VXLAN usage, Access Point <--> Router

Knogle · October 6, 2021, 3:17pm

Ahoy friends.
I got a outdoor access point in my home location, but i don't want to have lan access exposed to my outdoor location where the AP is located. So no one should be able to plug into the cable of the AP using a laptop or something similar and access my network easily.
So i want to configure port security on my Cisco switch, but the difficulty: The number of different MAC addresses, due to it's function as wireless AP. So i want only one MAC address to appear on the switch port, so i need a kind of Layer 2 tunneling mechanism, maybe VXLAN, or OpenVPN?
This way i want to tunnel the L2 traffic from the wireless AP to my router and it's specific VLANs.
Did someone work already with VXLAN on OpenWrt? Is there a guide on how to configure VXLAN properly on OpenWrt? I didn't find any Wiki guide yet. Or any other suggestions? VXLAN may be way faster than OpenVPN with encryption.

Thanks in advance!

randyrodriguez · October 6, 2021, 4:54pm

How about gretap?
https://forum.openwrt.org/t/howto-l2-trunk-over-wifi-with-gretap/75689

eduperez · October 7, 2021, 7:19am

Can't you use VLANs, and dedicate specific ports on the switch to the outdoors APs, connected to a "guest" network.

Knogle · October 7, 2021, 11:39am

Hey friends. Thanks a lot for your reply. @randyrodriguez ,i'll try out this solution as well, maybe it's easier.
I was able to fix it, now i only got one MAC address on the switchport interface as expected, and Port Security works fine now!

PSW-K-01#show mac address-table interface GigabitEthernet 1/1/7
Flags: I - Internal usage VLAN
Aging time is 300 sec

    Vlan          Mac Address         Port       Type    
------------ --------------------- ---------- ---------- 
    110        d8:47:32:f3:fb:68    gi1/1/7     secure   

PSW-K-01#

And do i have to "terminate" the connection on the routers' side, on a physical connection, or is a loopback interface possible as well?