All, I've hit a bit of a problem with a customer. We are trying to set up a new store wireless architecture using RFS7000s in the core and dependant AP5131's in the stores. The stores have two VLANs, a voice VLAN (4) which is tagged and the same across the estate, and a data VLAN which is untagged and is different for every store. Historically with the WS5100, the HHTs went into a WLAN mapped to the store specific data VLAN and their Spectralink phones went into a WLAN mapped into the estate wide voice VLAN. On the RFS7000 we have set up both these WLANs, we have mapped the voice into VLAN 4, and the data into the local VLAN in the core, but again its untagged. When we bring an AP5131 up on the remote store network with a local static IP address it is seen on the switch and goes into the list of unadopted APs (we have set manual AP adoption). When we adopt the AP, it appears as adopted briefly then disappears off net again and is not pingable or reachable. On checking the console the LAN 1 settings have changed from trunking disabled and native VLAN untagged, to trunking enabled and the native VLAN is tagged. Any time we change them back the switch resets them. I don't know if we are trying to do something that is never going to work or if we have just missed something in the config, but if we could just get the AP to retain the tagging and / or trunking settings it would work fine. Does anyone have any ideas? BTW we have upgraded the switch from 4.2.0 to 4.2.1, and the APs from 2.4.0 to 2.4.1 and still no joy. Thanks IJ
Dependant AP5131 - multiple store VLANs// Expert user has replied. |
7 Replies
Guys, Thanks for the detail, I will get this tested with the customer and let you know how we get on. IJ
Okay so that hasn't don't the job. The APs now all adopt fine but we can't seem to get over the problem of the WLAN being associated to the wrong VLAN so clients will associate but none of the traffic is being passed. Can anyone help at all?? I really need a adaptive AP solution for multiple sites with different VLANs, surely this can't be a gaping great hole in our Adaptive AP story!!! IJ
Ian, Have you tried adjusting the "aap-lan1-trunking" configuration against the AP-5131's AP index number within the RFS switch? If you don't adjust this value to "untagged" the RFS switch will keep pushing the default value of "tagged"... RFS6000(config-wireless)#ap 1 aap-lan1-trunking enable mgmt-vlan-id 1 native-vla n-id 1 native-tagging untagged
Ian, If you open a support case - they can resolve it quickly for you. This is a configuration problem. You are not configuring AAP on the switch properly. You have ability to define trunking and VLAN on the switch. If you don't do it and change it on the AP - every time AP adopts - switch will change it to default values on the switch for AAP. Alona
Hello Ian, My understanding is that whenever a WLAN is marked as independent, it will automatically trunk (802.1q) LAN 1 on the AAP with tagged/native VLAN 1. If using the UI, on the RFS, under Network/Access Port/Configuration/AP MAC/Edit, you can configure the AAP via the RFS in regards to 802.1q/tagged or untagged/Native and Management VLAN. If using the CLI, from the wireless prompt: ap index aap-lan1-trunking enable mgmt-vlan-id x native-vlan-id x native-tagging taggedoruntagged [enter] The index is the AP index (sh wi ap) and x represents native/management VLAN. The taggedoruntagged must be either tagged or untagged. Any time you modify the AP LAN settings, they will get overwritten by the RFS. All independent WLAN's get mapped to LAN 1 and all extended WLAN's get mapped to LAN 2 on the AAP's. I hope this helps.
I did some testing with independent WLAN's on adaptive AP's. As long as all independent WLAN's are pointed at VLAN 1, the uplink will remain configured as an access port (no tagging). If there are multiple WLAN's pointing at VLAN 1, this still is the case. In many situations, the reason for different WLQAN's is to accomodate different authentivation and encryption. Keep in mind that you can apply ACL's to WLAN's so that even if they are on the same VLAN the users can be subject to different access privledges If you have multiple WLAN's pointed at different VLAN's, the access port will automatically reconfigure itself as an 802.1Q trunk and tag packets.
Thanks Gents,
Some how yesterday we managed to find a combination of configurations that actually worked.
As per the original post we have two VLANs per store. One is the voice VLAN, is VLAN 4 in every location and is tagged on the network. The second is the data VLAN, the VLAN ID is different in every location (taking the format VLAN xxx, where xxx is a unique 3-digit ID per site) and is untagged on the network.
The RFS7000s sit in the core on VLAN 202.
On the RFS7000s we have configured two WLANs, one is mapped to VLAN 4, the other is mapped to VLAN 202.
We then take a box fresh AP5131 and configure the following in the console;
admin, network, LAN> set ip-mode 1 static admin, network, LAN> set ipadr 1 172.30.n.n admin, network, LAN> set mask 1 255.255.255.0 admin, network, LAN> set dgw 1 172.30.n.240
admin, network, LAN, WLAN-mapping> create xxx VLAN_xxx admin, network, LAN, WLAN-mapping> set mgmt-tag xxx admin, network, LAN, WLAN-mapping> set native-tag xxx
admin, system, aap-setup> set auto-discovery enable admin, system, aap-setup> set interface Lan1 admin, system, aap-setup set ipadr 1 172.20.20.242 admin, system, aap-setup set ipadr 2 172.20.20.243
Where xxx is the store specific VLAN ID (e.g. in their test lab we change this to create 990 VLAN_990)
The AP then appears in the unadopted list, and when we adopt it it gets both of the wireless LANs, mapped to VLAN 4 and VLAN 202 as configured on the RFS. However, the store network doesn't know anything about VLAN 202 so just punts everything not in VLAN 4 into its untagged store specific VLAN.
I'm sure we're cheating a bit there, but it seems to work a treat!!
IJ