UDP Traffic flooding with Airport Express behind switch

Tutor

UDP Traffic flooding with Airport Express behind switch

[ Edited ]

Hi there - I'm hoping someone can help me solve an issue with my AT&T Uverse internet setup.  

 

First a little background; Our AT&T service comes into our guest house/office to the AT&T router/gateway, and is then fed via a hard line from the RG into our house to an AT&T supplied Netgear GS108 switch which then feeds a number of STBs.  We then have an Apple Airport Express connected to this switch which feeds the house computers wirelessly.

 

When I first set this up, I set up the AEX incorrectly in a double NAT configuration - I would much prefer to have it in bridge mode to allow smoother access between all parts of my network, but when I put the AEX into bridge mode (the 'correct' setting), the computers on the AEX wireless become completely flooded by UDP traffic if any of the STBs are on and especially if they're recording.

 

Apparently the RG can't implement IGMP through the Netgear switch?  How can I get the AEX into bridge mode but get the RG to implement IGMP through the Netgear switch?

 

Any thoughts on this?

 

Many thanks in advance.

 

Rich

Message 1 of 35 (7,890 Views)
Expert

Re: UDP Traffic flooding with Airport Express behind switch

There is no way to do what you describe.  The NetGear switch does not implement IGMP snooping.

 

The only way to use the AEX in bridge mode is to run another Ethernet cable from the RG directly to the AEX.  The RG implements IGMP snooping and will keep the multicast IPTV traffic off of the AEX's port.

 

Message 2 of 35 (7,745 Views)
Tutor

Re: UDP Traffic flooding with Airport Express behind switch

Thanks for the response.  Any thoughts about whether or not a smarter switch would take gear of this - maybe replace the ATT supplied switch with a Netgear GS108T-NAS?  I haven't had any experience with managed switches, but maybe I could set it to filter the UDP packets swamping the house machines.

 

Also, I was thinking of setting up the ATT GR to allocate a specific range of addresses to the house laptops, and then put the AEX in "Distribute A Range of Addresses" mode instead of Bridge mode - any thoughts as to whether or not this would take care of it?

 

Running another cat 6 is not an attractive option - about a hundred foot pull through some difficult conduit.

 

Thanks!

rich

Message 3 of 35 (7,734 Views)
Expert
Solution
Accepted by topic author rjb_1
‎09-30-2015 1:39 AM

Re: UDP Traffic flooding with Airport Express behind switch

I doubt the "Distribute a range of addresses" mode would help anything.  The problem is not at layer 3 (the IP layer).  The problem with the broadcast traffic is at layer 2 (switching layer).

 

No consumer-affordable switch implements IGMP snooping in a manner that would work with the U-Verse traffic.  U-Verse uses IGMP v3, whereas most switches that have IGMP snooping capability work with IGMP v2.

 

Now, there is one solution you can do that will work, and that will save you from running another wire.  That's to use the NetGear GS-108T switches to implement VLANs.

 

You would need 2 NetGear GS-108T switches, one at the 2Wire RG and one at the location where the AEX is.  Then you need to configure each NetGear switch in a very specific manner.

 

This is the method I currently use in my house to route both IPTV and computer traffic to different locations within the house and keep the traffic separated.  I'm using a network of 4 NetGear GS-108T switches and it works very well.

 

Investigate the pricing for the GS-108T (they're around $100 each), and if you're willing to spend that money instead of running another wire, I'll post how to configure them.

 

Message 4 of 35 (7,724 Views)
ACE - Expert

Re: UDP Traffic flooding with Airport Express behind switch

Just wondering -

 

Can the airport express reach from the guest house to the house? - plug it in to the RG & go wireless from there.

 

Or, can the RG wireless reach to the house?  & use the airport express as a repeater?

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 5 of 35 (7,721 Views)
Tutor

Re: UDP Traffic flooding with Airport Express behind switch

[ Edited ]

 


SomeJoe7777 wrote:

I doubt the "Distribute a range of addresses" mode would help anything.  The problem is not at layer 3 (the IP layer).  The problem with the broadcast traffic is at layer 2 (switching layer).

