Reply
Emerging Member
Posts: 63
Registered: ‎02-02-2015
Kudos: 20

Port Isolation on EdgePoint R6

I know the EP-R6 is a router and not a switch, but I love the form factor so I'd like to use it as a switch. However, I need to be able to isolate ports from one another ala Cisco's and EdgeSwitch's protected ports.

Is this possible? From what I can see, there's nothing in the switch config that allows for this. Per https://help.ubnt.com/hc/en-us/articles/115006567467-EdgeRouter-Hardware-Offloading-Explained I know bridges are hardware accelerated. Could those be used instead?

Emerging Member
Posts: 63
Registered: ‎02-02-2015
Kudos: 20

Re: Port Isolation on EdgePoint R6

Good news!

Turns out you can use ebtables (https://serverfault.com/questions/388544/is-it-possible-to-enable-port-isolation-on-linux-bridges#38...) with bridges and hwnat enabled and it still works at line rate!

Only problem now is how to configure these en masse since I'm having this issue removing the IP from eth0 while trying to add it to br0 in one swoop: https://community.ubnt.com/t5/EdgeMAX/how-to-bridge-eth2-to-eth0/td-p/861126

Highlighted
Emerging Member
Posts: 63
Registered: ‎02-02-2015
Kudos: 20

Re: Port Isolation on EdgePoint R6

Was able to figure this out too!

Had to muck around with command order, but:

 

configure
set system offload hwnat enable # For hardware that supports it
set interfaces bridge br0 address 192.168.1.1/24
delete interfaces ethernet eth0 address 192.168.1.1/24
edit interfaces ethernet eth0
set bridge-group bridge br0
commit
exit
set interfaces ethernet eth1 bridge-group bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces ethernet eth3 bridge-group bridge br0
set interfaces ethernet eth4 bridge-group bridge br0
set interfaces ethernet eth5 bridge-group bridge br0
commit
save
exit

 

ebtables lines can be added to an executable script in /config/scripts/post-config.d/ to persist after reboot.

Reply