I need your eyes on my minor project to make sure I don’t totally hose myself in setting up a vlan one of our nodes. Let me prefeace by saying I know cisco/*NIX and have a pretty good grasp on wired networks but I want to make certain that I don’t lock myself out or munge the system in such a way that I need to send up a climber to our hardware, which sadly is 1200 feet up, our weather sucks and it could be a mult-iday outage
The external router, a cisco 3825, and a 3650 switch have been configured for vlans and trunking and they are workin well on the local network. Proper subinterfaces have been created for vlan 5 and the machines are able to do what they need to so. I need to have a remote SM be on the same vlan. For our purposes, the network is too simple. The 3825 has a trunk to our 3560 which in turn goes to our CMM and then the backhaul. The Backhaul talks to the other BH about 5 miles away. Once there, it goes from that BH to the CMM4 then to the specific AP the SM registers on. Lastly, we have the SM itself
Dont scream at me but right now this segment is all on VLAN 1 … i’m working on changing that. For now, its vlan1.
So, and I know this is a big question, what hardware do I need to configure to get VLAN 5 working on this client’s SM? What settings need to be done and, if it matters, which order should it be done in? I really am in the dark as to how to setup VLANs on the SM/AP/CMM. Sorry this is so nebulous but Its late And I’m hoping you all can help me out.
AP’s are easy. Just goto vlan under configuration and set it to enable. I also set dynamic learning to disable. This gives you control over which vlans the ap will pass. Then goto the vlan member ship page and put in all vlans this ap should be a member of, in your case 1 and 5 it sounds like.
Now for the suscribers there is no on or off, but you have a couple different ways of doing this. If the computers or routers on the other end of the SM are already set to vlan 5 all you need to do is add vlan 5 as a member to the SM. This will allow the sm to pass vlan 1 and 5 and then you can do the configuring from the router or computers on the other end.
You can set the default port vid (older software called it “untagged ingress id” to 5. What this will do is receive vlan 5 on the wireless side and send it down the cat5 cable as untagged. this way you don’t need to configure the routers or switches on that end of the link.
Just make sure your management vid’s all stay 1 and you can’t lock your self out.
Very cool. Thank you. I’m still having a problem in that I’m not able to make it to the core router from the SM but I didn’t lock myself out yet, which is good. I’m not eager to tackle our Admin vlan issues but thats coming soon enough.
May I ask about the CMMs? I am pretty sure they in hybrid mode for the connection to the Microwave and to all the APs. Should I set them to switchport mode trunking and then add the appropriate allowed vlans to those ports? I don’t think there is much I can do on a BH … they seem to allow for tagging on the admin vlan but thats as much as I’ve seen.
Backhauls pass everything. Only reason to enable vlan there is if you want the management vlan to be something other than 1. The CMM’s I leave alone also. There may be a better way to set them up but to acheive what you want you can leave them in their default config. It works for us. If there is a better way I’m sure someone else will chime in.
I know the CMM Micros use what they call port-based VLANing. Aside from the management VID they have no concept of 802.1q. I have no idea about CMM4s as they use a Moxa or EtherWan switch internally so the only place to check would be the manual I think.
You will need to give a bit of consideration to VLAN 1. Cisco gear uses 1 as the default VLAN and it is normally untagged on all trunk ports. Key protocols like CDP, STP, VTP, etc live here. If you’re going to set your Canopy gear to use VLAN 1 for management they will be looking for tagged frames - to get around this you can either set the native VLAN to something made up (VLAN 999 etc) or, some IOS versions have a command like “switchport trunk native vlan tagged”. This will force an 802.1q header on your management traffic going out that interface.
I configured VLAN -999 into AP & SM.When I am trying to login both the device then it is not responding.Can anybody advice me how to login in this conditions.