Need assistance passing multiple VLANs accross PHAROS CPE210 Pair
Hello everyone. I have a need to transmit a network from one building to one next door using a wireless bridge, but am having trouble getting anything other than untagged traffic to pass through these devices. The design I'm trying to accomplish looks like this. I have one cisco switch that supplies internet, phone, a management VLAN, and printer traffic. I trunked a port with these VLANs (I'll name them 10,20, 30, and 40 for simplicity). On the other end in a neighboring building will be an identically configured switch with a cisco access point configured on it. If I test this at my workstation with a wired connection, everything works perfectly. However, a wire is not an option. Introduce the need for a wireless bridge.
Using the tp-link PHAROS CPE210 and setting one as an AP and the other as a client (as the booklet suggests), I am able to transfer internet traffic between the two switches, but only if I tell the tp-link devices to treat it as untagged, native VLAN traffic. From this point I tried all sorts of variations in the setup of the bridges, but have not found a way to mimic the scenario if having the two switches connected with an ethernet cable. Is there a way to do this with these devices, or do I need something else entirely?
Thanks for your help,
Alan
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thanks for your reply. I still am not able to pass traffic. The primary side is set as an AP (Do I need multiple SSIDs, one for each Vlan?), and the other is in Client mode. Both seems to see each other, and I locked the client to the AP. The graph shows RX and TX traffic.
I changed the default IPs to ones that are part of the same subnet as my management VLAN.
Maybe I'm misunderstand how this works. You set up the internet supply side as an AP with an address that's part of your existing network. You set up the other device as a client, and make sure it's part of the same network. You then survey to look for the SSID of of the remote AP and connect/lock on to it, and anything should traverse the link between the two, regardless of Tagging?
Thanks for your patience.
- Copy Link
- Report Inappropriate Content
alankelly wrote
The primary side is set as an AP (Do I need multiple SSIDs, one for each Vlan?), and the other is in Client mode.
No multiple SSIDs. You would need multi-SSIDs only for multiple client CPEs. Each client can only connect to one SSID of a multi-SSID AP.
You set up the internet supply side as an AP with an address that's part of your existing network. You set up the other device as a client, and make sure it's part of the same network. You then survey to look for the SSID of of the remote AP and connect/lock on to it, and anything should traverse the link between the two, regardless of Tagging?
Yes. It also does not matter which CPE runs in AP mode and which one runs in Client mode. Just make sure that there is one CPE in Client mode which needs to connect to the CPE in AP mode. The CPE in AP mode can be on either »side« of the network. If the WiFi link is established, you have a bidirectional link no matter which CPE operates in AP or Client mode.
My test setup is as follows (in fact it's a VLAN-aware multi-homed Linux server in a DMZ connected over a trunk on CPE #2 wirelessly linked to CPE #1, which is connected to a core switch's trunk port, but to keep it simple, this is the basic topology):
Blue lines are connections from the switch's trunk port (tagged traffic only) to the LAN port of the CPE power injector.
That's what needs to be done for CPE #1 based on factory settings and after initial login:
- Network settings: use the CPE's default IP (192.168.0.254) or set to whatever you need, apply changes
- Only if IP has been changed from default: login again with the new IP, save changes made so far
- Wireless settings: 802.11n-only mode, 20 MHz channel width, enable WPA2 encryption, set WPA2 key, apply & save changes
That's what needs to be done for CPE #2 (make sure to change IP first before connecting both CPEs over WiFi):
- Change operation mode to client mode
- Network settings: set IP to, for example, 192.168.0.253 (or whatever you need), apply changes
- Login again with the new IP, save changes made so far
- Wireless settings: 802.11n-only mode, 20 MHz channel width, enable WPA2 encryption, set WPA2 key, perform survey, lock to AP, apply & save changes
That's it basically (beside setting CPE names, date, timezone etc., which can be done later).
If you want to access the CPEs from your management VLAN, also set the mgmt VLAN ID in the Network menu, but you would first need to use an untagged connection to the CPE for the setup above and after enabling the mgmt VLAN you need to connect to the CPE over the VLAN in order to be able to log into the web UI again for saving the change just made.
Thus, it might be easier to connect the CPE directly to your laptop/workstation, set the laptop/workstation to the IP needed for accessing the CPE and configure the device first. Then set the mgmt VLAN, apply and connect the CPE with the VLAN trunk port of your switch to re-gain access to the web UI. Remember to save the change just made.
You always lose contact temporarily when a) changing the CPE's IP and b) after enabling the CPE's mgmt VLAN (right after applying).
- Copy Link
- Report Inappropriate Content
Pharos CPEs support VLAN-tagged frames over WiFi links. Did a quick test with a VLAN trunk passing through a CPE210 wireless link, works fine for me. Make sure to either send traffic to the CPE itself (the web UI/ssh/discovery etc.) untagged or set the management VLAN in the CPE in order to reach the web UI over a trunk. Or use the second port (V1 hardware has two LAN ports).
