Remote L2 management of Evolution via Web GUI
Last updated
Last updated
Astra Wireless units use proprietary protocol MINT above Layer 2 and lower than Layer 3 in reference to OSI Layer model.
MINT stands for Mesh Interconnection Network Technology which points to the technology for networks based on arbitrary connections. The most important feature of MINT architecture is its ability to present any wireless (or even sometimes wired) network as a flat Ethernet segment, and radio interface connected to this network will act as usual Ethernet interface (virtual).
MINT protocol has built-in capability to establish connections to MINT neighbors and share information of other connected MINT neighbors. There is no need to configure and adjust MINT protocol settings. MINT unique feature is the ability to choose optimal paths in a network with multiple nodes and connections. Each neighbor connection can be evaluated as special value – i.e. "Cost". Its physical meaning – an estimated time for packet delivery measured in conventional units. The less the "Cost", the higher probability that this path will be chosen. The "Cost" of each connection is constantly changing according to link parameters including radio values (signal-to-noise levels), type of modulation speed used, number of errors and retries, link load and other parameters thus allowing quickly switching to an alternative route if its cost will be lower than for the current one.
So, the switching process is done by MINT protocol. The switching in MINT is done ONLY between two units or more. Each time you have some data for switching you should consider at least two devices as single switch path. Lets represent two Astra Wireless units of Evolution family as virtual “spatial” switch which has only two physical Ethernet ports, so you can just simply switch all traffic between two Ethernet ports (each port belongs to different unit).
However, in order to differentiate between traffic and its destination when you have more than two devices or more than one traffic type is to use VLAN tagging. In MINT we use Switch Group ID to make traffic differentiation. That is why all VLAN tags (or any other filter criteria) should be used to assign traffic to different Switch Group. While traffic resides in MINT domain it will be transferred only between Evolution units with configured and same fixed Switch Group ID number. Switch Group is a logical entity which allows switching between physical ports binded to Switch Group.
So, all traffic destined for switching is transported by MINT protocol in special Switch Groups. Switch Groups are mostly used as container to transport VLAN tagged traffic through MINT network. Therefore, MINT network can be viewed as one virtual distributed switch where border nodes act as external ports of the virtual switch. Switch task is to transparently transport packets from one external port to another one (other ones). Important to understand that switching groups should be created only on the nodes where packets enter from "outside" network ("outside" relative to MINT).
Therefore, if the Switch Group was created and Ethernet port (for example, "eth0") and Radio port (for example, "rf6.0") were added then the switching from "eth0" to "rfX.0" and vice versa has been enabled.
SVI is special logical interface that can be assigned to Switch Group therefore one can access and manage the unit via dedicated Switch Group and via dedicated VLAN.
In default configuration, in "MAC Switch" section, switch group #1 is available with "eth0" and "rfX.0" interfaces and with no additional rules. In this case, all frames coming to the unit from local Ethernet interface will be delivered to the opposite side of the link and sent out the remote Ethernet interface and vice versa. This simple configuration will enable transparent switching - all packets will go through the link unchanged; “VLAN tags”, “QoS” fields, etc. will be preserved.
Nevertheless, in case of remote VLAN management in order to separate customers traffic and management at least two switch groups should be used: one switch group for management, another switch group for data traffic.
In the example below, switch group #100 will be used for the management via VLAN (VLAN ID 100) and the switch group #1 (created by default) - for the data traffic.
In "Basic Settings" → "Network Settings" section create VLAN 100 interface by clicking "Create VLAN" button
Set required VLAN ID and make sure "eth0" is selected as a parent interface
In "Basic Settings" → "MAC Switch" section, we have to delete the "svi1" interface (which is available in the default configuration) by clicking the "Remove L3 Management" button
In "Basic Settings" → "MAC Switch" section, create switch group #100 for the management by clicking the "Create Switch Group" button
Add "vlan100" and "rfX.0" interfaces to the switch group #100
NOTE
In case the VLAN interface is added to the switch group, traffic with the corresponding VLAN ID received by parent interface enters the switch group (no additional rules are required), 802.1q tag will be removed
To create "svi" interface connected to this group click the "Create Switch Group" button
In "Basic Settings" → "Network Settings" section assign IP address to the "svi100" interface (don't forget about netmask)
Step 8 (Optional)
Set the default gateway IP address
Step 9
Before saving the current configuration, please make sure that you can access the unit on VLAN 100. If you connect the PC directly to the unit, you have to set VLAN 100 for the outgoing traffic at the network interface.
Step 10
Try the new configuration temporarily by clicking on the "Test" button
Step 11
If everything works properly, you can save the settings performed in all sections of the "Basic Settings" page, by clicking the «Commit» button.
We have created switch groups for management and data traffic, special interfaces for vlan management and we have set an IP address to the svi management interface.
We have to perform the same settings for the second unit and check the connectivity with VLAN 100 to each unit.
