It looks like the problem you are having is most likely related to the VLAN configuration on the AP ports of the 3300 switches. If the APs support 802.1q frame tagging, you should configure the AP ports as trunks just like the uplinks between the 3300 and 6024. The general mode configuration you made simply specifies the port as untagged on VLANs 10 and 11. A port that is untagged, still only has only one native VLAN (or PVID). This PVID is the ingress filter, so you will only be able to accept inbound traffic from one VLAN. In this example, I do not see a command for "switchport general pvid " so the PVID is still set to 1.
Unless you trunk the uplink to the AP, you will not be able to pass both VLAN 10 & 11 traffic across the link.
Thanks - I configured my access point ports as trunks and everything is working properly now.
I'll have to learn more about VLANs. I misunderstood the general mode and now I'm not sure when
I would use it. Setting up a port in general mode and giving it a PVID makes sense, but when would
it be useful to add allowed VLANs to a general mode port?
General mode is typically used in port-overlapping scenarios. Port-overlapping is used when you have two VLANs that need to talk to a shared resource (like a server) but no router to route between the VLANs. You can untag the general mode port on multiple VLANs and create a 3rd VLAN for the shared source. This stretches the boundary of the IEEE 802.1q specification and is not very secure, but allows a SOHO solution for segmenting clients.
General mode is also used in rare scenarios in which you want to untag a port for some VLANs, but tag the port on other VLANs.
caseyf
4 Posts
0
July 1st, 2004 20:00
for the Cisco config (my VLAN subnets were overlapping)
caseyf
4 Posts
0
July 1st, 2004 20:00
GregG1
2 Intern
•
812 Posts
0
July 2nd, 2004 10:00
It looks like the problem you are having is most likely related to the VLAN configuration on the AP ports of the 3300 switches. If the APs support 802.1q frame tagging, you should configure the AP ports as trunks just like the uplinks between the 3300 and 6024. The general mode configuration you made simply specifies the port as untagged on VLANs 10 and 11. A port that is untagged, still only has only one native VLAN (or PVID). This PVID is the ingress filter, so you will only be able to accept inbound traffic from one VLAN. In this example, I do not see a command for "switchport general pvid " so the PVID is still set to 1.
Unless you trunk the uplink to the AP, you will not be able to pass both VLAN 10 & 11 traffic across the link.
caseyf
4 Posts
0
July 2nd, 2004 12:00
I'll have to learn more about VLANs. I misunderstood the general mode and now I'm not sure when
I would use it. Setting up a port in general mode and giving it a PVID makes sense, but when would
it be useful to add allowed VLANs to a general mode port?
GregG1
2 Intern
•
812 Posts
0
July 2nd, 2004 15:00
General mode is typically used in port-overlapping scenarios. Port-overlapping is used when you have two VLANs that need to talk to a shared resource (like a server) but no router to route between the VLANs. You can untag the general mode port on multiple VLANs and create a 3rd VLAN for the shared source. This stretches the boundary of the IEEE 802.1q specification and is not very secure, but allows a SOHO solution for segmenting clients.
General mode is also used in rare scenarios in which you want to untag a port for some VLANs, but tag the port on other VLANs.