I am trying to configure VLan trunking with 802.1q with VLans that are all on the same switch. The reason I want to do this is for Multiple SSID broadcasting on an enterprise AP. For some reason it isn't working at all. The packets are just all getting discarded. Any ideas how I would configure this? The switch is a Cisco 3500XL.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
VLan Trunks on Same Switch
- Thread starter Chiggy
- Start date
post the running config minu security details (specific IP's, passwords, snmp comm strings.)
config goes along the lines of
switchport mode trunk
switchport encapsulation dot1q
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225sed/scg/swvlan.htm#wp1200245
config goes along the lines of
switchport mode trunk
switchport encapsulation dot1q
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225sed/scg/swvlan.htm#wp1200245
UnrealRage
Limp Gawd
- Joined
- Sep 26, 2004
- Messages
- 155
configure the port that connects to the AP as a trunk (vlan aware) and define the native vlan that the AP will use to get an IP (default is vlan 1)
I think that is part of the problem...The native VLAN is 1 (like you said) the access point is on VLan 2...and VLan 3 is connected to the router that is the subnet I want the AP to get the address from. If I move the native VLan to 2 will that affect anything? What does native VLan mean really? I tried getting a deffinition of it but couldn't find one.
The native vlan defines traffic that is sent from the AP that is not tagged with a specific value (read VLAN ID). So that shouldn't be a problem.
You do know that on the AP side, the same has to happen? Configure as trunk interface?
http://www.cisco.com/en/US/customer...s_configuration_example09186a00801d0815.shtml
What is the config for the interface on the switch side and the lan interface on the AP side?
You do know that on the AP side, the same has to happen? Configure as trunk interface?
http://www.cisco.com/en/US/customer...s_configuration_example09186a00801d0815.shtml
What is the config for the interface on the switch side and the lan interface on the AP side?
Yeah on the AP you just set the SSID's and then a VLAN ID. Its the Linksys WAP54GP. And I assume it all has to match what you set on the switch. I can't get to the actual config that I have right now cause it is at work. I am trying to get any idea of what I did wrong so on Monday I can get it running. I think I enabled trunking on all the ports I was using. Should I just make the AP port a trunk? And the rest normal access ports? Do I have to do anything with the multi-vlan setting? Or VTP?
Well, damn. I just thought you were using Cisco AP's. No wonder some of our suggestions don't make any sense.
I took a look at the manual for the AP in question. But before we go explaining how to setup the AP, i have a couple questions.
You said you have VLAN 1, 2, 3. Explain to me which each vlan does in your network.
Explain how you wish to setup the multiple SSID.
The most difficult question is trying to figure out how the linksys AP negotiates the trunk. Since its a gui interface, its hard to determine...
Plus, i think you probably need to set the interface settings on the cisco switch to the following. There is one more command to enter, however, that depends on your answers above.
switchport mode trunk
switchport mode desireable auto
I took a look at the manual for the AP in question. But before we go explaining how to setup the AP, i have a couple questions.
You said you have VLAN 1, 2, 3. Explain to me which each vlan does in your network.
Explain how you wish to setup the multiple SSID.
The most difficult question is trying to figure out how the linksys AP negotiates the trunk. Since its a gui interface, its hard to determine...
Plus, i think you probably need to set the interface settings on the cisco switch to the following. There is one more command to enter, however, that depends on your answers above.
switchport mode trunk
switchport mode desireable auto
haha Sorry. Well vlan1 is our phone vlan(10.3.1.0) there are 2 other switches connected to this oneall on the 10.3.1.0 network to support the phones.I then created a vlan for the 10.5.1.0 network for guests to the building(vlan2), and the 10.5.2.0 network for employees(vlan3). The guest network just has access to the internet while the employee netowrk has access to everything like if they were connected to the existing wired network. The linksys manual says pretty much nothing on how to configure this and when I called their tech support they sent me to the highest level guy and he had no idea and had to wait to talk to the guy that does the training so they said they would call me back(i don't ecxpect them to though). So from what I understand I need to hook the AP's into vlan1 and turn on trunking to that port then have vlan2 and vlan3 act as normal access ports? It seems like before the access point port was just discarding all the packets it received from the AP. Probably because it didn't understand how the access point had added the vlanids to the packet.
Actually, since you don't even need wireless on your phone vlan (vlan 1). The native vlan should be 2. (the IP address of the AP should be one from Vlan 2.
So the commands to setup on the cisco is as follows
switchport mode trunk
switchport mode desireable auto.
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan 2,3
So the main SSID should correlate to Vlan 2
The 2nd SSID should correlate to Vlan 3
make sure that the interface comes up on the switch. If it has trouble negotiating the the trunk protocol, it will stay down.
So the commands to setup on the cisco is as follows
switchport mode trunk
switchport mode desireable auto.
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan 2,3
So the main SSID should correlate to Vlan 2
The 2nd SSID should correlate to Vlan 3
make sure that the interface comes up on the switch. If it has trouble negotiating the the trunk protocol, it will stay down.
Well now I will make it a little bit more interesting and see if I understand exactly what I have to do. So now I am installing three APs. So each port that the connect to on the switch need to be configured as such:
switchport mode trunk
switchport mode desireable auto.
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan 2,3
Correct?
And the two ports that run to the router for the guest vlan and the employee vlan are set up as normal access ports. As long as I name the SSID's the same Guest and Employee across all three, there should be seamless roaming correct?
switchport mode trunk
switchport mode desireable auto.
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport trunk allowed vlan 2,3
Correct?
And the two ports that run to the router for the guest vlan and the employee vlan are set up as normal access ports. As long as I name the SSID's the same Guest and Employee across all three, there should be seamless roaming correct?
