Hello,
Before asking my question, I would like to introduce myself.
My name is Santiago and I live in Colombia.
I have a rb493ah
And I want to do the following.
wan port is eth1.
I want to set another port on the switch (eg ether6) to bypass routerboard nat and rules.
My provider gives me different public ip and I directly assign an address to a specific computer.
I tried to configure the port as a master, but I get an error because ether1 is on a different chip from the rest.
In rb2011 I can do it without problems since ether 1,2,3,4 and 5 are on the same chip.
I tried to do also creating a bridge and putting the two interfaces} (ether 1 and 6)
But I lose the link with the CPE of my ISP.
Any ideas on this?
Best regards,
Santiago.
Re: wan bridge
Using CPU bridge for your situation is probably a bad idea. The direct-to-ISP computer/router will be burning up your CPU cycles whenever it uses the Internet, even though you're not acting as firewall for it. (I'll explain later)
But to do what you're looking to do....
If you add/remove slave ports with the switch chip, then the only change is a layer2 change so that's all you need to do. That's why this was easy for you. If you take a port and re-assign it to a bridge, then you're converting a layer3 port into a layer2 port, so you'll need to move all of its IP configurations onto the bridge interface. If your WAN type is pppoe then this is going to be an easy move - just change the interface that pppoe client uses - change it from ether1 to wan-bridge and put ports 1 and 6 on the wan-bridge. Otherwise, you're going to need to move the IP address or dhcp client onto bridge1, and then go through your firewall rules - filter, nat, and mangle - and change any references of ether1 to use wan-bridge instead. (the rules that need to be fixed will most likely be red and easily spotted)
CPU bridge vs master/slave switch port
The switch master/slave configuration uses a dedicated switch controller chip to move ethernet frames between the ports. It can do this at wire speed, and it won't take up any CPU cycles. The bridge interface, however, is a CPU-driven bridge, so any traffic that moves between the bridged ports will use your CPU cycles. So if a host on ether2 is talking to a host on ether1 - and doing it via the bridge (and not via the switch) then you're not going to even be able to reach gigabit speeds for this connection before the CPU hits 100%. If the traffic uses small packets it's even worse.
On the 2011 models, ether1-ether5 are connected to switch1, and ether6-ether10 are connected to switch2, so in order to give a layer2 connection between these two different switches, a cpu bridge is required. I recommend putting the pass-through host on switch1 along with the ISP connection so you don't have to do this. Not only will it eliminate wasted CPU burden, it will also eliminate subtle things like possible bufferbloat due to the fact that a 100Mbps port is talking to a 1Gbps port.
But to do what you're looking to do....
If you add/remove slave ports with the switch chip, then the only change is a layer2 change so that's all you need to do. That's why this was easy for you. If you take a port and re-assign it to a bridge, then you're converting a layer3 port into a layer2 port, so you'll need to move all of its IP configurations onto the bridge interface. If your WAN type is pppoe then this is going to be an easy move - just change the interface that pppoe client uses - change it from ether1 to wan-bridge and put ports 1 and 6 on the wan-bridge. Otherwise, you're going to need to move the IP address or dhcp client onto bridge1, and then go through your firewall rules - filter, nat, and mangle - and change any references of ether1 to use wan-bridge instead. (the rules that need to be fixed will most likely be red and easily spotted)
CPU bridge vs master/slave switch port
The switch master/slave configuration uses a dedicated switch controller chip to move ethernet frames between the ports. It can do this at wire speed, and it won't take up any CPU cycles. The bridge interface, however, is a CPU-driven bridge, so any traffic that moves between the bridged ports will use your CPU cycles. So if a host on ether2 is talking to a host on ether1 - and doing it via the bridge (and not via the switch) then you're not going to even be able to reach gigabit speeds for this connection before the CPU hits 100%. If the traffic uses small packets it's even worse.
On the 2011 models, ether1-ether5 are connected to switch1, and ether6-ether10 are connected to switch2, so in order to give a layer2 connection between these two different switches, a cpu bridge is required. I recommend putting the pass-through host on switch1 along with the ISP connection so you don't have to do this. Not only will it eliminate wasted CPU burden, it will also eliminate subtle things like possible bufferbloat due to the fact that a 100Mbps port is talking to a 1Gbps port.
Re: wan bridge
Hello,
Thank you very much for your answer.
It would be better to use a master port, But I can not do it because ether1 is in another chip.
When I put ether 1 and 6 on a bridge Lost the ethernet link with ISP CPE.
ARP can be causing this?
Any other ideas for This configuration
with the rb493ah?
Best regards,
Santiago.
Thank you very much for your answer.
It would be better to use a master port, But I can not do it because ether1 is in another chip.
When I put ether 1 and 6 on a bridge Lost the ethernet link with ISP CPE.
ARP can be causing this?
Any other ideas for This configuration
with the rb493ah?
Best regards,
Santiago.
Re: wan bridge
Check that bridge admin mac address, and set it to ether1 MAC, it could be the CPE rejecting a different MAC.