#tunnel Tunnel set up for new NSM5 #tunnel


I'm working on getting N7IME-NSM5-30F6 set up. I did get loaded into my radio and a basic configuration completed (resulting in that node name).

Can someone confirm that I do need a managed switch to tag my WAN access with VLAN1 to enable the Tunnel Client (right now, I can't even download it). I'd like to make sure that is my problem right now before I focus on that and miss something else obvious.

Can someone confirm if the Main and Secondary ports are the same as far as Ethernet network connections? I understand that PoE needs to be provided to Main, wondering if there is a port restriction for the WAN connection on the MSN5.

I'll also need connection information for a Tunnel server if one is available. I'll be primarily using that from my home location in Dallas. I'm hoping someone in the community can help me with that connection, at least until I can get up on RF.

Thank you! I appreciate the support.
Jason / N7IME

Brett Popovich KG7GDB

Hi Jason and others installing tunnels,

Yes, AREDN firmware tunnels requires a managed switch with VLAN1 member ports being tagged for mesh devices and untagged for the WAN port.

VLAN2 is used for connecting AREDN radios device to device on one switch. You need multiple VLAN 2 tagged ports to connect different radios such as ones on different frequencies. Custom untagged VLAN ports are used to create the LAN relationships among the AREDN radio DHCP server and its clients.
VLAN1 and 2 rules are hard coded into AREDN firmware and can't be reassigned.
(Jason and I spoke about this, and he may have a managed switch model which doesn't allow tagged VLAN1 ports.)

Take a look at the list of switch configurations on the pages and documentation. Use their forum search to get info or post questions.
We have had good luck with the NetGear ProSafe GS105e and GS108e switches. Some Ubiquiti and Cisco switch models work, too.
The Mikrotik  hAP ac lite is a five port managed switch with PoE and wireless AP functions which requires no programming and offers good performance if you are installing a single mesh device such as a NanoStation and network LAN devices such as a mesh phone, camera, or Raspberry Pi.

2) Jason's next question was that NSM5 Main and Secondary Ports are different, yes.
You plug the main port cable into the PoE injector. The secondary port has passive 24v PoE function and is VLAN2, so another AREDN radio or 24volt IP Camera can be installed-you connect it by short jumper to the next device.
It is good practice to disable the DHCP server on a secondary device, as the NSM5 will be the DHCP in this setting.

3) We will install you first as a tunnel client, not a server, though both packages are available once connected to WAN. One of our mesh server people will give you an account, password and address.
Other messages here discuss tunnels which are used in special cases to allow mesh use and training when no RF connection is available, only WiFi or ethernet. Any 64MB AREDN device can be a tunnel client, but the hAP AC lite or the GL-iNet travel routers are recommended because of built in VLAN capability.
We always prefer that the goal of any station should be a RF connection to the mesh. If you cannot get signal at your QTH, consider building a Go-Kit and deploying to an open area with a good signal using battery power.
But, as a reminder, if you are asked to deploy to a location without a good RF signal, your tunnel device and switch can be connected to an available WAN to connect to the mesh.

Good questions; thanks,

-Brett, KG7GDB