rjb_1's profile

Tutor

 • 

10 Messages

Monday, May 9th, 2011 4:45 PM

UDP Traffic flooding with Airport Express behind switch

Hi there - I'm hoping someone can help me solve an issue with my AT&T Uverse internet setup.  

 

First a little background; Our AT&T service comes into our guest house/office to the AT&T router/gateway, and is then fed via a hard line from the RG into our house to an AT&T supplied Netgear GS108 switch which then feeds a number of STBs.  We then have an Apple Airport Express connected to this switch which feeds the house computers wirelessly.

 

When I first set this up, I set up the AEX incorrectly in a double NAT configuration - I would much prefer to have it in bridge mode to allow smoother access between all parts of my network, but when I put the AEX into bridge mode (the 'correct' setting), the computers on the AEX wireless become completely flooded by UDP traffic if any of the STBs are on and especially if they're recording.

 

Apparently the RG can't implement IGMP through the Netgear switch?  How can I get the AEX into bridge mode but get the RG to implement IGMP through the Netgear switch?

 

Any thoughts on this?

 

Many thanks in advance.

 

Rich

Accepted Solution

Official Solution

Expert

 • 

9.4K Messages

13 years ago

I doubt the "Distribute a range of addresses" mode would help anything.  The problem is not at layer 3 (the IP layer).  The problem with the broadcast traffic is at layer 2 (switching layer).

 

No consumer-affordable switch implements IGMP snooping in a manner that would work with the U-Verse traffic.  U-Verse uses IGMP v3, whereas most switches that have IGMP snooping capability work with IGMP v2.

 

Now, there is one solution you can do that will work, and that will save you from running another wire.  That's to use the NetGear GS-108T switches to implement VLANs.

 

You would need 2 NetGear GS-108T switches, one at the 2Wire RG and one at the location where the AEX is.  Then you need to configure each NetGear switch in a very specific manner.

 

This is the method I currently use in my house to route both IPTV and computer traffic to different locations within the house and keep the traffic separated.  I'm using a network of 4 NetGear GS-108T switches and it works very well.

 

Investigate the pricing for the GS-108T (they're around $100 each), and if you're willing to spend that money instead of running another wire, I'll post how to configure them.

 

Accepted Solution

Official Solution

Expert

 • 

9.4K Messages

13 years ago

OK, here's the product page for the NetGear GS-108T:

 

http://www.netgear.com/business/products/switches/smart-switches/GS108T-200.aspx

 

The software configuration manual for this switch is here:

 

http://kb.netgear.com/app/answers/detail/a_id/17341/session/L2F2LzEvc2lkL2MqRHhPTXRr

 

1. Go through the process on chapter 1 page 12 of that manual to use the Smart Switch Discovery software on your PC to discover all the switches.

 

2. For each switch, use the process on chapter 2 page 34 to assign it a static IP address that is within the subnet that the RG is using, but is not within the DHCP range.  By default, the RG uses the 192.168.1.x network, with a DHCP range of 192.168.1.64 through 192.168.1.253.  I would recommend 192.168.1.11 and 192.168.12 for the two GS-108T switches.

 

3. For the switch at the RG, uplink it to the RG twice.  In other words, use two patch cables, one that goes from RG port 1 to switch port 1, and one that goes from RG port 2 to switch port 2.

 

4. Plug the one Ethernet cable that goes to the living room where the AEX is into port 8 of the switch.

 

5. In the living room where the AEX is, plug the feed from the wall (that goes back to the RG) into port 8 of the second switch.  Plug the AEX into port 7.  Plug all DVR/STB units into ports 1-6.

 

6. Use the procedure on chapter 3 page 17 to define 2 VLANs.  VLAN 1 will be the default VLAN, this is the one that will be used for IPTV.  Define the 2nd VLAN as VLAN 2, label it Internet.  You must do this on both switches.

 

7. You're now going to follow the directions on chapter 3 pages 19-21 to set each port's VLAN membership and PVID.  You have to do this in a specific order for it to work right.  In brief, each port can be set to one of 3 membership modes per VLAN:

 

i. The port is a member of the VLAN, sending untagged frames (U).

ii. The port is a member of the VLAN, sending tagged framed (T).

iii. The port is not a member of the VLAN.  ().

 

Further, you set each port's PVID.  The PVID tells the switch that when that port receives an untagged frame, what VLAN is it supposed to belong to.

 

On switch #1 at the RG, we have 3 ports that are plugged into something -- ports 1, 2, and 8.  You'll set them as follows:

 

Port 1 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 2 - Untagged on VLAN 2, Not a member of VLAN 1, PVID = 2.

Port 8 - Tagged on VLAN 1, Tagged on VLAN 2, PVID = 1.

 

On switch #2 in the living room, set the ports as follows:

 

Port 1 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 2 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 3 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 4 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 5 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 6 - Untagged on VLAN 1, Not a member of VLAN 2, PVID = 1.

Port 7 - Untagged on VLAN 2, Not a member of VLAN 1, PVID = 2.

Port 8 - Tagged on VLAN 1, Tagged on VLAN 2, PVID = 1.

 

As a shortcut to the membership, the switch shows you in a horizontal line how the ports are configured for each VLAN, using the "U", "T", and blank boxes.  They should look like this when you're done (I will use a dash "-" to represent a blank box):

 

Switch 1, VLAN 1: U - U U U U U T

Switch 1, VLAN 2: - U - - - - - T

Switch 2, VLAN 1: U U U U U U - T

Switch 2, VLAN 2: - - - - - - U T

 

OK, to switch a port's PVID, you have to do the following in this order:

 

i. Make the port a member of the VLAN that your going to assign as the PVID.

ii. Change the PVID.

iii. Remove the port as a member of any VLAN it's not assigned to.

