vlan running across the wireless network

has anyone successfully got vlans to work across the SM? looking for assistance, either shoot me a PM or reply. i would serioulsy appreciate it

yes… its simple… what are you trying to do ?

i have a public side for customers, then i have remote sites i want to connect that are on different access points. i do not want them to interfere with our public side. i noticed the SMs and APs have vlan options but when i tried to set vlan ids the wouldnt stay. if you have a guide on how to set them up, would you mind emailing it to me?

switch on Dynamic learning on AP’s.


On the SM that you need to act on one network you need to change the VID to the same across them, e.g if you have a customer which has 4 locations with SM on 4 different AP’s then go to each SM and change the VLAN to say 221, now only SM’s on that VLAN ID can talk to each other.

If you want those SM’s to have access to the Internet, then add the same VID to the Router port on your edge switch.

Jerry the problem in doing this is that you need to make sure they are not using a conflicting IP Address scheme.

you may have two customers using 192.168.10.0/24 network, and they both want internet, in this case you can’t add both VLAN to the switch on the same addressing sheme.

We used to deal with this by installing a second sm at one of their sites and then all their internet will go through that connection.

However now we use VRF technology that allows us to have same IP addressing schemes running on the interfaces, we use the 2811 router to do this.

good to know, thanks

Jerry,

If your NOC is fed by a Canopy backhaul from your AP’s, does the switch port that the BHS terminates into have to be on the same VID as well? I think I remember asking Moto Tech Support the same question and they said the BH’s will transparently pass the tagged packets.

So to me that means a tagged packet from an SM will traverse down the backhaul link, hit the edge switch port, and from there the only ports that would need to be on the VIDs would be the router port, server ports, etc.

yes the BH will pass all tagged packets, it acts like a trubk line, hence the port on the switch it plugs into noots to configured as a trubk port

then depending on what you need to do, you will either configure an ethernet port on the desired vlan, or create a vlan interface inside the switch

yes the BH will pass all tagged packets, it acts like a trubk line, hence the port on the switch it plugs into noots to configured as a trubk port


Not to be smart but is the word "noots" supposed to be "needs"?

lol… that was late at night… .you can tell… their are spelling mistakes galore in that one…

yes noods = needs
trubk = trunk

I am going to use my 5.2 GHz demo kit and play around with the VLAN features. I have (1) AM and (2) SM’s. I am going to plug the AP directly into my edge switch and stage the system like that. If the backhauls will transparently pass the VLAN tagged packets, then I should have a pretty good emulation.

I read the manual on the DES-3226 last night. The way the switch is configured by default is by having all ports on the DEFAULT-VLAN, which is VID of 1. But it gets into the differences between VIDs and PVIDs which sort of gets confusing. From what I read, a PVID is only used internally. If a packet arrives at the switch untagged, it will tag the packet with whatever PVID is configured on that port. But, a PVID usually directly references a VID.

The other thing that switch does is decides whether or not a port is tagged or untagged. By default, all ports are members of VID#1 and all ports are set to untagged. The manual says that if a packet flows into or out of the switch and that port is set as untagged, if any VID is present in the Ethernet frame, it will strip it.

To me, that means if I set an SM to tag a packet, no other SM’s will see that data (well the SM’s will see the data, but not process it and forward it down the Ethernet interface) but once it gets back to my edge switch (BHS plugged into Port #1) Port #1 should strip the VID in the Frame that was added by the SM. This should then allow the data to be switched to whatever port is necessary. Those ports could be the uplink to the Cisco, or to the two DNS Servers.

If I am correct, the SM’s will do their job in isolating traffic amoungst themselves, but when the traffic gets to the NOC and needs to go out to the Internet it should be able to without any switch configuration.

I guess we will see what happens. I am going to start to play now.

mmm… if you use one AP and 2 SM, put the SM on the same VID then that traffic will never need to go to the switch…

what you need to do is put the 2 SM on VID 34 (eg)
then plug the AP into the switch make that port a trunk port
get another port make that a vlan access port on vlan 34
now you should be able to talk to the machines attached to the 2 SM and that vlan 34 port on the switch

you could plug in a router to that vlan 34 port, give it an ip address and then use that IP as a gateway to the machines connected to those SM


now take one of the SM and move to vlan 33, if you have it correctly configured this machine should no longer be able to get to its gateway

Yeah, it didnt work. I understand Cisco’s terminology when they refer to configuring a port as a trunked port. Problem is that I don’t know if D-Link supports setting a port as trunked. If they do, their terminology is different.

Even if I got all of this setup correctly, the next problem would become management. If I set up each SM to be on their own VLANS, and I keep their Management VID at (1), then I can only access them via the APs thru LUIDs. If I go to a customer site I won’t be able to access the SM unless I buy an Ethernet Card capable of tagging packets.

And, if the VID of all the AP’s is 1, I can only get into them from the switch at the CMM from the site. I have routes setup right now that allow me to get to the AP’s from anywhere on the wireless network. If I start setting up SM’s to tag packets, what they tag them with will not match what the management interface of the SM is expecting.

Confused…

do they have an uplink port ?

the problem with the management is pain.

All our BH/AP and NAT enabled SM’s sit on MVID 1 using 169 address
All our NAT disabled SM’s sit on MVID 3 using the 172.16 address

So now if you need to access the SM directly you use the 172.16 address the switch routing (L3 switch) will tag the packet with VID3 and send it on to the RF network

The problem will remain of getting access to the SM from the customer site… you can get around the problem of access the AP by routing

I was just told by a friend that 8.0 will have a feature that prevents SM’s from “hearing” other SM traffic. Same thing as VLANs I would suspect?

Maybe I will just wait for that…

Is that in NAT disabled mode ?

that sounds very interesting… more promises on 8.0

If that is the case it would save a lot of trouble…heh

Unfortunately I do not have any details. I was just told that it would be a feature.

I guess we shall wait and see.

the configuration source in the coniguration section must be switched to SM before vlans will ever work. we’ve had ours set to BAM. now everythign that u guys have said about setting up a vlan…works!

canopy software version 7.3.6