Switches, Hubs, and Modems
1748073 Members
4365 Online
108758 Solutions
New Discussion юеВ

Unable to manage access point in different VLAN

 
bruun
Occasional Contributor

Unable to manage access point in different VLAN

IInstalled and configured a few accesspoints and a switch. On the accesspoints i've created 2 networks:
Production (vlan 10)
Guest (vlan 20)
The accesspoints are connected to tagged ports (ports 45-48). The above works and the guests end up in the right vlan.

However i want to manage the accesspoint from a device that's connected to a untagged port in VLAN 10 (port 10), however i'm unable to ping the device or open the web interface. I can only manage them if i connect the access points to one of the untagged ports in VLAN10.

I hope someone can explain why i'm unable to connect to the accesspoint?

vlan 1
   name "DEFAULT_VLAN"
   no untagged 5-44,46-48
   untagged 45,49-52,Trk1-Trk2
   no ip address
   exit
vlan 10
   name "Production"
   untagged 5-44
   tagged 45-48,Trk1-Trk2
   ip address 192.168.20.2 255.255.255.0
   exit
vlan 20
   name "Guest"
   tagged 45-48,Trk1
   no ip address
   exit

8 REPLIES 8
Vince-Whirlwind
Honored Contributor

Re: Unable to manage access point in different VLAN

What are the access point's IP address details?
Where is the access point's default GW located on the network?
Where is your VLAN10 device's default GW located on the network?
What security do you have between the two subnets?

bruun
Occasional Contributor

Re: Unable to manage access point in different VLAN

What are the access point's IP address details?
The access points IP address is in the same range as VLAN 10 (192.168.3.0)

Where is the access point's default GW located on the network?
The gateway is the same as the Windows clients are using, the router

Where is your VLAN10 device's default GW located on the network?
Same as the access points

What security do you have between the two subnets?
Accesspoint is in the same subnet as the PC from which i try to manage the accesspoint

Had some time to do some further research, i'm only able to access the access point if i untag port 45 (Port to which the accesspoint is connected) The result is:
Port 45 untagged in VLAN 10
Port 45 tagged in VLAN 20
I'm not sure if this has any affect on the WIFI network / clients?

Vince-Whirlwind
Honored Contributor

Re: Unable to manage access point in different VLAN

Sounds to me like your only issue then is a Layer2 issue of correctly matching up the VLAN config on the ports on either side of the link between switch and AP.

If the AP has VLAN10 untagged, then the switch has to be configured the same on those links.

bruun
Occasional Contributor

Re: Unable to manage access point in different VLAN

The accesspoints that are connected to the switch are HP MSM430's, 2 network profiles have been configured:

Guest (vlan 20)

production (vlan 10)

I'm not sure what you mean by 'AP has VLAN10 untagged'?

As mentioned in my previous post ports 45-48 are tagged in VLAN 10 and VLAN 20. I'm guessing that i need to untag ports 45-48 in vlan 10 and leave 45-48 tagged in VLAN 20 so i'm able to manage the accesspoints from a device located in VLAN 10. Is this correct?

Vince-Whirlwind
Honored Contributor

Re: Unable to manage access point in different VLAN

If the AP is using 2 VLANs, then those VLANs need to be trunked to the AP. From what you said before, it sounds like the AP interface has VLAN10 configured as untagged.

bruun
Occasional Contributor

Re: Unable to manage access point in different VLAN

Do you mean configure the port as seen below? Tagged and untagged ports do not make any sense at all...

Interface  45 (port with AP)
port link-type trunk
port trunk permit vlan 10 20
Description AccessPoint
 

Vince-Whirlwind
Honored Contributor

Re: Unable to manage access point in different VLAN

If that's the way you have your switchport configured, then the AP interface that it is patched to needs to be configured the same.

If a VLAN is "tagged" on an interface then all frames will be forwarded through that interface with a frame header in the 802.1q format, ie, it includes a VLAN tag.
If a VLAN is untagged, then it uses standard non-802.1q frame header format,, ie, it does not include any VLAN tag.

So it sounds to me like your switch is sending both VLANs using 802.1q format, but maybe your AP is sending VLAN10 as untagged.

luckyh
Advisor

Re: Unable to manage access point in different VLAN

I just assume that the management traffic to your AP is untagged from your AP Side and you want to map different SSID into different VLAN's for security separation (at least this would be the normal way) to do it.

So if on your AP  <- if not otherwise configured the mgmt IP of an AP is sent untagged per default

mgmt vlan 1
SSID "CORP"   map to vlan 10
SSID "Guest"   map to vlan 20

than your switchport where the AP is connected to should somehow similar to be configured to

Interface  45 
port link-type trunk
port trunk native vlan 1
port trunk permit vlan 1 10 20
Description AccessPoint