We are turning up a new vWLAN appliance with AP's. Using Firmware V2_3_0_09 for vWLAN appliance and 6.7.0-17. AP model 1840.
This is what I'm wanting to do. I have an SSID for wireless that is pulling ip addresses from vlan 3 which is my data vlan. I want to be able to have a guest wireless SSID that will pull ip addresses from vlan 4. So far this isn't working for me. This is what I have done so far....
1) On my Adtran 3448 Router:
interface vlan 3
description Data
ip address 192.168.100.1 255.255.255.0
ip access-policy Private
no shutdown
!
interface vlan 4
description Wireless
ip address 192.168.200.1 255.255.255.0
ip access-policy Private
no shutdown
!
ip dhcp pool "Data"
network 192.168.100.0 255.255.255.0
dns-server xxxxx xxxxx
netbios-node-type h-node
default-router 192.168.100.1
option 43 ascii xxxxx
!
ip dhcp pool "GCA.Guest"
network 192.168.200.0 255.255.255.0
dns-server xxxxxx xxxxx
netbios-node-type h-node
default-router 192.168.200.1
option 43 ascii xxxxxx
!
interface switchport 0/5
description AP1
no shutdown
switchport mode trunk
switchport trunk native vlan 3
2) On the vWLAN
a) I have created a domain for the customer
b) I have created two locations. One is Guest, the other is Wireless.
~ Guest:
Location name: Guest
VLAN: 4
CIDR: 192.168.200.0/24
~ Wireless:
Location Name: Wireless
VLAN 3
CIDR: 192.168.100.0/24
c) I have created two roles. One is Guest the other is Wireless.
~ Guest:
Role name: Guest
Location: Guest
Everything else is default
~ Wireless:
Role name: Wireless
Location: Wireless
Everything else is default.
d) I have created two SSID's. One is Guest, the other is Wireless.
~ Guest:
SSID Name: Guest
Broadcast (checked)
Convert multicast disabled
Authentication: WPA2-PSK
Cipher: AES-CFM
Login form is default:
Role is: Guest
then PSK
~ Wireless
SSID Name: Wireless
Everything else the same as Guest
Role: Wireless
e) I have created an AP Template and both SSID's have been added to it.
That's pretty much the config in a nutshell. The problem I'm having is that I can only get the AP's to work using the Native Vlan config on the trunk port. It will work with either DHCP pool as long as one of them is set to Native. If it's set to native it correctly pulls an ip address and I can surf. If it's set any other way such vlan 3 native and vlan 4 allowed on the trunk, the Native will work on the wireless SSID but when you swap over to the Guest SSID it will not pull an address and can't surf. ** Note: the AP's themselves are set up to pull a DHCP IP address from vlan 3. If you log into to the Guest network and it sits there long enough, it will eventually find the native vlan and pull from the pool of vlan 3. I don't want it to do that. **
I have tried these two configs on the trunk port:
interface switchport 0/5
no shutdown
switchport mode trunk
switchport trunk native vlan 3
switchport trunk allowed vlan 4
and
interface switchport 0/5
no shutdown
switchport mode trunk
switchport trunk allowed vlan 3,4
None of which seems to work the way that I want it to... Any help from those who are doing this would be appreciated.
Thanks in advance.
You mentioned creating two roles where you said you configured the name and location, but left everything else default. By default, the roles block all traffic. You have to explicitly allow the traffic you want. Any traffic not explicitly allowed will be implicitly denied. You mentioned that DHCP works depending on the native VLAN, but based on your roles that will not be the case.
Even though I am certain you are not having an issue with the NV3448 (DHCP server), there is a suggestion that I need to make. You should use the first switch configuration you listed.
!
interface switchport 0/5
description AP1
no shutdown
switchport mode trunk
switchport trunk native vlan 3
!
The other switch configs will present complications. By default, all VLANs are allowed. So with the first configuration, you set the native (untagged) VLAN to 3, and allow everything else. In the second configuration, you have the native VLAN set to 3, but you are not allowing that VLAN on the port. The correct configuration in that case would be as follows.
!
interface switchport 0/5
description AP1no shutdown
switchport mode trunk
switchport trunk native vlan 3
switchport trunk allowed vlan 3,4
!
So basically you would need to combine the second and third switch configuration you listed. However, if you have any other VLANs at that site, they will not be allowed over the port.
I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily as well as award points to the users that helped you. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.
Thanks for your help! I ended up having to use the switchport trunk native
vlan command on the switchport, change to the native vlan for the ap's on
the vwlan and change some rules in the role for the guest SSID as you
suggested. I appreciate the response!
On Fri, Aug 23, 2013 at 10:47 AM, site.down.charlie <