VLAN on Canopy for Dummies

I have searched the forums, and found links to guides that no longer exist. I have read the manual pp 169-170, pp 249-252, and pp 282-285. But I am still confused. The VLAN concept is familiar to me: append an ID and devices with the same ID are in the same VLAN. But how does Canopy really work?

• I do not understand the Management ID. What is this, and why do I get locked out locally if this is changed?


• Can the front-end of the SM be on a separate VLAN from the backend (wireless port vs ethernet)?


• I want to be able to get to the user interface locally (a tech support person) and on the admin network. But the tech does not want to carry around a switch capable of VLAN. How do I get around this?


• I want SMs available on the network by admins. This seems possible with a VLAN.


• I want the SMs isolated. While this could be done with VLAN, it sounds like it is easier to use SM isolation on the AP. However, one or two SMs should be able to to get into everyone’s SMs (tech support).


• Almost all the APs are connected via CMMs, but one links to an SM with a sync cable. How would this work?


• I have Redline, Dragonwave, Memorylink, Last Mile Gear, (and something else) products used for backhauls that I want on the VLAN. I do not see VLAN configuration for each of these devices. What are my options (throw them on a switch, can the CMM handle it, etc)?

Thank you for assistance. A link to a good guide would be very helpful. I realize this is all probably basic, but I am not getting how to properly create VLANs that accommodate the ethernet vs wireless ports on these devices.

eanderson wrote:

I have searched the forums, and found links to guides that no longer exist. I have read the manual pp 169-170, pp 249-252, and pp 282-285. But I am still confused. The VLAN concept is familiar to me: append an ID and devices with the same ID are in the same VLAN. But how does Canopy really work? I do not understand the Management ID. What is this, and why do I get locked out locally if this is changed? This is the management vlan. If your not a member of that vlan, you cannot access it. Can the front-end of the SM be on a separate VLAN from the backend (wireless port vs ethernet)? If the sm is not in nat, the wireless and lan are one in the same, when in nat you cannot set a vlan on ethernet side because you have a physical network separation not a virtual I want to be able to get to the user interface locally (a tech support person) and on the admin network. But the tech does not want to carry around a switch capable of VLAN. How do I get around this? Get a notebook with a quality network card that can have a vlan configuration, the intel ve chips for example I want SMs available on the network by admins. This seems possible with a VLAN. This is what the management vlan is for I want the SMs isolated. While this could be done with VLAN, it sounds like it is easier to use SM isolation on the AP. However, one or two SMs should be able to to get into everyone's SMs (tech support). Best done with a router.... configure a subnet at a main switch or router that is also in your management vlan. The subnets must be diffrent so your user will go to the router and back, the cannot dirrecly talk to the sm Almost all the APs are connected via CMMs, but one links to an SM with a sync cable. How would this work? It doesn't I have Redline, Dragonwave, Memorylink, Last Mile Gear, (and something else) products used for backhauls that I want on the VLAN. I do not see VLAN configuration for each of these devices. What are my options (throw them on a switch, can the CMM handle it, etc)? the web interface will only work in vlan0 al they may not pass vlan data... lookat the manufacturers docs.... Thank you for assistance. A link to a good guide would be very helpful. I realize this is all probably basic, but I am not getting how to properly create VLANs that accommodate the ethernet vs wireless ports on these devices.

few more things… this should be posted in genral, or PTMP 100 spot… not feature request section…

Vlans are not required to have a secure network …
we only use port based vlans (port isolation) in our switches and SM isolation and our routers keep the customers public range from accessing the private range our gear in installed on.

all SMs are nated and our techs just log in and do what they need to do, with this said from the point of view of our customers SM,

in reality we have hundreads of customers all routered away from our management network and delivered to a public network

not saying our way is the right way, but using nat on the customer side, ether by SM or a router reduces waste broadcasts, and keeps data much more private (so you don’t have SMB and what not spilling back into the network) port filters can be used to stop this as well.

mgthump wrote:
few more things... this should be posted in genral, or PTMP 100 spot... not feature request section...

I was following the header of suggestions. Plus, when i did searches, a lot of VLAN was here. Sorry for the wrong forum. I am unable to move this post to another forum, but if it goes nowhere, I will repost elsewhere.

I dont think u can delete. This section just doesnt get check by some… the general discussion is the best place to ask for help