Epmp 1000 and data vlan problem

jcpacc · July 18, 2024, 7:12am

Hi all,

Some info first (hope my diagram makes sense, if you need more info let me know):

2 x epmp 1000 in bridge mode - 4.6.1
Network Management vlan 49

Network diagram:

router with vlans 49 and 61 - 192.168.61.1
  |
  V
epmp master - management vlan 49
  l
  V
epmp slave - management vlan 49 - data vlan 61
  I
  V
device that is vlan unaware - IP 192.168.61.11 with gateway 192.168.61.1

With this configuration, the epmp slave can successfully ping 192.168.61.1 (and vice versa), however there is no traffic to/from the device connected to the slave epmp ethernet port.

Do I have it correct that the slave epmp just has data vlan 61 specified, and any vlan unaware device can connect through it on the 192.168.61 subnet?

thanks

jc

EDIT: the vlan unaware device is connected through the POE adaptor that powers the slave.

I have a working configuration by having the epmp’s on their own vlan (management and data vlan disabled) with a router at the slave end. Seeing as there is only one device at the slave end the router is a bit overkill so I wanted to remove it.

aka · July 18, 2024, 12:12pm

Hello @jcpacc,

your design looks right. You just have to enable data vlan on slave.
I suggest you to upgrade your radios to the latest stable 4.8.1 and check.
Then post here Configuration >> Network page if the issue is still there.

jcpacc · August 1, 2024, 4:50am

Hey @aka sorry for not getting back sooner.

The issue ended up being with a L2 switch that was between the router and the epmp master. They are Cisco and have VTP running, but that switch was failing to update its VTP database so didn’t have the relevant VLAN’s! Silly oversight.

I do however have another issue with a separate system (same model AP’s).
We have a management vlan 192 and data vlan 60. epmp’s in bridge mode.

cisco switch (L2) - trunk port all vlans allowed
  |
  V
epmp master - management vlan 192
  |
  V
epmp slave - management vlan 192 - membership vlans 60 and 192
  |
  V
Ubiquiti edgeswitch - trunk port (all vlans allowed) - management vlan 192

After configuring this, from the Cisco side I can see both epmp’s but not the edgeswitch on its management IP (or anything else on that switch, the other ports are access vlan 60). The edgeswitch cannot see the epmp’s or anything beyond.

Does anything look off with this config? I tried disabling the management vlan option on both AP’s in case it was preventing traffic tagged 192 from passing through, although traffic tagged 60 couldn’t seem to pass either.

thanks

jc

aka · August 1, 2024, 12:15pm

Hello @jcpacc,

I’m glad to see you are moving forward with Cambium radios!

Try to set Management Vlan Access to Ethernet and Wireless on GUI >> Configuration >> Network page of the Slave:

This is a security feature to prevent end users to access management networks.