XG in bridge mode with Eero

Hi,

your suggestion looks reasonable. You would need to review the eero dhcp functions to see if will run with more than one address range.

If you use eero you are putting extra levels of checking whihc could slow down your throughput, which if the XG is setup correctly will not be used in the eero. You will need to make sure your VM NICs are capable of running at fibre speed as well as the cpu cycles assigned to the XG CPU.

Ian

rfcat_vk 

Eero may be a limit but I don't need more than one range for now.  My biggest questions now are around the Bridge Interface "general settings" when I attempt to add a bridge.

I understand the Member Interfaces (easy enough, as right now I have a WAN and LAN as it's currently in gateway mode).  After this, I need to put in an IPv4/Netmask.  I had thought this would be any IP that I wanted for the LAN side.  Below this, I need a Gateway Name and IP.  I am getting a DHCP from my ISP do I put in my current WAN public IP?  Or does this need to be two private IPs?  And if two private will Sophos send become invisible to the ISP device and send the public IP to the Eero?  Doesn't make sense to me but I don't see a way to make one interface in the Sophos bridge to be DHCP and the other static private ip if that makes sense.  The hardware I'm running on is very capable so I'm not too concerned but I'm willing to live with some impact in exchange for security.

Hi,

I have not tried this. The IP address is that of your XG. The XG should pass your IP request from your eero to your modem. Where does the login to the ISP network come from? The Gateway is the address of your modem inside address so the XG knows where to pass the traffic to.

Where do you want to segment your network, on the XG side or the internal side of the eero?

Ian

This doesn't work.  If I want the XG to be the first device on my network (from ISP directly to WAN port in XG, LAN port from XG directly into WAN for Eero and LAN port in Eero to Network switch) then the Eero never gets the public routable IP from my ISP.  I think the bridge mode in XG is meant for XG to connect to another gateway device which in my case would not work since this would leave the wireless devices unprotected.

Of course, now I want to disable the bridge I created and there doesn't seem to be any easy way to revert back from Bridge Mode to Gateway mode.  Other the resetting back to default settings.  

I have a spare XG lying around here somewhere, I will try out bridge mode as an experiment in learning.

ian

That's awesome of you!

Hi,

sorry, this is taking a little longer than expected, 1 NIC died and the wrong disk was in the machine so a rebuild was required. Now waiting for mr3 to install.

Ian

Update. Just as well I didn't try to put it back in production mb not working well. Replacing with spare mb, then try again. You do need 3 nics to manage bridged mode.

Hi,

built a new installation on a very old box using the latest mr-2 which updated to mr-3. The new box has 3 NICs which you will require to allow you to finish the configuration of your bridge.

I am typing this over the test XG bridge mode connected to to my main XG.

1/. 3 NICs preferable, makes management easier.

2/. possibly require a restart, did on the first build, but that could have been a motherboard issue.

3/. the IP address requested is the IP address of the bridged network and becomes the default gateway. I changed the default gateway in the DHCP server so I could access the internet.

4/. you will need to create a dhcp server for the bridge mode or use static assignments for the connected devices.

5/. you can't use dhcp or PPPoE on the bridged interface for the wan connection. I cannot test this fully because I don't have a static external IP address.

Still playing with the configuration. Need to put a faster CPU in this test box, takes forever to process changes.

Ian

When you get a chance could you do a screenshot of your config?  And maybe a diagram of your network.

If you look at my screenshot, I thought that the IPv4/Mask: was asking for the IP for the LAN/WAN bridge I created.  Reading your post makes me think that this is the IP for the 3rd NIC?

If I understand this the "Member interfaces" are the two NICs you want to bridge into one?  So that means that the gateway IP is the IP address for the LAN/WAN bridge?

Hi,

no the network mask is for the bridge.

The IP address of the bridge needs to part of the network the bridge is talking to and with that needs to have the same mask.

I will post some shots shortly.

Ian

Pretty pictures as requested.

Network.

MAC -> XG internal interface of bridge (LAN) -> bridge -> external interface of bridge -> switch -> internal interface of main XG.

I don't have an external interface with a fixed P address other than using the internal network address of my main XG.

Ian

Pretty pictures as requested.

Network.

MAC -> XG internal interface of bridge (LAN) -> bridge -> external interface of bridge -> switch -> internal interface of main XG.

I don't have an external interface with a fixed P address other than using the internal network address of my main XG.

Ian

Ok, I think I have enough to give it a try again tonight.  I'm assuming that your 192.168.21.1 Gateway IP is the LAN (internal) IP for your Main XG.  I'll let you know how that goes.  You don't happen to know how to get PLEX remote access to work?  = )

Hi,

PLEX uses some obscure SSL stuff, certificates, domain names etc.

The following link has lots of useful information that might help.

https://en.wikipedia.org/wiki/Plex_(software)

Ian

I finally did get Plex to work.  So at least that part is working fine.