Highlighted
Emerging Member
Posts: 75
Registered: ‎03-31-2014
Kudos: 12
Solutions: 2
Accepted Solution

Tag all traffic on Eth3

[ Edited ]

Sorry if this is covered somewhere else - but I've got brain freeze.

I have a unifi AP with a particular SSID tagging all traffic with vlan101 - this AP runs into a vitrtual switch across Eth ports 4 and 5 on an edgerouterPOE. I have a device connected directly to port eth3 that I want to participate on vlan101 only.

The idea being that eth3 is exclusive for a deivce on vlan101, and only devices connecting to a specific SSID can see it (and wont see anything else on the switch).

I dont think that Eth3 needs to be in the switch because it doesnt need to see any of the other traffic - but how do I tag all traffic on Eth3 for vlan101? If I create a Vlan through the UI it creates the eth3.101 sub interface, so I'm wondering if its something I need to do from the command line?

Thanks in advance for any advice to a n00b ;-)


Accepted Solutions
Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 386
Solutions: 40

Re: Tag all traffic on Eth3

[ Edited ]

No sweat.  put all your traffic on the trunk(s) between the EdgeRouter and the switch.  Breakout the networks onto the ports you need them on via the layer 2 management on the switch.  Use the router for routing and firewalling between the networks on the trunk.

Here are some examples:

interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        speed auto
    }
    ethernet eth1 {
        description "DMZ SUBNETS"
        duplex auto
        speed auto
        vif 130 {
            address 10.112.130.1/24
            description Public_Servers
            mtu 1500
        }
        vif 160 {
            address 10.112.160.1/24
            description BCF_Guest
            mtu 1500
        }
    }
    ethernet eth2 {
        description "LAN SUBNETS"
        duplex auto
        speed auto
        vif 20 {
            address 10.10.20.1/24
            description BCF_Home
            mtu 1500
        }
        vif 30 {
            address 10.10.30.1/24
            description BCF_Servers
            mtu 1500
        }
        vif 40 {
            address 10.10.40.1/24
            description BCF_VOIP
            mtu 1500
        }
        vif 50 {
            address 10.10.50.1/24
            description BCF_CCTV
            mtu 1500
        }
        vif 60 {
            address 10.10.60.1/24
            description BCF_Wrls
            mtu 1500
        }
        vif 99 {
            address 10.10.99.1/24
            description BCF_Mgmt
            mtu 1500
        }
    }
}

 As you can see, I have 2 sepperate networks on eth1 and 6 different networks on eth2.  The following pic is from my switch and shows the trunks and VLAN breakout per port.  Gi0/1 & Gi0/2 connect to eth1 & eth2 respectively on my ERL.

View solution in original post

Switch Ports.png

All Replies
Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 386
Solutions: 40

Re: Tag all traffic on Eth3

This is an operation which is performed on a layer 2 switch.  Routers operate at layer 3 which is routing between networks.  Buy a toughswitch and use that for your layer 2 functions.

Emerging Member
Posts: 75
Registered: ‎03-31-2014
Kudos: 12
Solutions: 2

Re: Tag all traffic on Eth3

Understood - thanks. I'll front end it with a switch to tag the traffic. I guess I was pushing that 'switch' feature across the ports a little too far ;-)

Thanks for clarifying.
Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 386
Solutions: 40

Re: Tag all traffic on Eth3

[ Edited ]

No sweat.  put all your traffic on the trunk(s) between the EdgeRouter and the switch.  Breakout the networks onto the ports you need them on via the layer 2 management on the switch.  Use the router for routing and firewalling between the networks on the trunk.

Here are some examples:

interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        speed auto
    }
    ethernet eth1 {
        description "DMZ SUBNETS"
        duplex auto
        speed auto
        vif 130 {
            address 10.112.130.1/24
            description Public_Servers
            mtu 1500
        }
        vif 160 {
            address 10.112.160.1/24
            description BCF_Guest
            mtu 1500
        }
    }
    ethernet eth2 {
        description "LAN SUBNETS"
        duplex auto
        speed auto
        vif 20 {
            address 10.10.20.1/24
            description BCF_Home
            mtu 1500
        }
        vif 30 {
            address 10.10.30.1/24
            description BCF_Servers
            mtu 1500
        }
        vif 40 {
            address 10.10.40.1/24
            description BCF_VOIP
            mtu 1500
        }
        vif 50 {
            address 10.10.50.1/24
            description BCF_CCTV
            mtu 1500
        }
        vif 60 {
            address 10.10.60.1/24
            description BCF_Wrls
            mtu 1500
        }
        vif 99 {
            address 10.10.99.1/24
            description BCF_Mgmt
            mtu 1500
        }
    }
}

 As you can see, I have 2 sepperate networks on eth1 and 6 different networks on eth2.  The following pic is from my switch and shows the trunks and VLAN breakout per port.  Gi0/1 & Gi0/2 connect to eth1 & eth2 respectively on my ERL.

Switch Ports.png