Hello,
I have my ap set up and am wondering about a few things on the subscriber module setup.
Does the AP “Bridge the trunk” from the switchport, aka it sends data as “virtual cable”
Does the SM receive this full trunk?
Does the SM’s ethernet port bridge with the radio.
The scenario I want is
1 vlan untagged for mgmt
1 vlan tagged for Client
1 vlan for static public ips.
Would I just define these on the AP and SM?
Hello @Michael_DeCota ,
The AP bridges all the vlan, that is the same thing with SM by default up to the client router or switch.
Find my answers in lines to your questions:
Point 2 and 3 might be misleading. You need to define well your needs.
Would you provide a small drawing of what you want to achieve?
Sincerely yours,
Niragira Olympe
Thanks Olympe,
I am hoping to tag the management actually, its just in testing right now.
I will provide a drawing
My main question is, on the subscriber end, does that port act as a trunk and if plugged into a switch, willl it trunk the connection?
Hello Mr. @Michael_DeCota ,
sure the port of the SM acts as a trunk port and allow all the VLANs to go through up to the swich or router.
Sincerely yours,
Niragira Olympe
Olympe,
I have my ap with a subscriber connected. for testing i have set the management vlan on both to be 1.
I set the lan1 interface of the sm in the same subnet as my ap, AP is 172.19.40.10, sm is 172.19.40.20, I cannot reach the SM from my management server, or cnmaestro, but I can reach the AP.
Im wondering what I must do in this situation.
If I understand you correct you have the SM in bridge mode, management port for both the AP and SM is vlan 1 (bad idea but will work).
By default, the SM port is a trunk port and will have to have a vlan aware network card with vlan enabled to properly connect through the AP. You will be able to connect to the AP management web site from the SM without a vlan aware network card but thats a foible of vlan 1 not the equipment.
CnMaestro (local server) by default is not set to use a vlan and will need to be on a trunk port of a vlan aware switch. Cloud CnMaestro requires special network setup to work with your network unless you use public IPs on the management interfaces.
More information about your system is needed to help here
The SM is in the mode it came out of the box, assuming that is bridge. On my switch at the tower I have the following vlans
1 temp mgmt (changing to 3400)
1900 Public
1728 User
On switch this is trunk with 1 being native, going to the AP.
The AP’s Lan1 IP is 172.19.40.10
The SM’s Lan1 IP is 172.19.40.20
Both Mgmt VID is set to 1
From the remote side I have CBRS authorization for the SM
However I can not https to 172.29.40.20, I can to 172.29.40.10
Check 40.20 config and enable https under the system tab, its http only by default.
I suggest you convert away from your native vlan 1 management setting before you try to fix any vlan issues. Vlan 1 is basically treated as untagged regardless and this can cause troubles. You can leave it as the native vlan on your switches as then any untagged packets will automatically flow into vlan 1 which you can prohibit from egressing your network. Spanning tree and lldp and cdp all run on vlan 1 so dont disable it, just dont use it.
Factory default is no vlans and bridged. So to make the SM ethernet port a trunk port, do not enter any data vlans. This list is a access list and only specified vlans will pass with all others (including vlan1 if not specified) being rejected.
I have the 4 vlans Id like selected.
I tried http as well and I cannot get to the device. I’m not sure if im doing something incorrectly on the sm side.
SO with the 4 vlans in the vlan list only those 4 will pass?
Hello,
So I found nat mode, which is what I want for clients, i set the the wan IP to be on the same subnet, and still cannot reach it. The AP has a session to this SM
First, yes only the vlans in the vlan list in bridged mode will pass to/from the SM ethernet port. Management vlan is only accessible from the AP side unless you add the vlan to the list and use a vlan aware device on the SM ethernet port.
Second, Nat mode is like router mode with IP masquerading (like a home wifi router). To setup nat mode, you need to setup a few things: management vlan, data vlan, if your not using dhcp (for whatever reason) then you must setup your management IP and your device IP. We use dhcp for both on separate vlans to hand out different ranges to each vlan. One thing you must make sure of is that you do not use 192.168.x.x on the data vlan, that is on the client side of the SM and will not work correctly. Use 10.1.x.x. on the data vlan and 172.16.x.x for management (for testing of course, use real IPs for the data vlan unless you plan a CGN setup, then you need to use the 100.x.x.x addresses for that purpose)
Your switch must be setup as all ports trunked and cnMaestro needs to be told which vlan it is to use, set it to your management vlan. In the AP set the cnMaestro address and key, then select the zero touch option to enabled. This will force the SM to use the same cnMaestro as the AP.
Thanks Doug,
Also, i am unable to access this sm by LUID from AP, is there something with that I need to do?
Sorry for all the questions, this is the first Cambium deploy, and its much different from ubnt
I gained remote access by making the management vlan tagged on each end.
Hello Mr. @Michael_DeCota ,
I am happy that it worked and got assistance from the community. Let me know if you need any further assistance on the coverage, planning, deployment of the PMP 450 family radios.
Sincerely yours,
Niragira Olympe
Doug was kind enough to give a run down over the phone on some Cambium Gotcha’s
My main issue was keeping the MGMT and WAN IP the same address. I switched wan to a new vlan, also in a different classful subnet, and everything works
Sorry to the forum for taking it private, but sometimes its better to do a 1:1 in real time to solve an issue and report back.
As Michael stated it was some config settings issues going from no vlans to vlans setup and the issues with the same hard set IP address on both sides of NAT. Mostly, I translated the settings into Cisco speak as that is what both Michael and I both understand outside of Cambium which sometimes makes things easier to understand, though I have had that make things harder as well.
We also discussed the particular link usage and the setup need to make it functional for the needs of the client which is private information and will not be shared.