VLAN configuration

jbrumme · January 30, 2007, 8:06pm

Hello everyone…I’m new to the whole VLANing with Canopy so hopefully can anyone help me? I have two VLANS (1 our internal lan and 120 our external lan). I have the port where the AP is plugged into configured as VLAN ID 1 Tagged and VLAN ID 120 untagged. I have a remote office that I have connected using an SM and I’m trying to get both VLANS to that office. At the remote office I have the port where the SM is plugged into configured as VLAN ID 1 Tagged and VLAN ID 120 untagged. Then I have 8 ports untagged for VLAN ID 1 and 4 port untagged for VLAN ID 120. When I plug my laptop in for DHCP on the first 8 ports where I should have my internal network, I don’t get anything! All I want to do is use the SM as a bridge. Can anyone help? Thanks a million, Jay

Sterling · January 31, 2007, 12:09am

You should be able to Allow All Frame Types at the SM’s and turn on VLAN (keeping your Canopy settings on Dynamic) and it will pass through all the VLANS and dynamically assign them as tagged packets come and go.

If you change any of the other settings or are taggin packets manually at the SM’s then you will have to configure it correctly on both sides.

jbrumme · January 31, 2007, 9:13pm

When I turned on VLAN on the AP and rebooted, I lost my connection to my internal lan at the remote office. With VLAN turned off, I’m able to ping and telnet to a device at the remote office but it will not pass any traffic. What am I doing wrong?

Sterling · January 31, 2007, 10:50pm

Go to the AP and check the dynamic VLAN table to see if your VLAN beyond the SM is showing up (if you have it on Dynamic at the AP).

If it’s not in the list then go to the SM and check ITS dynamic VLAN table to see if it has your devices VLAN (which is connected to it’s ethernet port) and it’s on Dynamic.

If that doesn’t report it then you are on static somewhere or your not allowing tagged VLAN ingress on the SM.

acherman · February 1, 2007, 2:49pm

Jay, I think you are on the right track. As I understand your plan, you want to use the AP-SM link to bridge both VLANs between your sites. And I imagine you would like to have the radios on your internal VLAN (VID 1) as well as your switches (that would make the most sense). I hope that is correct.

First, as Sterling said, you will want to have VLANs on in your AP. You do not need to have Dynamic Leanring on, but for now you can keep it on. I would leave the AP and SM on VID 1 - that means at the SM you have set the Mamanagement VID to 1, and you may as well set the Untagged Ingress VID to 1 as well. Once the radios reboot you should go to the VLAN membership tables and add VID 120 - Dynamic Leanring makes this uncessary but it is good practice to make things static.

Have the turnk ports of your switch (those plugged into the radios) set for VID 1 UNTAGGED - I have had problems in the past trying to get the APs to talk to tagged ports, don’t remember if I was using VID or not. Those same ports should be set for VID 120 EGRESS TAGGED.

Basically, what you had done is correct, but the untagged packets should be VID 1 instead. Good luck.

Aaron

jbrumme · February 1, 2007, 4:53pm

Thanks guys for the replies! I really appreciate it. Acherman, you are correct on what I’m trying to do. I will try what you suggested and see what happens. Once again, I appreciate everyone on this site.

Jay

jbrumme · February 2, 2007, 4:49pm

I re-read what you wrote last night and seen I was mistaken. Actually I am doing exactly what you are saying, except I want VID 1 ONLY for my Internal LAN and continue using the VID 120 as my external which is what the AP and everyone else connected to that AP is on and using. Hopes this makes sense? I think what I need to do is this, changed the Management VID to 120 and the Untagged Egress as VID 120. Then continue with Tagging VID 1 and Untagging VID 120 on the switches. I believe this will still enable everyone on that AP to continue to surf, I’m still able to see the AP and everyone registrered to the AP. I have to keep VID 1 as my internal so I can’t change that. Please correct me if I’m mistaken.

Thanks again,
Jay

acherman · February 2, 2007, 8:14pm

I think you just confused me. haha :lol:

So which VLAN is all of your management equipment on? ie. do you access your AP and switches from your LAN or your management subnet, or from your customer subnet?

Aaron

jbrumme · February 6, 2007, 1:31pm

Our switches are accessed via our Management VID 1 and our AP’s and SM’s are accessed via VID 120. Make sense? Thanks again for your help on this! It’s driving me insane!

acherman · February 6, 2007, 3:14pm

I had to read this all over again - I got lost. haha :?

Okay, so… you have a managed switch that has two networks on it - VID 1 and VID 120. You also have an AP connected that talks to subscribers and a remote office via an SM. You would like both VLANs accessible at the remote office (another managed switch, I assume). The switches and Internal network are on VID 1 - the AP and SMs are on VID 120.

Your AP will need it’s management VID set to 120, add VID 1 to the memebership list. Your remote office SM will need it’s management VID set to 120, untagged ingress set to 120, VID 1 added to the memebership list.

Your switches will need to have their management VID set to 1 (should be done by default). Then you will need the trunk ports set for VID 1 tagged and VID 120 untagged.

I’m not sure it this makes sense anymore - I think I need to draw a picture. I like pretty pictures…

Aaron

jbrumme · February 14, 2007, 1:52pm

Okay! Thanks again for all your help. I did exactly all that and it worked perfect! GOD, I didn’t think this would be that difficult but I sure made it out to be that way. I think I finally understand how the VLAN’s work on the Canopy System.

Thanks again!
Jay

acherman · February 14, 2007, 10:22pm

Good work. I’m glad it worked out for you. Thanks for the “thanks”. 8)

Aaron