One CPE should be set in AP mode, the other in Client mode to create what normally would be called a bridge. Bridge mode is actually Repeater mode meant to re-inforce a wireless signal (difference between Bridge and Repeater modes is just two different SSIDs/encryption modes in Bridge mode, while in Repeater mode SSID and encryption is the same on both sides - SSID abc in the following picture):
So I recommend to set the CPEs to factory settings and start over again. Topology you want to use is:
- Copy Link
- Report Inappropriate Content
Thanks for your reply. I still am not able to pass traffic. The primary side is set as an AP (Do I need multiple SSIDs, one for each Vlan?), and the other is in Client mode. Both seems to see each other, and I locked the client to the AP. The graph shows RX and TX traffic.
I changed the default IPs to ones that are part of the same subnet as my management VLAN.
Maybe I'm misunderstand how this works. You set up the internet supply side as an AP with an address that's part of your existing network. You set up the other device as a client, and make sure it's part of the same network. You then survey to look for the SSID of of the remote AP and connect/lock on to it, and anything should traverse the link between the two, regardless of Tagging?
Thanks for your patience.
- Copy Link
- Report Inappropriate Content
alankelly wrote
The primary side is set as an AP (Do I need multiple SSIDs, one for each Vlan?), and the other is in Client mode.
No multiple SSIDs. You would need multi-SSIDs only for multiple client CPEs. Each client can only connect to one SSID of a multi-SSID AP.
You set up the internet supply side as an AP with an address that's part of your existing network. You set up the other device as a client, and make sure it's part of the same network. You then survey to look for the SSID of of the remote AP and connect/lock on to it, and anything should traverse the link between the two, regardless of Tagging?
Yes. It also does not matter which CPE runs in AP mode and which one runs in Client mode. Just make sure that there is one CPE in Client mode which needs to connect to the CPE in AP mode. The CPE in AP mode can be on either »side« of the network. If the WiFi link is established, you have a bidirectional link no matter which CPE operates in AP or Client mode.
My test setup is as follows (in fact it's a VLAN-aware multi-homed Linux server in a DMZ connected over a trunk on CPE #2 wirelessly linked to CPE #1, which is connected to a core switch's trunk port, but to keep it simple, this is the basic topology):
Blue lines are connections from the switch's trunk port (tagged traffic only) to the LAN port of the CPE power injector.
That's what needs to be done for CPE #1 based on factory settings and after initial login:
- Network settings: use the CPE's default IP (192.168.0.254) or set to whatever you need, apply changes
- Only if IP has been changed from default: login again with the new IP, save changes made so far
- Wireless settings: 802.11n-only mode, 20 MHz channel width, enable WPA2 encryption, set WPA2 key, apply & save changes
That's what needs to be done for CPE #2 (make sure to change IP first before connecting both CPEs over WiFi):
- Change operation mode to client mode
- Network settings: set IP to, for example, 192.168.0.253 (or whatever you need), apply changes
- Login again with the new IP, save changes made so far
- Wireless settings: 802.11n-only mode, 20 MHz channel width, enable WPA2 encryption, set WPA2 key, perform survey, lock to AP, apply & save changes
That's it basically (beside setting CPE names, date, timezone etc., which can be done later).
If you want to access the CPEs from your management VLAN, also set the mgmt VLAN ID in the Network menu, but you would first need to use an untagged connection to the CPE for the setup above and after enabling the mgmt VLAN you need to connect to the CPE over the VLAN in order to be able to log into the web UI again for saving the change just made.
Thus, it might be easier to connect the CPE directly to your laptop/workstation, set the laptop/workstation to the IP needed for accessing the CPE and configure the device first. Then set the mgmt VLAN, apply and connect the CPE with the VLAN trunk port of your switch to re-gain access to the web UI. Remember to save the change just made.
You always lose contact temporarily when a) changing the CPE's IP and b) after enabling the CPE's mgmt VLAN (right after applying).
- Copy Link
- Report Inappropriate Content
I would like to thank both of you for this post and solution. While I'm not passing multiple VLAN's, I am doing the same thing between 2 building and wasn't able get the communications working at all. Once I setup the AP and Client as instructed by R1D2 everything started working.
Thanks again to both of you.
Dennis
- Copy Link
- Report Inappropriate Content
@DrL, you're welcome. Glad that such old posts still help someone.
BTW: A CPE in AP mode and the other in Client mode technically form a transparent L2 bridge.
This operation mode covers most use cases and is most efficient regarding the throughput.
- Copy Link
- Report Inappropriate Content
Hello, just a quick not that this helped me to connect two buildings using the same LAN with multiple VLANs.
Thanks!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 6539
Replies: 6
Voters 0
No one has voted for it yet.