cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

956
Views
3
Helpful
5
Replies
Beginner

LXC: layer 2 network device access in LXC container

Hello,

we are currently evaluating the ir829 for possible use as wifi hotspot.

We use CoovaChilli as a hotspot. Problem is, that chilli is expecting layer 2 access to the networking device.

We are using an LXC container that works very well in a pure LXC environment (without libvirt and/or CAF). However as we understand the IOx Documentation there is no possibility to hand a layer 2 connection into either the GOS or container.

Is there any solution we overlook?

Thanks,

Matthias

Everyone's tags (3)
5 REPLIES 5
Cisco Employee

Re: LXC: layer 2 network device access in LXC container

Hi Matthias,

Sounds like you want to let layer2 traffic send to guest-OS and container, right? If as so, please read following content.

Because GE5(which is connected to IOx) is layer3 interface, normally, it would not forward Layer 2 package from IOS to Guest-OS. But there is a workaround solution to make it real.

1, Make sure container's network on guest-OS is linked to bridge node not nat node. (Guest-OS)

2, Use "bridge-group" to link GE5 to a bridge group. (IOS)

3, Also link a Vlan to that bridge group. (IOS)

4, Apply that VLAN to a switch port (GE1~GE4). (IOS)

This should be workable. But please note this way can not be worked for tagged package to Guest-OS.

Thanks

Jun

Beginner

Re: LXC: layer 2 network device access in LXC container

Hi Jun,

thanks for the clarification, we were already on that path by recommendation of a friendly Cisco CE. Problem we still tackle is the following:

We need a layer 2 connection forwarding the Wifi AP to the hotspot daemon, to do the proper authentication, filtering, etc. In the same time we need an Internet connection within the container to the backend services associated with the on site hotspot. Is this possible to be achieved via sub-devices on the GE5?. Like Sub-device .1 in the Bridge Group and .2 doing NAT? If so, how are the sub-devices Accessible in the Guest OS / Container?

Thanks,

Matthias

Cisco Employee

Re: LXC: layer 2 network device access in LXC container

Hi Matthias,


I am trying to understand your solution. Still feel a little confusion. Could you please help to clarify some points,

1, Where do you want to host "hotspot daemon"? in GOS/container or out of IR8x9?

2, What's sub-devices? Do you mean sub-interface of GE5? or another physical device?

3, "Wifi AP" is IR829's AP or another AP?

Thanks

Jun

Beginner

Re: LXC: layer 2 network device access in LXC container

Sorry for digging up this topic after so long. I see that it is recommended in item 3 to 'Also link a Vlan to that bridge group.' What is the method to accomplish this on the IR829?

Highlighted
Cisco Employee

Re: LXC: layer 2 network device access in LXC container

Kevin,


@Kevin Morris wrote:

Sorry for digging up this topic after so long. I see that it is recommended in item 3 to 'Also link a Vlan to that bridge group.' What is the method to accomplish this on the IR829?


Please, review the following articles and let us know if you are able to configure the IR829.

Thanks,
Kyle

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here
This widget could not be displayed.