Profile Isolation in Layer 2

Can you please provide more info on Profile Isolation feature in Layer 2 configuration?

Enable this option if you want to block network traffic between the remote networks, this will not affect the connectivity between them and this local LAN.

Essentially Lets say you have a Head end and two remote ends connecting to it via L2SF. With this enabled the Head end will be able to talk to the remote networks and vice-versa; the remote networks will be able to talk to the head end. However, the remote networks will not be able to talk to each other.

1 Like


This is something we really need, using your diagram, in case the HQ looses the connection with one of the remote balance i.e. top then the traffic will go to the bottom balance and then to the top right?

Based on the tests we have performed when the connection from the HQ to the top balance is restored the packets are still travelling to through the bottom Balance. Is it a way to define a priority speedfusion on the HQ?


For clarification, assuming the two remote ends are directly connected to each other via Ethernet?

Yes, they are connected on their LAN

Hi Jupiter,

You can set HQ Balance to lowest LAN MAC ensure it is a root bridge. Then 2 WAN ports of HQ Balance will always active.

1 Like


We have tried the lowest MAC, it is working on the testing environment but when we set it to the production we have created a broacast storm. That is why we are asking about the Profile Isolation Feature in Layer 2 Speedfusion. Below is an example diagram

Hi Jupiter,

I believe you have opened a support ticket way back in July pertaining this issue. You may want to re-open the same ticket by replying the support email, and our support team could revisit the case.

Best regards,

1 Like


At that time with that version we could not find a solution, can you please let us know if the 6.2 version will support that, or can someone eventually let us know in detail what is the purpose of the “Profile Isolation” and some usage examples?



Hi Charris,

Yes, firmware 6.2 will come with SpeedFusion Layer 2 isolation. This feature is mainly to be applied on the main site unit, to prevent remote sites broadcast traffic flow through SpeedFusion tunnel. One of the example would WiFi Hotspot environment, where a big DHCP pool IP addresses (same subnet) share across all the subscribers via our MAX cellular routers, connected via Layer 2 SpeedFusion back to datacenter/Internet-Hub. And all these MAX cellular routers need not communicate to each other, thus the SpeedFusion Layer 2 Isolation will ensure each MAX cellular router only able to communicate to central site.

In your case, you have the switches behind the Peplink units (at Site B &C) that connected directly, which SpeedFusion Layer 2 Isolation won’t able to block any traffic flow through between these 2 switches.

Hope this clarified the matter.

Thanks and regards,

1 Like

Hi Wei,
I could not find to make isolation between Layer2 speedfusion tunnels on WebGUI of MAX-BR1-AE( hw rev2 , firmware 7.1.1)b3102) . Two remote ends are connected to the center with speedfusion layer2 tunnel. Two remote ends are also connected via LAN interfaces. Thats why I need isolation to prevent loop. I could not use Spanning tree option.

@aytan34, please find the requested feature below. You should enable it on the hub device.


Thanks Liew,
I think this option is not on MX-BR1 series. I have used a max-br1 on hub site, and two max-br1 for branch sites.

Normally, BR1 will be deployed at the remote site. Can you share the reason of using BR1 as the hub device?

1 Like