I have enabled management vlan in both ap and connected single sm. I am using the pair for a trunk link purpose.
Even though i have made both ap and connected sm ethernet port to trunk in switch i am not being able to ping connected device from the SM side only.
From AP side ethernet connected switch, i can access both ap, sm and further network expanded device in same management vlan. But only the connected ap and sm is not rechable from the sm side connected switch even though being on the same management vlan.
For other tagged vlan passed through the link, working fine.
Please explain what may be the problem and any suggested solution.
When Management VLAN is enabled on the SM, we have blocked access to the management interface from the Ethernet side of the SM. This is for security reasons as the typcial deployment of SMs is at the end customer permises. We are going to make this configurable in a near future release where the operator can enable/disable management access from the SM's Ethernet side when management VLAN is enabled.
Hi Cambium team. We need more usabale interface to control our vlans, for example like it in ubiquiti products - vlans in bridges, and i can choose what bridge is for management.
for now controlling of vlans in epmp has terriblyawkward interface.
This is outrageous, I read this after we spent hours of testing why the AP was not accessible from a switch via the SM after enabling the management vlan on both the SM and AP. It simply doesnt make sense to disable accessing the management interface on the AP from the SM side. What if a technician wants to test or monitor a remotely installed AP from the SM assuming the PMP network belongs to one customer. I am also surprised why this was not mentioned in the training pack for the ePMP1000. Can this quickly be fixed in the upcoming firmware ?
Blocking management VLAN from the LAN side of the SM was requested by several customers when we initially implemented this functionality. This was for security reasons. However you and other customers have valid points where it should not be the case. We are going to make this access configurable in a near future release. In the meantime you should still be able to access the SM’s management interface through 169.254.1.1 from the LAN side.
we did upgrad all the gear to 2.4 firmware and disabled the management vlan, kept data vlan and vlan member clear, hoping to use the SM and AP as simple transparent bridges. We applied trunk port on both ends. That way we were able to ping the AP and SM in both directions, from the switch on access vlan port that we assigned for the management vlan (where both tha AP and SM have got IP from the same range as well), we also verified traffic in any other vlan allowed in the trunk also traverses in both directions. This is a quick fix for us until the management vlan issue is sorted out. Sriram what drawback do you see from this approach?
Yes it is an advantage in case of last mile customer point of view.
But it is not applicable if we use the same device for point to point purpose in some conditions. I have been utilizing the feature of native vlan in switch to bring the management of both device from both end .
Can't it be straight like in canopy PMP products just allow operator specified mac's to be still in management vlan’s using MAC address Mapping feature, so that only the operators devices with those mac’s will have access to the management interface from SM’s LAN side.
Newly income that is internet service provider to medium scale, I need to know if their equipment EPMP 1000. They could connect to any swich administrable to ensure through vlan communications, which called options compatible with their radios? Another question we cnmaestro portal and are trying to add radios for simultaneous update and stay at pending approval, and updating the radios tested but still does not connect to the manager