Vlans - everybody’s favorite subject. :roll:
My theoretical set up is as follows:
Internet
|
v
Cisco Router 3725
|
v
L3 Managed Switch-------->Authentication Server
|
v
Dummy Switch
|
v
BH Master (SolecTek)
|
v
BH Slave (SolecTek)
|
v
Dummy Switch
|
v
AP------>SM1—>SOHO Wifi Router—>Multiple PCs (Hotspot) - VLAN 10
|
|------->SM2—>SOHO Wifi Router—>PC (Residential Customer) - VLAN 20
Now I realize that the L3 Managed Switch, the AP and the SMs will all have to be configured for VLANs, but what about the other equipment? Will the dummy switches and BHs pass the tagged packets? Do I need to do anything to the Cisco Router if the Managed Switch is handling VLANs?
Set your VLANS Up on your Layer3 Switch, ifyou are using moto backhaul 400 or 600 the VLANS will pass with no configuration. then just set ur AP the the vlan u want.
If you need more details PM me.
No, the backhauls are Solectek, however I don’t think they are a problem. I was more concerned about VLAN configuration in my Cisco router, but I take it (from what you’re saying) that I don’t need to worry about the Cisco router, just the Layer 3 switch. And of course the AP and SMs.
My only concern is, if there is no VLAN aware equipment on the customer side (past the SM) then I would not be able to get to the SM’s interface. Say a tech is at a customer’s house. If there is nothing between the PC and SM that is VLAN aware he can’t get to the web interface. Is this correct? Assuming the Management VID is 1 and Untagged Ingress VID is 10 (for example).
I think I’m missing something in the L3 switch’s configuration. In the lab I have it setup as follows:
Internet
|
|
(port 19) Untagged VID 1
L3 Switch
(port 9) Untagged VID 1, Tagged VID 20 & 30
|
|
AP> SM1 (VID 20)> Laptop1
|
|> SM2 (VID 30)> Laptop2
[u:2onob1kr]Switch Config[/u:2onob1kr]:
All Ports are Untagged for VLAN 1
Port 9 is Tagged for VLAN 20 & VLAN 30
[u:2onob1kr]AP Config[/u:2onob1kr]:
VLAN: Enable
Dynamic Learning: Disable
Allow Frame Types: All Frames
Management VID: 1
In the VLAN Membership Table:
20 Static
30 Static
[u:2onob1kr]SM1 Config[/u:2onob1kr]:
Dynamic Lerning: Disable
Allow Frame Types: All Frames
Untagged Ingress VID: 20
Management VID: 1
In the VLAN Membership Table:
1 Permanent
20 Permanent
[u:2onob1kr]SM2 Config[/u:2onob1kr]:
same as SM1 except Untagged Ingress VID is 30
The Laptops are both set up with Public IPs so no DHCP is being used here. Now without VLANS enabled, they can get out on the internet just fine. But WITH VLANS enabled they cannot. What am I doing wrong?
The switch is an Allied Telesyn Rapier 24i by the way.
I think I may have found my answer in this thread: http://motorola.canopywireless.com/support/community/viewtopic.php?t=3640&highlight=vlan
I’ll have to do some more testing and then I’ll post my results.
You can still manage the SM locally if the Management is different from the Untagged VLAN.
But you have to go back in the network and route or vpn or RDP into that network.
Gotcha 
Thanks Sterling!
Ok, someone please answer me this: what needs to be tagged and untagged at the L3 switch? And if a port is tagged or untagged, does that mean for ingress only?
Well after a little more research, let me see if I have this straight…
If a port is “Untagged” for let’s say vlan10 then any frames coming IN (ingress) to the port are tagged with VID 10 and any frames leaving (egress) the port are untagged. Is this correct?
If a port is “Tagged” for let’s say vlan20 then any frame coming in or going out will be tagged with VID 20. Right?
I’m just trying to understand all this at the most elementary level (no higher than 5th grade please )
:lol: I love how people avoid this subject like the plague!
Ok twinkletoes, acherman, and vj. I’m looking to you guys. 
Success! Well sort of. I currently have it set up like this in the lab:
Internet—>(port 19) [L3 Switch] (port 9)—>AP—>SM—>Laptop
-Port 19 is set up as Untagged for vlan20
-Port 9 is set up as Tagged for vlan20 and Untagged for vlan1<–so I can get to the AP and SM’s interfaces for management
-Nothing else is configured on the switch. I don’t have any other interfaces except for the default vlan1, and I don’t have any static routes.
-The AP has VID 1 for management and VID 20 in it’s Membership table. Dynamic Learning is Disabled and Allow “All Frames” is checked.
-The SM has VID 1 for management and VID 20 for "Untagged Ingress"
Dynamic Learning is Disabled and Allow “Untagged Frames Only” is checked.
-The laptop has a static public IP address.
With the above configuration, I can get out to the Internet from my laptop, which is what I was hoping to do. But now my question is what if you have more than one VLAN?
Ports can have more than 1 TAGGED Vlan but only 1 UNTAGGED Vlan assigned to it. If I added a second laptop that I want on Vlan 30, I can’t make Port 19 Untagged for vlan20 AND vlan30. I guess I would need a dummy switch in between my internet feed and the untagged ports? yes?
Well, adding a little dummy switch did work. I was able to provide internet access to two separate laptops on two separate VLANs. Once again here is my configuration for anyone who’s interested:
Internet
|
|
Dummy switch
| |
| |
(port 19 & port 23)
L3 Switch
(port 9)
|
|
AP> SM1 (vlan20)> Laptop1
|
|> SM2 (vlan30)> Laptop2
[u:21clkk5c]Switch Config[/u:21clkk5c]:
Port 19 is Untagged for VLAN 20
Port 23 is Untagged for VLAN 30
Port 9 is Untagged for VLAN 1 (mgnt vlan) & Tagged for VLAN 20 & VLAN 30
[u:21clkk5c]AP Config[/u:21clkk5c]:
VLAN: Enable
Dynamic Learning: Disable
Allow Frame Types: All Frames
Management VID: 1
In the VLAN Membership Table:
20 Static
30 Static
[u:21clkk5c]SM1 Config[/u:21clkk5c]:
Dynamic Learning: Disable
Allow Frame Types: Untagged Frames Only
Untagged Ingress VID: 20
Management VID: 1
In the VLAN Membership Table:
1 Permanent
20 Permanent
[u:21clkk5c]SM2 Config[/u:21clkk5c]:
Dynamic Learning: Disable
Allow Frame Types: Untagged Frames Only
Untagged Ingress VID: 30
Management VID: 1
In the VLAN Membership Table:
1 Permanent
30 Permanent
The Laptops are both set up with static Public IPs.
I know it’s not good to leave the Management VID as 1 but I don’t think changing it to another VID should be a problem.
If anybody would like to add anything please by all means throw in your $0.02. The above configuration works but if you see something that’s wrong I would love to know what to do to fix it. Also, did any of this help anyone? The views on this thread is pretty high but no one has been responding. 