 

No consumer-affordable switch implements IGMP snooping in a manner that would work with the U-Verse traffic.  U-Verse uses IGMP v3, whereas most switches that have IGMP snooping capability work with IGMP v2.

 

Now, there is one solution ...

 


 

OK, thanks!  That's a very helpful answer - I'll think about it and weigh it against the pain of another cable pull.

 

The AEX can be at the location of the first switch, so would I *still* need two switches?

 

thanks again,

rich

Message 6 of 35 (7,719 Views)
Tutor

Re: UDP Traffic flooding with Airport Express behind switch

 


aviewer wrote:

...Can the airport express reach from the guest house to the house? - plug it in to the RG & go wireless from there.

 

Or, can the RG wireless reach to the house?  & use the airport express as a repeater?


 

No, too far.

 

thanks,

rich

Message 7 of 35 (7,716 Views)
Expert

Re: UDP Traffic flooding with Airport Express behind switch


rjb_1 wrote:

 

The AEX can be at the location of the first switch, so would I *still* need two switches?


 

?????

 

In your very first post, you said:

 


rjb_1 wrote:

 

First a little background; Our AT&T service comes into our guest house/office to the AT&T router/gateway, and is then fed via a hard line from the RG into our house to an AT&T supplied Netgear GS108 switch which then feeds a number of STBs.  We then have an Apple Airport Express connected to this switch which feeds the house computers wirelessly.


 

Are you saying you can move the AEX back to the RG's location?

 

Message 8 of 35 (7,707 Views)
Tutor

Re: UDP Traffic flooding with Airport Express behind switch

 


SomeJoe7777 wrote:

Are you saying you can move the AEX back to the RG's location?

 


 

No, sorry for the confusion:  you said "one at the 2Wire RG and one at the location where the AEX is..." so I guess I misunderstood - if it would require a second switch *at* the RG then no, wouldn't work.  My current switch is in the house distributing to STBs and AEX.

 

sorry, and thanks again.

 

rich

Message 9 of 35 (7,703 Views)
Expert

Re: UDP Traffic flooding with Airport Express behind switch

OK, I understand.

 

Your existing switch (GS-108) must be replaced with the managed type (GS-108T).  In addition to that you need another GS-108T at the RG.  So yes, you need 2 of the GS-108T switches to make this work, and then you will have a spare, unmanaged GS-108 that won't be used.

 

Message 10 of 35 (7,691 Views)
Tutor

Re: UDP Traffic flooding with Airport Express behind switch

 


SomeJoe7777 wrote:

...Now, there is one solution you can do that will work, and that will save you from running another wire.  That's to use the NetGear GS-108T switches to implement VLANs.

 

,,, if you're willing to spend that money instead of running another wire, I'll post how to configure them.

 


 

You know, if it's not too much trouble, I'd be very interested to see details of this - it's not cost-prohibitive, and would be better than pulling more wire for me.

 

Thank you very much!

Message 11 of 35 (7,692 Views)
Highlighted
Expert
Solution
Accepted by topic author rjb_1
‎09-30-2015 1:39 AM

Re: UDP Traffic flooding with Airport Express behind switch

OK, here's the product page for the NetGear GS-108T:

 

http://www.netgear.com/business/products/switches/smart-switches/GS108T-200.aspx

 

The software configuration manual for this switch is here:

 

http://kb.netgear.com/app/answers/detail/a_id/17341/session/L2F2LzEvc2lkL2MqRHhPTXRr

 

1. Go through the process on chapter 1 page 12 of that manual to use the Smart Switch Discovery software on your PC to discover all the switches.

 

2. For each switch, use the process on chapter 2 page 34 to assign it a static IP address that is within the subnet that the RG is using, but is not within the DHCP range.  By default, the RG uses the 192.168.1.x network, with a DHCP range of 192.168.1.64 through 192.168.1.253.  I would recommend 192.168.1.11 and 192.168.12 for the two GS-108T switches.

