11-08-2011 06:52 AM - edited 11-08-2011 07:07 AM
Hello. I am trying to setup VLAN on my 4200G switches and Ubiquiti access points that support multiple VLANs and I am having trouble. I am new to VLAN so please forgive me if I seem ignorant to it...because I am :). I willdiscribe the scenario and I will also attach a simple diagram showing the topology and what I am trying to achieve.
Focusing on the first switch and 1 wireless AP for starters.
I first upgraded all my switch software, web interface, and bootrom to the lastes release eI could find (May 2010).
I need my wireless AP to be in VLAN1 (default for my LAN) and VLAN2 (GUEST).
VLAN1 Subnet is 192.80.x.x
VLAN2 Subnet is 192.168.x.x
Using the web interface I created VLAN2 (I'll call it GUEST from here on out).
I plugged my AP into port 39 and set that port as Hybrid and set my guest SSID for VLAN ID: 2
Port 39 is set as Untagged VLAN1 (to provide LAN connectivity to my private SSID) and tagged for VLAN2 (GUEST)
Port 47 on the switch is set as TRUNK and is NOT a member of VLAN1 and IS an untagged member of VLAN2.
Port 47 then connects to my SOnicWal's interface (labeled X04) that I configured with the idea in mind to provide internet access and DHCP to JUST VLAN2 and the VLAN2 GUEST SSID.
If I plug a device directly into my firewall's X04 interface it provides DHCP and internet as desired. However, when I plug my firewall's interface into my switch's port 47 DHCP and internet are not provided.
It's evident that the issue lies with my switch configuration. I think I may be close to having this worked out, but at this point I'm shooting in the dark. Once I have this working on my core switch I need to set up VLAN2 on my other 4200 switches (as seen in the diagram). But for now I want to get it working on the first switch. Can someone please assist?
11-16-2011 01:13 PM
I think your problem is with Port 47.
You mention your switch is accepting incoming Untagged traffic from your Wireless AP on Hybrid Port 39, that tells us where to start. See page 77 of the Config guide for a more specific definition of how port traffic is handled for incoming and outgoing processing:
The switch see's incoming untagged traffic on Port 39, no problems there. Since it is untagged the switch looks to assign it to the default VLAN which happens to be VLAN 1 (if not then check your default VLAN for this port, no default VLAN = discard packet). As the traffic leaves the switch it looks for all available VLAN1 ports. Since Port 47 is a trunk but is not a member of VLAN 1 the traffic is blocked. Eventually the traffic dropped because it has nowhere to go except to the other uplinks ports. Surprise, surprise, there is no DHCP server or gateway to be found.
Either convert Port 47 to be an Untagged Access port for VLAN1 only (Access ports can only have one untagged VLAN) or leave it as a Trunk and tag it. This will depend on your Firewalls 802.1q compatibility. It’s silly to setup a port to be a trunk but use it for one VLAN. Trunks are intended to be used for multiple VLANs.