 

So, for example, when you go to change the PVID of switch #1, port 2 from PVID=1 to PVID=2, you have to do it in this order:

 

i. Make port 2 a member of VLAN 2 by changing it's membership on VLAN 2 to U.

ii. Change the PVID of port 2 to 2.

iii. Remove port 2 from VLAN 1 by changing it's membership to a blank box.

 

 

8. Once all VLANs are configured properly, what you have essentially done is this:

 

How your network is logically connected (in other words, how you can think about it and how it equivalently operates):

 

 

2Wire Router
 +
 | Switch 1A
 + Port 1 ----------+ Port 1
 | | Switch 2A
 | + Port 2 -------- + Port 1
 | |
 | + Port 2 -------- STB #1
 | |
 | + Port 3 -------- STB #2
 | Switch 1B
 + Port 2 ----------+ Port 1
 | Switch 2B
 + Port 2 -------- + Port 1
 |
 + Port 2 -------- AEX

 

 

 

How your network is physically connected:

 

 

2Wire Router
 +
 | GS108T #1
 + Port 1 ----------+ Port 1
 | |
 + Port 2 ----------+ Port 2
 | GS108T #2
 + Port 8 ---------+ Port 8
 |
 + Port 1 -------- STB #1
 |
 + Port 2 -------- STB #2
 |
 + Port 3 -------- STB #3
 |
 + Port 7 -------- AEX

 

 

 

The link from port 8 -> port 8 is carrying tagged frames, keeping the VLAN 1 traffic and the VLAN 2 traffic separated.  The RG implements IGMP snooping.  To it, all STBs are on it's port 1 and all computers are on it's port 2.  Thus, IGMP snooping keeps the multicast traffic only on it's port 1, which only goes to all VLAN 1 port members on the switches.  VLAN port 2 members (which includes the AEX) never see the multicast traffic.

 

 

I know this looks overwhelming, but it's really not that bad.  Once you see the web pages and see how the switches get configured, it's actually pretty straightforward.

 

Expert

 • 

9.4K Messages

13 years ago

There is no way to do what you describe.  The NetGear switch does not implement IGMP snooping.

 

The only way to use the AEX in bridge mode is to run another Ethernet cable from the RG directly to the AEX.  The RG implements IGMP snooping and will keep the multicast IPTV traffic off of the AEX's port.

 

Tutor

 • 

10 Messages

13 years ago

Thanks for the response.  Any thoughts about whether or not a smarter switch would take gear of this - maybe replace the ATT supplied switch with a Netgear GS108T-NAS?  I haven't had any experience with managed switches, but maybe I could set it to filter the UDP packets swamping the house machines.

 

Also, I was thinking of setting up the ATT GR to allocate a specific range of addresses to the house laptops, and then put the AEX in "Distribute A Range of Addresses" mode instead of Bridge mode - any thoughts as to whether or not this would take care of it?

 

Running another cat 6 is not an attractive option - about a hundred foot pull through some difficult conduit.

 

Thanks!

rich

Expert

 • 

10.1K Messages

13 years ago

Just wondering -

 

Can the airport express reach from the guest house to the house? - plug it in to the RG & go wireless from there.

 

Or, can the RG wireless reach to the house?  & use the airport express as a repeater?

Tutor

 • 

10 Messages

13 years ago

 


@SomeJoe7777 wrote:

I doubt the "Distribute a range of addresses" mode would help anything.  The problem is not at layer 3 (the IP layer).  The problem with the broadcast traffic is at layer 2 (switching layer).

 

No consumer-affordable switch implements IGMP snooping in a manner that would work with the U-Verse traffic.  U-Verse uses IGMP v3, whereas most switches that have IGMP snooping capability work with IGMP v2.

 

Now, there is one solution ...

 


 

OK, thanks!  That's a very helpful answer - I'll think about it and weigh it against the pain of another cable pull.

 

The AEX can be at the location of the first switch, so would I *still* need two switches?

 

thanks again,

rich

Tutor

 • 

10 Messages

13 years ago

 


@aviewer wrote:

...Can the airport express reach from the guest house to the house? - plug it in to the RG & go wireless from there.

 

Or, can the RG wireless reach to the house?  & use the airport express as a repeater?


 

No, too far.

 

thanks,

rich

Expert

 • 

9.4K Messages

13 years ago


@rjb_1 wrote:

 

The AEX can be at the location of the first switch, so would I *still* need two switches?


 

?????

 

In your very first post, you said:

 


@rjb_1 wrote:

 

First a little background; Our AT&T service comes into our guest house/office to the AT&T router/gateway, and is then fed via a hard line from the RG into our house to an AT&T supplied Netgear GS108 switch which then feeds a number of STBs.  We then have an Apple Airport Express connected to this switch which feeds the house computers wirelessly.


 

Are you saying you can move the AEX back to the RG's location?

 

Tutor

 • 

10 Messages

13 years ago

 


@SomeJoe7777 wrote:

Are you saying you can move the AEX back to the RG's location?

 


 

No, sorry for the confusion:  you said "one at the 2Wire RG and one at the location where the AEX is..." so I guess I misunderstood - if it would require a second switch *at* the RG then no, wouldn't work.  My current switch is in the house distributing to STBs and AEX.

 

sorry, and thanks again.

 

rich

Expert

 • 

9.4K Messages

13 years ago

OK, I understand.

 

Your existing switch (GS-108) must be replaced with the managed type (GS-108T).  In addition to that you need another GS-108T at the RG.  So yes, you need 2 of the GS-108T switches to make this work, and then you will have a spare, unmanaged GS-108 that won't be used.

 

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.