Sorry....VLAN's......AGAIN!

Hi All

Just starting to implement vlans on our canopy network, can someone give the following a look over and see if I’m working the right way!

I want to divide our network users into 6 different groups so I have a vlan setup of the following

vlan 10 management
vlan 11 priority
vlan 12 business
vlan 13 residentail
vlan 14 hotspots
vlan 15 bandwidth_hogs

Assumptions…

So for each SM I set the ingress VID to the group I want it to be in and also add the group to the SM Membership table?

Then I need to add all the VID’s an AP will be dealing with to the AP’s membership table?

Then for each vlan back at our noc I need to configure our cisco switch so that services for each vlan (i.e. dhcp, gateway, hotspot controller etc) are connected to the correct port on the router that will serve these clients on these vlans?

All our equipment is canopy so I dont need to do anything on the backhauls for this to work?

To monitor the network and remotely access the equipment I need to connect a computer to a port on the switch that is setup under the management VID?

Seems straight forward enough but any points/feedback would be greatly appreciated.

Regards

Mal

All is fine except that you don’t need to add the VLANs to the APs.

Just leave them set to add VLANS dynamically.

Set the SMs NOT to add VLANS dynamically.

Thanks Vanilla

With the management VID if I set it to 10 for example and the SM ingress is set to 12 then I assume I cannot access the SM locally but I can over the radio remotely, if I need to access the SM locally would I need to change the SM management ID to the same as the ingress VID? Or is there a way to access remotely and locally but keep the SM in a different VID?

Regards

Mal

mjcthepilot wrote:
With the management VID if I set it to 10 for example and the SM ingress is set to 12 then I assume I cannot access the SM locally but I can over the radio remotely

Correct unless you have a VLAN aware NIC: http://sector29.com/PRODUCT_PAGES/286/2 ... 1220E.html

Nice one…think that will become part of the field laptop kit!

Cheers Jerry

Hi Guys…

OK I got the vlans running ok, but I seem to have a bit of trouble with the switch. I got a cisco 3548XL-EN and have set up one port for our BH60 radio that brings our canopy network into our noc.

I set up this port as a multi-vlan port as its carrying the vlans from the network and have set all the vlans as allowed.

I have 2 dhcp servers, one to issue public IP’s and one to issue private IP and I want to isolate them on different vlans but it seems that the dhcp’s are available to all vlans and not just the ones they should be.

I set up 5 ports per vlan and the dhcp’s are plugged into the correct ports. The ports are configured as static access, and native vlan set to the same vlan as the port.

So should I be plugging the BH60 into a dumb switch first then a seperate rj45 into the vlan ports and not using a trunk/multi-vlan setup?

Think my eyes have gone square today!

Of I were setting this up I would use the following:

Port 1 - Edge Router
Port 10 - DHCP Pub WAN (Public Routable IP)
Port 11 - DHCP Pub LAN - VLAN12
Port 12 - DHCP Priv WAN (Public routable IP)
Port 13 - DHCP Priv LAN - VLAN13

Etc…

Port 24 - BH60 - Multi VLAN (or Trunk Port)

Is this how you have it set up?

You don’t want to set the ports as multi-vlan. You want to set them as switchport mode trunk so they pass all vlans going through them. Every AP and router should talk to a ‘trunk’ mode port.

Also Cisco switches have this nice feature where you type switch trunk native-vlan XX

So any untagged packets that come in on the switch port get tagged with vlan XX when they go out to other switch ports. We use both of these commands all over on our cisco switches.

set up this way just now

Port 10 - DHCP Public IP VLAN 100
Port 15 - DHCP Private IP VLAN 150
Port 20 - VLAN 200 - Hotspot Controller
Port 48 - Multi VLAN Allowing VLANs 1/100/150/200

VLAN 1 Management VLAN

The DHCP machine is a Linux box with 3 NIC’s and is connected to Port 10 for Public IP issue over eth1 and also connected port 15 for Private IP issue over eth2 and connected to Edge Router via eth0. The Hotspot machine has 2 NIC’s and links to the edge router also.

The BH60 is connected to port 48. The BH60 is our link to our network.

