Hi we have two locations. Each have a PTP 670 on each end, plugged into a Cisco Sg350 switchport that is an access port on VLAN XXX. The firewalls are on the same VLAN at each location plugged into other Cisco access switchports on VLAN XXX. POE bricks are powering the radios at each end. The LAN port goes into the switchports on the Cisco. We see the local radio mac address in the ARP table on the Ciscos on both ends. The firewalls cannot get IP traffic through. Also we would expect the ARP tables on the switches to show macs for the remote firewalls. Nothing.
Now if we plug a PC on each end of the power bricks with the IP addresses of the firewalls, we can ping back and forth. So I am curious, what should we set the Cisco ports to? Should they be general ports with a default vlan and allowed vlan for managment?
Talking with the tech from the company that installed the radios, would it be better for management to use the AUX port for management and run a cable into a management network on firewalled VLAN and just let the data traffic go through on the main port? Or is it better to keep it in band and VLAN tag? I would think the first option is more secure.
I appreciate any insight and help.
Jack