Unsolved
This post is more than 5 years old
4 Posts
0
23999
July 1st, 2004 20:00
Setting up VLANs with Powerconnect switches with VLAN capable wireless APs, and Cisco 2621 router
I'm having trouble getting my VLANs set up. We've got a bunch
of Proxim AP-4000 wireless access points that can insert VLAN tags
based on the wireless network (SSID) that you are connected to.
I have a PowerConnect 6024 core switch with several 3324s hanging off of it.
The access points are plugged into the PowerConnect 3324s.
I set up two VLANs on each wireless access point: "Office" (VLAN 10) and "Factory" (VLAN 11)
I then added the VLANs to the VLAN database on all of the switches
and set up the AP ports on the Powerconnect 3324s like so:
I then configured the ports on each end of each 3324 to 6024 uplinks
and the port which links the 6024 to our router:
and I added two subinterfaces to my Cisco router so that
I can route between the VLANs, control access, etc.
It's not working quite right and I'm not sure where to go from here.
My wireless devices on the 3324 switches cannot communicate with devices that are on different switches (not
even a management address assigned to the VLAN on another switch).
However, if I hook an AP up to a configured port (mode general) on the 6024 then wireless clients
are able to reach the router and get out to the rest of the network.
Did I screw up the configuration on the 6024 to 3324 uplink ports?
of Proxim AP-4000 wireless access points that can insert VLAN tags
based on the wireless network (SSID) that you are connected to.
I have a PowerConnect 6024 core switch with several 3324s hanging off of it.
The access points are plugged into the PowerConnect 3324s.
I set up two VLANs on each wireless access point: "Office" (VLAN 10) and "Factory" (VLAN 11)
I then added the VLANs to the VLAN database on all of the switches
and set up the AP ports on the Powerconnect 3324s like so:
switchport mode general
switchport general allowed vlan add 10
switchport general allowed vlan add 11
I then configured the ports on each end of each 3324 to 6024 uplinks
and the port which links the 6024 to our router:
switchport mode trunk
switchport trunk allowed vlan add 10
switchport trunk allowed vlan add 11
and I added two subinterfaces to my Cisco router so that
I can route between the VLANs, control access, etc.
interface FastEthernet0/1.1
encapsulation dot1q 10
ip address 172.16.4.1 255.255.252.0
interface FastEthernet0/1.2
encapsulation dot1q 11
ip address 172.16.5.1 255.255.252.0
It's not working quite right and I'm not sure where to go from here.
My wireless devices on the 3324 switches cannot communicate with devices that are on different switches (not
even a management address assigned to the VLAN on another switch).
However, if I hook an AP up to a configured port (mode general) on the 6024 then wireless clients
are able to reach the router and get out to the rest of the network.
Did I screw up the configuration on the 6024 to 3324 uplink ports?
No Events found!
caseyf
4 Posts
0
July 1st, 2004 20:00
for the Cisco config (my VLAN subnets were overlapping)
caseyf
4 Posts
0
July 1st, 2004 20:00
GregG1
2 Intern
•
812 Posts
0
July 2nd, 2004 10:00
It looks like the problem you are having is most likely related to the VLAN configuration on the AP ports of the 3300 switches. If the APs support 802.1q frame tagging, you should configure the AP ports as trunks just like the uplinks between the 3300 and 6024. The general mode configuration you made simply specifies the port as untagged on VLANs 10 and 11. A port that is untagged, still only has only one native VLAN (or PVID). This PVID is the ingress filter, so you will only be able to accept inbound traffic from one VLAN. In this example, I do not see a command for "switchport general pvid " so the PVID is still set to 1.
Unless you trunk the uplink to the AP, you will not be able to pass both VLAN 10 & 11 traffic across the link.
caseyf
4 Posts
0
July 2nd, 2004 12:00
I'll have to learn more about VLANs. I misunderstood the general mode and now I'm not sure when
I would use it. Setting up a port in general mode and giving it a PVID makes sense, but when would
it be useful to add allowed VLANs to a general mode port?
GregG1
2 Intern
•
812 Posts
0
July 2nd, 2004 15:00
General mode is typically used in port-overlapping scenarios. Port-overlapping is used when you have two VLANs that need to talk to a shared resource (like a server) but no router to route between the VLANs. You can untag the general mode port on multiple VLANs and create a 3rd VLAN for the shared source. This stretches the boundary of the IEEE 802.1q specification and is not very secure, but allows a SOHO solution for segmenting clients.
General mode is also used in rare scenarios in which you want to untag a port for some VLANs, but tag the port on other VLANs.