Layer 2 Bridge support for FusionHub

+1 from us on this as well. From time to time it would be very useful to be able to quickly build an L2 link between locations.

Cheers
Dana

1 Like

+1 from us too. We currently require it urgently
Thanks a lot
Johannes

2 Likes

Hello @Kenny,
We are a plus one (+1) on this too.
Happy to Help,
Marcus :slight_smile:

4 Likes

+1 from me (again).

4 Likes

+1 here too.

3 Likes

Layer 2 support is include in 8.0.1 beta 2!
You can enable Layer 2 by clicking the “?” icon on the right hand side of “PepVPN Settings”.

Some quick guides:

  1. Layer 2 is supported in non-VRF and VRF.
  2. If FusionHub has both LAN and WAN interfaces, LAN interface will be bridged to the non-VRF domain.
  3. If FusionHub has WAN interface only, WAN interface is not bridged.
8 Likes

Kenny,

Can the DHCP of the FusionHub be used in such setup or we need an external DHCP? Is there a how to guide?

The BR1 and its clients would receive a public ip via the Layer2 tunnel from the DHCP server of the FusionHub.

Thanks !

1 Like

FusionHub’s DHCP server is not able to do that right now, we add this to feature request.
To setup external DHCP server:
Setup FusionHub with LAN and WAN interface
Connect the DHCP server to FusionHub’s LAN
Setup Layer 2 profile on non-VRF

4 Likes

Kenny,

If we use VRF and L2 on FusionHub, all traffic goes out on the same LAN mixed.
What is the advantage of using a VRF then? I don’t understand where this can be helpful.

We wanted to use VRF to distribute layer 2 tunnels for one instance of fusionhub to different LAN VLANs but that is not possible. Between having all tunnels terminate in the same VRF or different ones, on the L2 situation I don’t see added value but I’m probably missing something.

Thanks for your support,

1 Like

Thanks for your feedback. FusionHub does not support LAN port belongs to different organization if Layer3 SpeedFusion is enabled in non-VRF domain. We will add this to feature request.

To fit your deployment:

  1. Able to specify the management VLAN for LAN port (that will also be used in Layer3 SpeedFusion)
  2. Layer 2 SpeedFusion is on “trunk” except the management VLAN is filtered.

It that correct?

1 Like

Kenny,

In this scenario there is no Layer3 tunnel. The hub is used to distribute Layer2 over multiple sites on multiple customers. So traffic must be isolated customer per customer. That’s where VRF could have been useful but in the end, all traffic is mixed. Even with different VRF.

On point 2, do you mean we could assign outgoing VLANs to Layer 2 tunnels per VRF? And assign one outgoing VLAN per customer ( but multiple sites in one VLAN)

We want to avoid that shared Layer2 hubs mix the traffic of all customers.

Thanks,

1 Like

Not really available. If

  1. You can specify "white list’ VLANs for each Layer2 SpeedFusion profile, only white-listed VLANs traffic are accept/pass to SpeedFusion
  2. Layer2 SpeedFusion profiles are connected to trunk LAN port

Is that ok for you?

2 Likes

I think it is. I’ll rephrase it to make sure I understood.

  • It is mandatory to receive customer traffic encapsulated in VLANs and we can define which VLAN can go in which Layer 2 tunnel.

  • On the LAN, all VLAN’s go out on the trunk.

2 Likes

@Kenny I have a situation I’m working on now with hub and spoke, each spoke has 1 layer 3 subnet and three layer 2 vlans. These are all connected together via the hub using sub-tunnels.

The current hub (a balance) has the same vlans configured, so you can connect to equipment on a vlan in one location and the same equipment in the other locations are accessible because they are in that vlan too - the hub bridging all VLANs.

Wish I could add multiple VLANs on the LAN of the fusionhub to make that work. I am currently juggling fusionhubs with clown shoes on building a work around and I may well end up with egg on my face before the morning comes :wink:
.

2 Likes

Yup, vlans on FusionHub is a must have…

2 Likes

Can we get vlan support added for LAN in 8.1?
also how do we set the override option for layer2 in fusionhub?
I can’t seem to find this option:


If that’s not currently an option, what does it default to?

2 Likes

Hi @Jonathan_Pitts, as the nature of FusionHub is very different from a Balance or MAX, this “Override IP Address” option is not available on FusionHub.

So here is how Layer 2 PepVPN works on FusionHub:

  • FusionHub with both WAN and LAN: connected Layer 2 PepVPN peers will be able to communicate with each other as well as LAN interface, “Remote Network Isolation” is available only for this scenario.

  • FusionHub with WAN only: connected Layer 2 PepVPN peers will be able to communicate with each other only, local network interface (i.e. WAN) is not bridged together.

  • FusionHub using VRF: This should work just like the “WAN only” scenario, even the FusionHub has both WAN and LAN interfaces, but you can utilized different VRF domain to isolate different Layer 2 PepVPN peers.

NOTE: VLAN Whitelist filtering should work in all 3 scenarios.

2 Likes

Can it operate in static,DHCP or none options then?
I assume it would never be the source of the DHCP based on what you described, but it seems like it should have the other options.
One of my questions is If I connect two layer two device and the fusionhub which side will be the DHCP server, when doing this with max/balance very easy to know, not so much with fusionhub.

1 Like

The positioning of FusionHub is a Hub, it helps to connect different devices together, we are not expecting the LAN of FusionHub to be overridden by an external device, can you describe more about the scenario that require overriding FusionHub’s LAN?

1 Like

Let me do some testing , thanks for the clarification.

1 Like