L2 Isolation matrix (grouping)

AleValent · February 2020

It would be possible to have this on nebula? (XGS1930-28)?

i have some mixed situations where i can manage only the switch and not the gateway, i need to combine some tv with chromecasts and a server. I have to let all the port see the server, but each room has not to see each other. While, another lan is up to the chromecast that has to be seen by its room.

Making it simple, i have to create some small byod areas..

Zyxel_Jason · February 2020

Hi @AleValent ,

For the scenario you mentioned, I summarize for you:

The ports which connect to each room can't communicate with each other.
All rooms can communicate with the port which connects to the server.

Nebula Switch already supports to configure port isolation on NCC.

You may go to Switch>Configure>Switch ports, choose the ports connected to the rooms and enable port isolation.(Keep the port which connects to the server is disable.)

Hope it helps.

AleValent · February 2020

Yup. i can do that. Each room cannot see each other but they can see the server (port non isolated on same vlan, tested and happily working).

I wish to go one step further: example, i need that ports 12-13 belongs to room 101, ports 14-15 to room 102. I need room 101 to be isolated from room 102.

This becouse chromecast's guest mode doesn't work with ios13. i need the guest to access to tv's access point (i know tricky, but this is the only safe way) and see on the same network the chromecast.

But.. each room has not to see other room's cast.

That matrix allows me to do it very quickly (and set custom rules). Why is better to do this way than with firewall? just becouse sometimes hotels switch televisions between rooms, and it cannot be device-related. And, it is better not to install a gateway behind a gateway behind a .... (infinite)

This all belongs to the "netflix-gate" realm, the google's device nowdays is the most flexible item to use. A huge problem

Zyxel_Jason · February 2020

Hi @AleValent ,

Thanks for your input.

We understand your scenario and like you mentioned, port based VLAN should be more appropriate to your scenario, but it isn't support on NCC currently.

I will move this post to idea section and we will keep monitoring the comments and Likes on this post.

AleValent · February 2020

I don't know how many people does have this problem NOW, but this is an undergoing iussue.

The multimedia idea that is lying on those years is the byod model, that is taking over even into hospitality. What people demands is 60% netflix, 30% youtube, 20% the rest. AirPlay does not support Netflix. Philips has huge security problems with its integrate chromecast app, however there's a pretty wide scenario that will grow in the next future.

I see also devices as GoPros, all the media that a tourist might want to see when back home.

Another way could be let the switch have the dhcp server with multiple pools, to split the computing power around the devices..

Hospitality will be a pretty challenging field.

Thanks for replying!

TomorrowOcean · February 2020

What about letting the ports of the same room in the same VLAN?

EX:

port 12,13 use access and pvid 101

port 14,15 use access and pvid 102

uplink port use trunk, pvid 1 and allow all VLAN

Then, room 101 will be isolated from room 102 because they aren't in the same VLAN.

You also need to add VLAN 101 and 102 on your gateway(DHCP server).

L2 Isolation matrix (grouping)

Comments

Categories

Nebula Tips & Tricks

Nebula Help Center