 

3. For the switch at the RG, uplink it to the RG twice.  In other words, use two patch cables, one that goes from RG port 1 to switch port 1, and one that goes from RG port 2 to switch port 2.

 

4. Plug the one Ethernet cable that goes to the living room where the AEX is into port 8 of the switch.

 

5. In the living room where the AEX is, plug the feed from the wall (that goes back to the RG) into port 8 of the second switch.  Plug the AEX into port 7.  Plug all DVR/STB units into ports 1-6.

 

6. Use the procedure on chapter 3 page 17 to define 2 VLANs.  VLAN 1 will be the default VLAN, this is the one that will be used for IPTV.  Define the 2nd VLAN as VLAN 2, label it Internet.  You must do this on both switches.

 

7. You're now going to follow the directions on chapter 3 pages 19-21 to set each port's VLAN membership and PVID.  You have to do this in a specific order for it to work right.  In brief, each port can be set to one of 3 membership modes per VLAN:

 

i. The port is a member of the VLAN, sending untagged frames (U).

ii. The port is a member of the VLAN, sending tagged framed (T).

iii. The port is not a member of the VLAN.  (<Blank box>).

 

Further, you set each port's PVID.  The PVID tells the switch that when that port receives an untagged frame, what VLAN is it supposed to belong to.

 

On switch #1 at the RG, we have 3 ports that are plugged into something -- ports 1, 2, and 8.  You'll set them as follows:

 

Port 1 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 2 - Untagged on VLAN 2, Not a member of VLAN 1, PVID = 2.

Port 8 - Tagged on VLAN 1, Tagged on VLAN 2, PVID = 1.

 

On switch #2 in the living room, set the ports as follows:

 

Port 1 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 2 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 3 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 4 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 5 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 6 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 7 - Untagged on VLAN 2, Not a member of VLAN 1, PVID = 2.

Port 8 - Tagged on VLAN 1, Tagged on VLAN 2, PVID = 1.

 

As a shortcut to the membership, the switch shows you in a horizontal line how the ports are configured for each VLAN, using the "U", "T", and blank boxes.  They should look like this when you're done (I will use a dash "-" to represent a blank box):

 

Switch 1, VLAN 1: U - U U U U U T

Switch 1, VLAN 2: - U - - - - - T

Switch 2, VLAN 1: U U U U U U - T

Switch 2, VLAN 2: - - - - - - U T

 

OK, to switch a port's PVID, you have to do the following in this order:

 

i. Make the port a member of the VLAN that your going to assign as the PVID.

ii. Change the PVID.

iii. Remove the port as a member of any VLAN it's not assigned to.

 

So, for example, when you go to change the PVID of switch #1, port 2 from PVID=1 to PVID=2, you have to do it in this order:

 

i. Make port 2 a member of VLAN 2 by changing it's membership on VLAN 2 to U.

ii. Change the PVID of port 2 to 2.

iii. Remove port 2 from VLAN 1 by changing it's membership to a blank box.

 

 

8. Once all VLANs are configured properly, what you have essentially done is this:

 

How your network is logically connected (in other words, how you can think about it and how it equivalently operates):

 

 

2Wire Router
     +
     |               Switch 1A
     + Port 1 ----------+ Port 1
     |                  |              Switch 2A
     |                  + Port 2 -------- + Port 1
     |                                    |
     |                                    + Port 2 -------- STB #1
     |                                    |
     |                                    + Port 3 -------- STB #2
     |              Switch 1B
     + Port 2 ----------+ Port 1
                        |              Switch 2B
                        + Port 2 -------- + Port 1
                                          |
                                          + Port 2 -------- AEX

 

 

 

How your network is physically connected:

 

 

