Adventures with Aredn VLANs
I recently put a node up for San Francisco Wireless Emergency Mesh. It’s something I’ve been intending to do for a while but just never made the time. One of the SFWEM members reached out when he saw me on APRS.fi and asked if I were interested in putting up a node. Since it was something I’ve been meaning to do for a while, I got to work.
The hardware I’m using is a Ubiquiti Rocket M5 with an AMO-5G13 omni directional antenna. The hardware runs a custom firmware from Amateur Radio Emergency Data Network. The setup and configuration is well documented and went smoothly. After mounting the Rocket M5 on a roof mount and running an ethernet to a POE, the node was online.
This node provides good coverage of the general area. It’s currently connected to the rest of the SFWEM mesh network by node KJ6WEG-OAK-Griz-SectorM5 up on Gizzley Peak.
Things got interesting when I started to add a second node. This one is based on a NanoBeam M5 and is intended to create a point-to-point connection to another node on the network, most likely KJ6DZB-USS-HORNET-SOUTH on the USS Hornet.
Putting two devices on a network with the Aredn firmware is supposed to allow them to set up a device-to-device (DtD) connection over the network instead over the RF network.
The Aredn DtD documention was a bit confusing to me. Specifically when I read about the use of VLANs, I assumed that putting the switch ports for both nodes on VLAN 2, they would find and communicate over the network. That’s not what was needed. I know, for whatever reason I suffered a VLAN mental slip.
My network configuration had three VLANs: 1 as the default, 2 for AMPRNET and 3 for Lorawan devices. Since I thought that Aredn wanted to be on VLAN 2, I reconfigured all the switches as: 1 as the default, 2 for Aredn, 3 for Lorawan and 4 for AMPRNET. But this configuration doesn’t work. The SFWEM nodes could get an IP address from the router on VLAN 1 for their WAN interface but they didn’t see each other.
After a few frustrating hours staring at configuration screens, reading and re-reading the Aredn docs, chatting with SFWEM members on slack and wading through my VLAN experience, I realized that I was misunderstanding the use of untagged, VLAN 1 and VLAN 2 by the Aredn firmware. What I realized is that the nodes want to be on their own VLAN and they’ll send WAN data tagged for VLAN 1 while tagging packets for VLAN 2 when doing any DtD communications.
I reconfigured my network switches again but this time as: 1 as the default, 2 for Aredn DtD, 3 for AMPRNET, 4 for Lorawan devices and 5 for SFWEM. The important part here is that the ports for SFWEM nodes are set to tag VLAN 1, tag VLAN 2 and untagged VLAN 5. This gives the Aredn their own default network on VLAN 5, makes VLAN 2 available for DtD communications and allow VLAN 1 traffic to leave the switch for the great beyond.
Both nodes are now online and connected via DtD.