Like this

(forgive my ascII art was never a strong point!)
---- means ethernet link
—> means Wireless link

NOC—BH60M --> BH60S------Switch1 (2 AP’s)-----BH20M --> BH20S-----Switch 2 (2 AP’s)------BH20M --> BH20S --> Switch 3(2 AP’s)

Switch 1,2&3 are mast sites and each have 2 AP’s linking into the switch and feeding back to the BH60.

Please be gentle!!

it sounds like you’re not using VLAN trunking at all. multi-vlan allows you to have untagged packets going to multiple ports which isn’t what you want.

cisco switch trunking snippet:

vtp mode transparent
vlan 51,52
int fastethernet0/1
switch mode trunk
switch trunk encap dot1q (this command is only on older switches)
int fastethernet0/2
switch mode trunk
switch trunk encap dot1q
int fastethernet0/3
switch mode access
switch access vlan 51

etc…


here’s what a cisco trunking config looks like on the router:

interface GigabitEthernet0/1
description Untagged Borish Crap
ip address 192.168.1.5 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.51
description My nigga on vlan 51 (00001-727)
encapsulation dot1Q 51
ip address 204.70.4.1 255.255.255.240
!
interface GigabitEthernet0/1.52
description Blah Blah blan
encapsulation dot1Q 52
ip address 204.70.4.17 255.255.255.240

Just had a thought

I’m testing this using the following config

PC----SM—>AP---->SM-----Cisco Switch----DHCP

Both SM’s are set to VLAN 200 and I can connect to the switch etc, but does the VLAN tagging get removed by the receiving SM? This way when the packets get to the switch in the above config they’ll be untagged and therefore with the multi-vlan port setting and native vlan as 1 they’d be transformed into vlan 1 packets??

Should I be testing in the following way

PC----SM—>AP----Cisco Switch-----DHCP?

Sucess!!

Just in case anyone is interested…it was just as I thought. The test config passing the network through an SM removed the vlan tag so the switch just made it into native vlan traffic.

Now I have my vlans all setup and what a difference in the broadcast chatter…works like a charm.

Thanks for the input guys

Mal

Good for you.
I have a similar setup but my SM is also connected to a cisco switch. The switch has four vlans.
Vlan 2 management
vlan 5 internet
vlan 6 phones
vlan 7 servers

I am using Canopy 5.4 AP/SM with software version 8.2. The problem is I cant seem to get to the servers and phones at times. If I do a ping from the sever vlan the servers start to respond once more.

Does anyone have any idea how to solve this?

mjcthepilot wrote:

Hi All Just starting to implement vlans on our canopy network, can someone give the following a look over and see if I'm working the right way! I want to divide our network users into 6 different groups so I have a vlan setup of the following vlan 10 management vlan 11 priority vlan 12 business vlan 13 residentail vlan 14 hotspots vlan 15 bandwidth_hogs Then for each vlan back at our noc I need to configure our cisco switch so that services for each vlan (i.e. dhcp, gateway, hotspot controller etc) are connected to the correct port on the router that will serve these clients on these vlans? Mal

So all the connection/backhaul is coming back to noc to managed switch.
So I must configure the managed switch?

I must configure i.e: port 1 is for vlan 10, port 2 is for vlan 11, port 3 is for vlan 12, etc...?
What is the next step? must I configure 1 port that accept every vlan that I create and from that specific port will go to our main router?

please help me...

thank you in advance

-mnet

I wish I could help you but I think I would just make things more complicated.

There are a couple of people in here with the skills to get it right on the first try.

I just spoke with mnet via msn… i hope he sorts it out now.

Essentially he needed to configure the vlans that he is using on his network into his 3COM switch and then set all the ports where he connects his CMM and BHs to the 3COM as trunks.

Thank you very much to vanilla n jerry.

" … Essentially he needed to configure the vlans that he is using on his network into his 3COM switch and then set all the ports where he connects his CMM and BHs to the 3COM as trunks…"

I trunked 5 bh’s and 1 cmm, but the vlan still not working. We are using 3com 4500 series.

any 2 cents?

edit: up