01-19-2018 11:35 AM
I know the EP-R6 is a router and not a switch, but I love the form factor so I'd like to use it as a switch. However, I need to be able to isolate ports from one another ala Cisco's and EdgeSwitch's protected ports.
Is this possible? From what I can see, there's nothing in the switch config that allows for this. Per https://help.ubnt.com/hc/en-us/articles/115006567467-EdgeRouter-Hardware-Offloading-Explained I know bridges are hardware accelerated. Could those be used instead?
01-19-2018 02:23 PM
Turns out you can use ebtables (https://serverfault.com/questions/388544/is-it-possible-to-enable-port-isolation-on-linux-bridges#38...) with bridges and hwnat enabled and it still works at line rate!
Only problem now is how to configure these en masse since I'm having this issue removing the IP from eth0 while trying to add it to br0 in one swoop: https://community.ubnt.com/t5/EdgeMAX/how-to-bridge-eth2-to-eth0/td-p/861126
01-19-2018 03:34 PM
Was able to figure this out too!
Had to muck around with command order, but:
set system offload hwnat enable # For hardware that supports it
set interfaces bridge br0 address 192.168.1.1/24
delete interfaces ethernet eth0 address 192.168.1.1/24
edit interfaces ethernet eth0
set bridge-group bridge br0
set interfaces ethernet eth1 bridge-group bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces ethernet eth3 bridge-group bridge br0
set interfaces ethernet eth4 bridge-group bridge br0
set interfaces ethernet eth5 bridge-group bridge br0
ebtables lines can be added to an executable script in /config/scripts/post-config.d/ to persist after reboot.