Multi VLAN WLAN Networking on Cisco CBW

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

fsardone

New Around Here
Dear all,

sorry if this is too trivial but I am new to Cisco WiFi and I am stuck trying to configure 3 CBW140AC in a wired (non mesh) configuration supporting 2 SSID mapped to 2 different VLANs.

Network:

The back end network is a Cisco 1921 Router and multiple Cisco 3560 gigabit PoE switch interconnected with Gigabit trunk links. The 1921 is running DHCP and the 3560 providing access port and PoE. There are 6 VLAN running on the network of which 2 should be associated with (distinct) SSID on all three access points. All access points are wired with CAT 6 and Cisco CDP shows correct neighborough relationships with switches router and APs. I did get the access point up and running, mapped one as preferred primary and achieved broadcasting of the SSID mapped to the native VLAN of the uplink switch port.



The point is (and I have read a couple of times the management guide for CBW) I do not know/understand how to:

-set the AP wired interface to trunk mode: If I set the corresponding switch port to trunk, I loose connectivity same for setting it as switchport mode dynamic preferred and finally setting it for access or dynamic auto the port stays in access mode (and non native VLAN traffic is not forwarded);

-map VLAN to SSID; I did try creating a RLAN and setting the RLAN VLAN tagging to yes and selecting the proper VLAN, then setting the WLAN in the same way but I cannot achieve the desired result; creating multiple WLAN without tagging cause all the client on the different WLAN to be mapped to the default (native) VLAN, setting it to VLAN tagging yes and the proper VLAN fails to establish connection (client is not assigned an IP address) DHCP works correctly.

I would appreciate a pointer to an explaination how VLAN,RLAN and WLAN are linked and managed and how to set the Gigabit Ethernet port of the AP in trunk mode (or negotiate trunk mode with the corresponding switch).

Thank you for your help.

Fabio
 

coxhaus

Part of the Furniture
I have not setup CBW140AC wireless APs. I have been using Cisco small business APs for many years. I always use a trunk port to my Cisco wireless APs. I usually use the default VLAN and a tagged VLAN. I have used 2 tagged VLANs but I went back to my other setup. It seems easier to use default VLAN set to VLAN 1 with Cisco small business gear at least in the old days so I have stayed that way even though Cisco tells to change your default VLAN.

If you can't figure it out you might try using the Cisco small business forums for answers.
 
Last edited:

Trip

Very Senior Member
@fsardone - Hi Fabio. I've installed multiple CBW setups and know the product fairly well. Apologize if some of what I say is already obvious to you; I just want to establish that you're aware of a baseline set of knowledge here.

First off, as much as I am aware, the CBW140AC main port operational mode cannot be changed. It functions by default as allowing all VLANs upstream. How that traffic is tagged or untagged is determined based on the RLAN and WLAN configs.

For RLAN, I would set its VLAN as untagged or tagged with a VLAN ID of whatever your 3560 switches are using for private/management/default communication. This should allow the APs to communicate properly with the switches.

For WLAN, if you intend on putting all traffic on tagged, non-default VLANs, then set the SSID VLAN settings as tagged with the desired VLAN ID, and they should pass traffic properly upstream to your switches. On the switch side, I presume all ports are set to accept/pass the corresponding VLANs?

Regarding your clients not pulling IPs, I presume you've ensured you have a DHCP scope set for that particular VLAN's subnet, and you can ping the interface of the switch in that subnet once connected to the corresponding SSID?
 

fsardone

New Around Here
@fsardone - Hi Fabio. I've installed multiple CBW setups and know the product fairly well. Apologize if some of what I say is already obvious to you; I just want to establish that you're aware of a baseline set of knowledge here.

First off, as much as I am aware, the CBW140AC main port operational mode cannot be changed. It functions by default as allowing all VLANs upstream. How that traffic is tagged or untagged is determined based on the RLAN and WLAN configs.

For RLAN, I would set its VLAN as untagged or tagged with a VLAN ID of whatever your 3560 switches are using for private/management/default communication. This should allow the APs to communicate properly with the switches.

For WLAN, if you intend on putting all traffic on tagged, non-default VLANs, then set the SSID VLAN settings as tagged with the desired VLAN ID, and they should pass traffic properly upstream to your switches. On the switch side, I presume all ports are set to accept/pass the corresponding VLANs?

Regarding your clients not pulling IPs, I presume you've ensured you have a DHCP scope set for that particular VLAN's subnet, and you can ping the interface of the switch in that subnet once connected to the corresponding SSID?
Hello Trip,
first of all thank you for your time.
After 48hrs of bashing the problem I think I have it under control also thank you to your simple suggestion.
I simply set up the "switchport mode trunk" "switchport native vlan" on the uplink port of the switch and the AP connected. Which is what you said: set the port to trunk mode.

For other running in this problem I believe can be traced to the fact that the initial configuration happens through the management WLAN at power up with the mobile app. So configuring trunk mode on the uplink port creates the issue (loss of connectivity to the management interface). The native VLAN, which is also the management backplane for all my network, has no DHCP (for security and because everything is static in my management realm) so the WLAN needs to be either on a tagged VLAN or I need to change the default VLAN on the switchport upstream of the AP. Changing the config of the switch port and/or the WLAN config was causing me to loose connectivity to the AP. I guess I am spoiled because the initial config of all my Cisco device is done via console port which NEVER lose connectivity :)

The final touch up config (adding the other two AP, configuring additional WLAN, etc) can be done from a wired computer (or accessing the LAN via a different AP).

@Trip One last question if I may. In your opinion do I need to have a tagged RLAN for a Tagged WLAN or could I simply add a tagged WLAN and not configure the corresponding RLAN? I.e. if I want to have traffic tagged for VLAN4 on WLAN SSID Net4 it is enough to create the WLAN or do I also need the RLAN tagged as 4?

Appreciate the help

Cheers
Fabio
 

Trip

Very Senior Member
@fsardone - Very welcome, glad it helped Fabio. As for your last question, no, you don't need additional tagged RLANs to successfully egress tagged wireless traffic; a WLAN with SSID and tagged VLAN should be enough on its own. At least that's been the case in all of the setups I've tested.
 

coxhaus

Part of the Furniture
A trunk port in the Cisco small business network equipment world passes all VLANs whereas in the IOS world trunk ports only pass defined VLANs to the trunk port.
 
Last edited:

fsardone

New Around Here
A trunk port in the Cisco small business network equipment world passes all VLANs whereas in the IOS world trunk ports only pass defined VLANs to the trunk port.
Thank you for your contribution.
The problem concerns the CBW which has no way to configure the port (from what I saw it autoconficure based on switchport config).
In a Cisco IOS device you set encapsulation dot1q and switchport mode trunk to achieve trunking (you might also want to set the native - untagged - VLAN for the port).

My problem was that I was loosing connectivity when setting the switch port to trunk while the CBW was reconfiguring. It takes a while.

Cheers

Fabio
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top