Hello,
Please find the topology below. I want to offer L2 redundancy between two sites without Spanning Tree protocol and minimum change on the network. So I have planned to use WAN port on Branch site to control L2 Tunnel. But I could not succeed to stop that WAN is doing the health-check process over L2 SF tunnel.
Branch’s WAN health-check: ping to 10.251.0.1
L2 SF Tunnel uses the only 3G line.
While WAN is connected, the 3G status will be Cold Stand-By. It means L2 Tunnel down and no loop.
If the green link is disconnected ( to simulate Radio-Link down) , WAN goes disconnected. 3G and L2 tunnel goes up. But the problem, WAN health-check succeed via the L2 tunnel. So WAN goes up-down-up.
I used many firewall rules especially internal rules, outbound policy rules to prevent ping packet from WAN to 10.251.0.1 over L2 tunnel. But no success.
Any comment? Thanks,
Note: I will also try Drop-in mode on branch’s Max-BR1.
1 Like
@aytan34, the firewall rules are meant to be controlling traffic flowing through layer 3 interfaces, eg. LAN-to-WAN, LAN-to-L3SpeedFusion. In the scenario you have described, the WAN Healthcheck could not be prevented from the firewall rules (Internal or Outbound), as it is going through a Layer 2 SpeedFusion.
If the uplink devices (switch or modem in your diagram) can create 2 separate VLANs, one for LAN subnet (11.1.100.x) and one for WAN subnet (10.251.0.x), then this should able to address your requirement. Meaning the Radio Link will carry 2 VLANs while L2SF only carry the LAN subnet across.
2 Likes
Hi Wei,
Thanks for your comment.
But there are no managed switch at branch site. Branch Max-router should tag the traffic egress from WAN. But Max doesnt support tagging on the WAN interface.
You said that no option to filter health-check traffic based on IP or MAC. And no option using outbound policy to forward it to null.
Thanks,
@aytan34
MAX support VLAN tagging for WAN. May i know what model or firmware you are using ?
2 Likes
