially work - I will check that.
UPDATE:
Unfortunately I don't think it will work as MAC VLAN is based on source, not destination MAC address. I'm just thinking about adding unmanaged switch between ONT and managed switch and connecting switches with two cables instead of one. Then I could potentially use Redirect action in ACL to redirect traffic to specific port that will be then tagged with specific VLAN depending on a port.
- Copy Link
- Report Inappropriate Content
Hi @phawrylak
Thanks for posting in our business forum.
phawrylak wrote
Hi @Clive_A,
Thanks. Yes, I can use MAC VLAN. I understand that suggestion would be to set VLAN 839 for IPv4 Multicast MAC address range and set 802.1p priority for this VLAN in ACL? This can potentially work - I will check that.
UPDATE:
Unfortunately I don't think it will work as MAC VLAN is based on source, not destination MAC address. I'm just thinking about adding unmanaged switch between ONT and managed switch and connecting switches with two cables instead of one. Then I could potentially use Redirect action in ACL to redirect traffic to specific port that will be then tagged with specific VLAN depending on a port.
I discussed this with the team. Here are some points from our discussion:
1. If you want to maintain multicast to populate in one VLAN, protocol VLAN could do it.
2. If you need all multicast populate in one VLAN, MAC ACL.
3. To do what you want, redirect VLAN cannot do both mentioned above.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A,
1. I don't think it's possible using Protocol VLAN. Right now, Protocol VLAN only allows the specification of EtherType, which is the same for IPv4 multicast and unicast. This would be possible if it were possible to additionally specify the protocol number (for IPv4 multicast it is 2).
2. Unfortunately, I'm not sure how to use MAC ACL for that - it doesn't have Redirect VLAN action, so still the same issue. If you meant MAC VLAN - I will verify if it works.
It would be really great if you could add possibility to specify Protocol Number in Protocol VLAN and Redirect VLAN action for ACL. This would solve such issues for good.
- Copy Link
- Report Inappropriate Content
Hi @phawrylak
Thanks for posting in our business forum.
phawrylak wrote
Hi @Clive_A,
1. I don't think it's possible using Protocol VLAN. Right now, Protocol VLAN only allows the specification of EtherType, which is the same for IPv4 multicast and unicast. This would be possible if it were possible to additionally specify the protocol number (for IPv4 multicast it is 2).
2. Unfortunately, I'm not sure how to use MAC ACL for that - it doesn't have Redirect VLAN action, so still the same issue. If you meant MAC VLAN - I will verify if it works.
It would be really great if you could add possibility to specify Protocol Number in Protocol VLAN and Redirect VLAN action for ACL. This would solve such issues for good.
Correct. Protocol VLAN is not possible. I double-checked. MAC VLAN it is.
Currently, there is only your feedback on adding redirect VLAN back. Not sure if there is other feedback on this. I think this might not be possible to be added to all models yet.
This thread will be kept open to collect more feedback.
To do what you need at this moment, you can use the MAC VLAN or configure the 802.1Q VLAN for the devices that you expect to populate in one VLAN. Configure them in the same VLAN is what you do with the current system.
If you have more to add, please do. Would be more helpful if you could point out the reason why you need to place them in the regular VLAN while expecting to populate only the multicast into another VLAN.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 2
Views: 389
Replies: 7