Hello people,
I’m using e410’s with cnMastro. I have set up an L2TP tunnel on each AP, that tunnel transports a VLAN (say, 114) for SSID trafic. All is working fine for that part, end-users connect to Wifi, are pushed in VLAN 114 and get an IP from my DHCP-server at the other end of the tunnel.
Problem is, access points are inside customer’s network with private IPs behind firewall so i do not have direct GUI access. I want to set up a new VLAN (say, 100), also transported by the L2TP tunnel, just for admin purposes. But it looks like the “VLAN via tunnel” feature is only available with WLANs. How can i set up this?
You can create another wlan in tunnel mode, map to vlan 100. Enable tunnel mode on the wlan.
Then create a vlan interface “vlan 100” and enable dhcp client on the interface.
The vlan 100 interface will get ip address from the l2tp concentrator. Then you can connect to that ip address.
Hello Vijay
Thanks for your answer. I’ve tried that without success. Created a hidden “maintenance” SSID mapped to VLAN 100 and using the same L2TP tunnel.
If I connect a wireless client to this SSID, the clients gets an IP (10.218.5.0/24 range), but the AP itself is still unreachable, even if I put a static IP on VLAN100 interface. The client can ping the DHCP server and vice versa, but nobody can ping the AP (10.218.5.14) and vice versa.
Here is the config dump
!
management user admin password $crypt$1$blahblah
no management radius-auth
management cambium-remote
management cambium-remote url https://cloud.cambiumnetworks.com
no management cambium-remote validate-server-cert
no management telnet
no management ssh
management ssh idle-timeout 300
management http
management http port 80
no management https
management https port 443
led
lldp
lldp-pba
no poe-out
country-code FR
wpa2-handshake-retry 4 4
wpa2-handshake-timeout 100 500 1000
wpa2-handshake-log-level 4
placement indoor
!
wireless radio 1
no shutdown
channel auto
channel-width 20
channel-list all-channels
data-rate unicast 1b 2b 5.5b 11b 6 9 12 18 24 36 48 54
data-rate non-unicast highest-basic
power auto
no airtime-fairness
antenna-gain 5
beacon-interval 100
off-channel-scan dwell-time 50
auto-rf channel-selection-mode interference
auto-rf interference-diff-threshold 10
auto-rf num-per-samples 40
auto-rf num-nav-samples 40
auto-rf num-congestion-samples 100
auto-rf num-noise-samples 40
auto-rf ocs-scan-interval 6
auto-rf acceptance-per-threshold 30
auto-rf nav-threshold 3000
auto-rf nav-blockout-time 24
auto-rf congestion-threshold 70
auto-rf noise-threshold -70
auto-rf per-channel-switch off
auto-rf nav-channel-switch off
auto-rf congestion-channel-switch off
auto-rf noise-channel-switch off
multicast-to-unicast max-stream 40
multicast-to-unicast max-stream-per-client 25
mesh-xtnded-dev-list
wmm-parameters downstream txoplimit vi 3008
wmm-parameters downstream txoplimit vo 1504
wmm-parameters upstream txoplimit vi 3008
wmm-parameters upstream txoplimit vo 1504
!
wireless radio 2
no shutdown
channel auto
channel-width 20
channel-list prefer-non-dfs
data-rate unicast 6b 9 12b 18 24b 36 48 54
data-rate non-unicast lowest-basic
power auto
no airtime-fairness
antenna-gain 5
beacon-interval 100
off-channel-scan dwell-time 50
auto-rf channel-selection-mode interference
auto-rf interference-diff-threshold 10
auto-rf num-per-samples 40
auto-rf num-nav-samples 40
auto-rf num-congestion-samples 100
auto-rf num-noise-samples 40
auto-rf ocs-scan-interval 6
auto-rf acceptance-per-threshold 30
auto-rf nav-threshold 3000
auto-rf nav-blockout-time 24
auto-rf congestion-threshold 70
auto-rf noise-threshold -70
auto-rf per-channel-switch off
auto-rf nav-channel-switch off
auto-rf congestion-channel-switch off
auto-rf noise-channel-switch off
multicast-to-unicast max-stream 40
multicast-to-unicast max-stream-per-client 25
mesh-xtnded-dev-list
wmm-parameters downstream txoplimit vi 3008
wmm-parameters downstream txoplimit vo 1504
wmm-parameters upstream txoplimit vi 3008
wmm-parameters upstream txoplimit vo 1504
!
wireless wlan 1
ssid WIFI_GRATUIT
no shutdown
vlan 114
security open
band both
dtim-interval 1
max-associated-client 127
client-isolation dynamic
client-isolation dynamic gateway-probe-interval 60
band-steer normal
client-cache cnMaestro
tunnel-mode
network-policy-id 0
mac-authentication policy deny
passpoint interworking access-network-type private
no guest-access
!
wireless wlan 2
ssid MAINTENANCE_ATL
no shutdown
vlan 100
security wpa2-psk
protected-mgmt-frames state optional
protected-mgmt-frames sa-query-retry-time 100
protected-mgmt-frames association-comeback 1
passphrase $crypt$1$blahblah
band 5GHz
hidden-ssid
dtim-interval 1
wpa-group-rekey-interval 3600
max-associated-client 10
tunnel-mode
network-policy-id 0
mac-authentication policy deny
passpoint interworking access-network-type private
no guest-access
!
interface portchannel 1
switchport mode access
switchport access vlan 1
!
interface eth 1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 100-120
speed auto
duplex full
!
interface vlan 1
ip address zeroconf
management-access all
ip dhcp request-option-all
ipv6 request-option-all
ipv6 address autoconfig
ip address dhcp
!
interface vlan 100
management-access all
ipv6 address autoconfig
ip address 10.218.5.14 255.255.255.0
!
ntp server fr.pool.ntp.org
tunnel encapsulation l2tp
!
tunnel l2tp
remote-host x.x.x.x
pmtudisc
tcp-mss 1400
auth CRBAP14 $crypt$blahblah
auth-type mschapv2
!
pppoe server
shutdown
tcp-mss-clamp
management-access
!
ipv6 name-server
!
hostname CRB_AP14
location Carbonne
timezone Europe/Paris
snmp-server
snmp-server read-community $crypt$1$blah
!
wwan
wwan failover-only
!
no wifiperf
!
ip gw-source-precedence static 1
ip gw-source-precedence dhcpc 2
ip gw-source-precedence pppoe 3
ipv6 gw-source-precedence static 1
ipv6 gw-source-precedence auto-config/dhcpc 2
logging syslog 7
!
Hi Noib,
My bad, this will not work.
when we put the WLAN in tunnel mode, the WLAN interface and the tunnel interface both get’s added to the separate bridge-group called br1. However, when we configure the Vlan interface ( L3 interface), it doesn’t get added to the br1 bridge-group, that is why AP generated traffic is not put on the tunnel but the traffic coming from the wireless client user is directly put on the l2tp tunnel.
As you said earlier that you wanted to Access the AP UI for management purposes. I don’t think it is possible in your case unless you make the AP management vlan routable, however, you can run cli commands remotely from cnMaestro to get the stats directly from Access point.
In cnMaestro, click on device hostname, click on tools > Debug> Advance.
Type the cli command such as
@ vijay_yadav
Yes that is what I figured out. Problem is that the local network is not mine, I can’t make it routable.
I’ll check cnMaestro API, i think I can do some AP management with it.
TY for help anyway.