Cisco trunk and multiple vlans
hello,
i have 2 SSID defined in EAP225 and setup as VLAN 1 and VLAN 14.
on the Cisco switch i have this settings:
interface GigabitEthernet0/4
description TP-Link EAP225
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,14,100
switchport mode trunk
spanning-tree portfast
end
But is not working, if i setup the Cisco port with access and access to a single VLAN, any VLAN is working, but in any configuration is not working.
I have also contacted the TP-Link Romania (great support, hello to the guy on the other end of the phone) but no solution yet, using TP-Link products is working, but EAP225 + Cisco and trunking is a no go.
Any idea what i am doing wrong?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
You should have no issue with VLAN 14. As far as the VLANs 1 and 100 are concerned, it all depends which one is native on the CISCO switch since the native VLAN means untagged traffic on the trunk. That needs to be matched on the AP.
Untagged (Native) = no VID on SSID (only one VLAN)
Tagged = VID on SSID (one or many VLANs)
- Copy Link
- Report Inappropriate Content
@KJK native vlan is 1
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Gi0/3 on 802.1q trunking 1
Gi0/4 on 802.1q trunking 1
Gi0/45 on 802.1q trunking 1
Gi0/46 on 802.1q trunking 1
Gi0/47 on 802.1q trunking 1
Gi0/48 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 1-4094
Gi0/3 1-4094
Gi0/4 1,14,100
Gi0/45 1-4094
Gi0/46 9-10,99-100
Gi0/47 1-4094
Gi0/48 13
Port Vlans allowed and active in management domain
Gi0/1 1,9,14,99-100
Gi0/3 1,9,14,99-100
Gi0/4 1,14,100
Gi0/45 1,9,14,99-100
Gi0/46 9,99-100
Gi0/47 1,9,14,99-100
Gi0/48 none
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,9,14,99-100
Gi0/3 1,9,14,99-100
Gi0/4 1,14,100
Gi0/45 1,9,14,99-100
Gi0/46 9,99-100
Gi0/47 1,9,14,99-100
Gi0/48 none
- Copy Link
- Report Inappropriate Content
of course you can have both on a cisco switch.
try and simplify it a bit, try and turn off management vlan on access point, set deafult vlan to vlan1 with these commands
switchport trunk native vlan 1 or switchport access vlan 1
on ssid vlan should be disabled on native vlan.
you probably have to do some lab before it will work,
If you find a solution, write a few words on the forum, I'm curious as to what the problem is.
- Copy Link
- Report Inappropriate Content
SoulRaven wrote
@KJK native vlan is 1
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Gi0/3 on 802.1q trunking 1
Gi0/4 on 802.1q trunking 1
Gi0/45 on 802.1q trunking 1
Gi0/46 on 802.1q trunking 1
Gi0/47 on 802.1q trunking 1
Gi0/48 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/1 1-4094
Gi0/3 1-4094
Gi0/4 1,14,100
Gi0/45 1-4094
Gi0/46 9-10,99-100
Gi0/47 1-4094
Gi0/48 13
Port Vlans allowed and active in management domain
Gi0/1 1,9,14,99-100
Gi0/3 1,9,14,99-100
Gi0/4 1,14,100
Gi0/45 1,9,14,99-100
Gi0/46 9,99-100
Gi0/47 1,9,14,99-100
Gi0/48 none
Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,9,14,99-100
Gi0/3 1,9,14,99-100
Gi0/4 1,14,100
Gi0/45 1,9,14,99-100
Gi0/46 9,99-100
Gi0/47 1,9,14,99-100
Gi0/48 none
@SoulRaven ok. connect a computer and se if you get ip from vlan1 on that port and what port use your firewall
- Copy Link
- Report Inappropriate Content
@SoulRaven all off my AP ar working with trunk and trunk access vlan.
the openwrt has not any problem with trunking and access mode on ports.
the question is what is the reson that EAP requires specific settings any other that any normal trunking port for multiple ssid's
- Copy Link
- Report Inappropriate Content
@MR.S i have 20 years in networking and data center maintenance as active CTO.
the problem untill now is not my knolage about nrtworking is about how EAP is working with trunks and tagged and untagged traffic.
to keep in mind, in any trunking configuration, the only untagged vlan is native vlan, any other vlan accepted is tagged.
in access mode you don't have more that 1 accepted vlan, and in trunking as many as you want, except the native vlan that is untagged.
- Copy Link
- Report Inappropriate Content
I think you have to ask tp-link about that. I give up for now. mybe there is som other on the forum that have more information to you,
- Copy Link
- Report Inappropriate Content
An EAP configured according to the screenshot you have provided earlier will do the following:
- Frames received from devices connected to “TP-Link_2.4…” will be sent untagged to the switch. Untagged frames received from the switch will be sent to devices connected to the same SSID (TP-Link_2.4…).
- Frames received from devices connected to “test” will be sent to the switch tagged with VID= 14. Frames tagged with VID=14 received from the switch will be sent to devices connected to the same SSID (test).
- Frames received from devices connected to “TP-Link_5…” will be sent to the switch tagged with VID=100. Frames tagged with VID=100 received from the switch will be sent to devices connected to the same SSID (TP-Link_5…).
Since both your EAP and switch talk the same language, that is dot1q, they should understand each other. I have never heard about any incompatibility in this resect.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2472
Replies: 28
Voters 0
No one has voted for it yet.