I was curious.. I have access points from ubiquiti that will be connecting to the network on a vlan but the vlan will be untagged on the ports.. so I was wondering if there were maybe bridge filter rules that would drop all over the devices that dont match like the first 3 sets of the Mac address of the APs. in this case the vlan is 100 and the ports are untagged.. of course I want this to only happen on vlan 100 because I have other vlans passing over the wifi.
I know I feel like really I should probably just change the network management vlan on the aps to 100 and leave the ports as admit-only-vlan-tagged.
But I have like 50 switches already flashed-figged with a config where the ports are untagged.. and I was hoping to be able to maybe just drops rules in and see if they work. Seems like something id want to be able to learn how to do anyways..
I was wondering if this disabled HW offload on the CRS3XX switches. all switches are CRS318's at the moment with the exception of a few CSS's
Does this rule here make sense ?
Thank you.. (admittedly while writing this post.. just thought about the p2ps as well that I connect over that vlan, just probably more of a hassle keeping all the Mac-addresses updated in the rules) but I digress.. my interest in trying to do this is still alive and well.. might not be the best solution for this.. but I think In learning this.. ill be able to apply some aspects of this to other things..
I know I feel like really I should probably just change the network management vlan on the aps to 100 and leave the ports as admit-only-vlan-tagged.
But I have like 50 switches already flashed-figged with a config where the ports are untagged.. and I was hoping to be able to maybe just drops rules in and see if they work. Seems like something id want to be able to learn how to do anyways..
I was wondering if this disabled HW offload on the CRS3XX switches. all switches are CRS318's at the moment with the exception of a few CSS's
Code:
/interface bridge filter add action=accept chain=forward mac-protocol=ip src-mac-address=74:AC:B9:00:00:00/FF:FF:FF:00:00:00 in-interface=vlan100/interface bridge filter add action=drop chain=forward mac-protocol=ip in-interface=vlan100Thank you.. (admittedly while writing this post.. just thought about the p2ps as well that I connect over that vlan, just probably more of a hassle keeping all the Mac-addresses updated in the rules) but I digress.. my interest in trying to do this is still alive and well.. might not be the best solution for this.. but I think In learning this.. ill be able to apply some aspects of this to other things..
Statistics: Posted by joshhboss — Sun Feb 04, 2024 2:49 am