2Wire Router
     +
     |               GS108T #1
     + Port 1 ----------+ Port 1
     |                  |
     + Port 2 ----------+ Port 2
                        |              GS108T #2
                        + Port 8 ---------+ Port 8
                                          |
                                          + Port 1 -------- STB #1
                                          |
                                          + Port 2 -------- STB #2
                                          |
                                          + Port 3 -------- STB #3
                                          |
                                          + Port 7 -------- AEX

 

 

 

The link from port 8 -> port 8 is carrying tagged frames, keeping the VLAN 1 traffic and the VLAN 2 traffic separated.  The RG implements IGMP snooping.  To it, all STBs are on it's port 1 and all computers are on it's port 2.  Thus, IGMP snooping keeps the multicast traffic only on it's port 1, which only goes to all VLAN 1 port members on the switches.  VLAN port 2 members (which includes the AEX) never see the multicast traffic.

 

 

I know this looks overwhelming, but it's really not that bad.  Once you see the web pages and see how the switches get configured, it's actually pretty straightforward.

 

Message 12 of 35 (7,681 Views)
Tutor

Re: UDP Traffic flooding with Airport Express behind switch

WOW!  That's a mouthful!  OK, thanks very much - it'll take me a bit to digest this, but should be very helpful.  Hopefully somebody else will find this discussion useful too.

 

THANK YOU!

rich

 

 

Message 13 of 35 (7,673 Views)
Tutor

Re: UDP Traffic flooding with Airport Express behind switch

I have read the above post several times, but am still having trouble with an extremely similar issue.  I appologize in advance if I am missing something simple.

 

I am trying to extend my wireless network with a second router (E4200) and am having problems with the multicast traffic.  I have read a lot of posts on this, but still having a problem getting it to work correctly.  I bought a GS108e hoping that it would help filter the multicast requests since it supported IGMP Snooping v3, but as now read; it doesn’t really support the U-Verse implementation.

 

RG

|

GS116e (I want to do something similar here, but am trying to keep it simple for now)

|

GS108e

|

Port 1 connected to GS116e

Port 2 U-Verse DVR

Port 8 E4200

 

RG = 10.0.0.1

E4200 = 10.0.0.2

 

DHCP is disabled on the E4200, and when I connect to it, I successfully get an IP from the RG and can ping both 10.0.0.1 and 10.0.0.2.  When I walk from one side of the house to the other, I can watch my phone switch between the two access points pretty seamlessly.  That all works great.  

 

However, ports 1, 2 and 8 are blinking like crazy and my PC connected to the E4200 wireless is showing constant data transfer of ~700KB/sec and the wireless performance is terrible.  I am watching TV and I guess that is the multicast traffic I am seeing.

 

So, I tried to setup a VLAN, but when I do, I no longer get an IP from the RG, when I give myself one manually, I can no longer ping the RG or get obviously get out on the internet.

 

I was trying to follow this post (entertainment center section) as it is really close to what I want to do and I also want to isolate everything else plugged into the GS108e.

 

http://www.broadbandreports.com/forum/r24678807-

 

I’ve tried various configurations, but here is what I have now (very similar to the above post):

VLAN 1: T U U U U U U –

VLAN 2: T - - - - - - U

PVID: 1 1 1 1 1 1 1 2

 

This definitely stops multicast traffic from getting to port 8 (I see the light stop blinking), but whenever I am plugged into the E4200, I can’t seem to get to anything else on the network.

 

Does anyone see a configuration error?  Again, sorry if I am missing something simple, I really have no experience with VLANs.

Message 14 of 35 (7,623 Views)
Expert

Re: UDP Traffic flooding with Airport Express behind switch

Did you also configure the GS116e to deal with the tagged VLAN?  And uplink it to the RG twice like the above explanation?  You must do all of those things for it to work properly.

 

Also, I need to mention that the NetGear GS1xxE series may have problems with this.  Someone over on DSLReports tried this setup with GS108E switches and couldn't get it to work because of a bug in the VLAN handling (the double uplink required at the RG didn't work right).  The write up above uses NetGear GS1xxT switches, which are known to work properly.

 

 

Message 15 of 35 (7,614 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.