Well that didnt work....also the command switchport mode desirable auto wouldn't work.
Here is the running config of the switch....
Cisco24Phone#show run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname Cisco24Phone
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport access vlan 4
switchport trunk encapsulation dot1q
switchport trunk native vlan 4
switchport trunk allowed vlan 1,4,5,1002-1005
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 5
!
interface FastEthernet0/4
switchport access vlan 4
!
interface FastEthernet0/5
switchport access vlan 4
!
show vlan
4 emp_wireless active Fa0/4, Fa0/5
5 guest_wireless active Fa0/3
I know I must be forgetting something
Here is the running config of the switch....
Cisco24Phone#show run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname Cisco24Phone
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport access vlan 4
switchport trunk encapsulation dot1q
switchport trunk native vlan 4
switchport trunk allowed vlan 1,4,5,1002-1005
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 5
!
interface FastEthernet0/4
switchport access vlan 4
!
interface FastEthernet0/5
switchport access vlan 4
!
show vlan
4 emp_wireless active Fa0/4, Fa0/5
5 guest_wireless active Fa0/3
I know I must be forgetting something
So it seems like either the AP isn't tagging the frames correctly or the Switch isn't sending the traffic back to the correct vlan.
Example.
The client connects wirelessly and sends out a DHCP Discover. The DHCP server then send out an Offer but it isn't getting forwarded back to the AP. If I view the packets on the vlan I can see everything but if I monitor the port the access point is on there is nothing. I don't see anything in the packets that would indicate a vlan ID either.
Example.
The client connects wirelessly and sends out a DHCP Discover. The DHCP server then send out an Offer but it isn't getting forwarded back to the AP. If I view the packets on the vlan I can see everything but if I monitor the port the access point is on there is nothing. I don't see anything in the packets that would indicate a vlan ID either.
Well I guess it kind of worked. I just noticed that if I connect to the guest wireless that works correctly, but employee doesn't. The only diffrence between them is that employee is the main SSID and guest is virtualSSID1. So maybe if I make employee virtual SSID2?
Here is the output after the commands:
sh int
FastEthernet0/2 is up, line protocol is up
Hardware is Fast Ethernet, address is 0030.1913.4602 (bia 0030.1913.4602)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 2000 bits/sec, 4 packets/sec
19991906 packets input, 1436752669 bytes
Received 998907 broadcasts, 0 runts, 0 giants, 0 throttles
69 input errors, 69 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 5575 multicast
0 input packets with dribble condition detected
30004838 packets output, 1716690879 bytes, 0 underruns
0 output errors, 676 collisions, 3 interface resets
0 babbles, 0 late collision, 25500 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet0/3 is up, line protocol is up
Hardware is Fast Ethernet, address is 0030.1913.4603 (bia 0030.1913.4603)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 03:12:41, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
6912113 packets input, 1539386199 bytes
Received 23048 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 64 multicast
0 input packets with dribble condition detected
9668105 packets output, 1813393627 bytes, 0 underruns
0 output errors, 8 collisions, 1 interface resets
0 babbles, 0 late collision, 190 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet0/4 is up, line protocol is up
Hardware is Fast Ethernet, address is 0030.1913.4604 (bia 0030.1913.4604)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:49, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
8495911 packets input, 1850032159 bytes
Received 83451 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 6788 multicast
0 input packets with dribble condition detected
20138093 packets output, 4092423023 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Cisco24Phone#sh int Fa0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 4 (emp_wireless)
Trunking VLANs Enabled: 1,4,5,1002-1005
Trunking VLANs Active: 1,4,5
Pruning VLANs Enabled: 2-1001
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
Self Loopback: No
Cisco24Phone#
And after doing that the employee wireless still can't get connectivity
Here is the output after the commands:
sh int
FastEthernet0/2 is up, line protocol is up
Hardware is Fast Ethernet, address is 0030.1913.4602 (bia 0030.1913.4602)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 2000 bits/sec, 4 packets/sec
19991906 packets input, 1436752669 bytes
Received 998907 broadcasts, 0 runts, 0 giants, 0 throttles
69 input errors, 69 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 5575 multicast
0 input packets with dribble condition detected
30004838 packets output, 1716690879 bytes, 0 underruns
0 output errors, 676 collisions, 3 interface resets
0 babbles, 0 late collision, 25500 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet0/3 is up, line protocol is up
Hardware is Fast Ethernet, address is 0030.1913.4603 (bia 0030.1913.4603)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 03:12:41, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
6912113 packets input, 1539386199 bytes
Received 23048 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 64 multicast
0 input packets with dribble condition detected
9668105 packets output, 1813393627 bytes, 0 underruns
0 output errors, 8 collisions, 1 interface resets
0 babbles, 0 late collision, 190 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet0/4 is up, line protocol is up
Hardware is Fast Ethernet, address is 0030.1913.4604 (bia 0030.1913.4604)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:49, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
8495911 packets input, 1850032159 bytes
Received 83451 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 6788 multicast
0 input packets with dribble condition detected
20138093 packets output, 4092423023 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Cisco24Phone#sh int Fa0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 4 (emp_wireless)
Trunking VLANs Enabled: 1,4,5,1002-1005
Trunking VLANs Active: 1,4,5
Pruning VLANs Enabled: 2-1001
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
Self Loopback: No
Cisco24Phone#
And after doing that the employee wireless still can't get connectivity
So basically right now the ip address of the AP means nothing right? Its just for managment. I don't think I have it configured properly but it works. The only thing that sucks is if I want to log into the access point i have to do it wirelessly on the main ssid and give the host an address on the same subnet as the AP and then I can access it.