Reply
New Member
Posts: 15
Registered: ‎03-30-2011
Accepted Solution

VLANS, Tagged Frames, trunk port, Switch Config

I am a bit slower than the average bear, therefore it took me a bit of research to figure out how to properly configure trunk ports to allow for multiple wireless networks (on seperate vlans) and still be able to allow the controller to communicate with the access points.

To begin, I needed two networks:
1)CPCSC-WIFI --WPA secured for school owned devices only
2)CPCSC-BYOD -- Open network on a fully secured VLAN for all the things teachers and students drag into the environment.

I found that if I configured the Cisco switch port to be a trunk port, I could have two functioning wireless networks, but the wireless controller could no longer communicate with the access point.

In order to work, a wireless network (whether you are using it wirelessly or not) needs to be configured as UNTAGGED (no vlan--or more precisely on the native vlan). In my example I made this the CPCSC-WIFI network for school owned equipment.

The open wireless network (secured on the backside by the L3 switch) then is a tagged VLAN.

The trick, you need to remember to set the native VLAN on the trunk if you plan on using a VLAN other than the default which is VLAN 1 (untagged vlan).

Here is the config of my switch port:


Now here is the setup inside the UNIFI controller:


Here is the UNIFI config for the WPA Secured (untagged) network (which is also the native vlan of the wired controller):


Here is the UNIFI config for the Open (VLAN Tagged) network:


I hope this makes some form of sense to everyone and perhaps helps someone avoid a few hours of beating their head against a wall wondering why the controller can not reach the access point.

Jim

Also, I just picked up the Sprint dual screen (Kyocera Echo) phone.....Wow....what a hunk of junk! I'm going back to my good old trustworthy EVO.

Accepted Solutions
New Member
Posts: 1
Registered: ‎09-30-2011
Solutions: 1

Saved my day!

Thanks a lot for this tip.

You saved my day. I owe you a beerIcon Exclaim

View solution in original post


All Replies
New Member
Posts: 1
Registered: ‎09-30-2011
Solutions: 1

Saved my day!

Thanks a lot for this tip.

You saved my day. I owe you a beerIcon Exclaim
Regular Member
Posts: 472
Registered: ‎02-17-2011
Kudos: 327
Solutions: 15

Re: VLANS, Tagged Frames, trunk port, Switch Config


Also, I just picked up the Sprint dual screen (Kyocera Echo) phone.....Wow....what a hunk of junk! I'm going back to my good old trustworthy EVO.


I am enjoying the EVO 3D. It was a good upgrade to the original EVO 4G. Setting aside the 3D which is a gimmick it is a great phone. I specifically enjoy:

1. Double the memory (RAM)
2. Double the processing power
3. Better resolution and sense 3.0

This all adds up to the phone being faster than the 4G (which was fast). It seems to run liquid smooth at all times. While the 4G at times would get a little sluggish.
Tyler Shield

Caymanwireless
UBNT Reseller
www.caymanwireless.com
Emerging Member
Posts: 53
Registered: ‎09-13-2011
Kudos: 2

Re: VLANS, Tagged Frames, trunk port, Switch Config

Cisco sample config:

vlan 94 = Guest
vlan 96 = Corporate Network
vlan 203 = AP management vlan

Also added spanning-tree portfast trunk so I dont have to wait ages for it to come up.

interface GigabitEthernet0/11
description AP
switchport trunk native vlan 203
switchport trunk allowed vlan 94,96,203
switchport mode trunk
spanning-tree portfast trunk
end
Member
Posts: 113
Registered: ‎07-08-2008
Kudos: 3

Re: VLANS, Tagged Frames, trunk port, Switch Config

I have my interface configured exactly like this (aside from different vlan numbers) and I can only get an IP on an untagged SSID...
Any SSIDs that have a vlan tagged on them associates no problem but I can't get any DHCP to work.
Did anyone run into this?
Regular Member
Posts: 463
Registered: ‎02-22-2011
Kudos: 47

Re: VLANS, Tagged Frames, trunk port, Switch Config

I have my interface configured exactly like this (aside from different vlan numbers) and I can only get an IP on an untagged SSID...
Any SSIDs that have a vlan tagged on them associates no problem but I can't get any DHCP to work.
Did anyone run into this?

Each vlan needs its own, DHCP scope, DHCP server, or a DHCP helper set in the Cisco.
Each vlan is effectively a completely independent layer 2 network.
New Member
Posts: 1
Registered: ‎11-09-2014

Re: VLANS, Tagged Frames, trunk port, Switch Config

Can you please send me the screenshot on unifi controller for AP management (untagged traffic)

New Member
Posts: 1
Registered: ‎02-21-2015
Kudos: 1

Re: VLANS, Tagged Frames, trunk port, Switch Config

First you should create the VLANS, corresponding ip addresses and ip helper address (DHSCP server address) in the core switch. Then configure all the ports which are connected the APs, as trunk port with native VLAN (controller and APs should be in same native VLAN), create DHCP scope in DHCP server. Create the WLANs (SSIDs) in the controller and map each SSIDs to appropriate VLANs.

Emerging Member
Posts: 80
Registered: ‎04-07-2015
Kudos: 24
Solutions: 1

Re: VLANS, Tagged Frames, trunk port, Switch Config

And how to do this on EdgeSwitch.

 

What is the command on the edgeswitch for the following cisco command: switchport trunk native vlan 203

 

Or is this not possible?

Reply