EAP683-LR Poor network performance with tagged vlans on SSID

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP683-LR Poor network performance with tagged vlans on SSID

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP683-LR Poor network performance with tagged vlans on SSID
EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 15:39:41
Model: EAP670  
Hardware Version:
Firmware Version: 1.0.0

Hooked up my new EAP683-LR wifi access point and configured it to match my previous AP configuration (ubiquiti) via a OC200. Network looks like this:

 

mikrotik router -> eth7 -> trunk port with default vlan1 untagged, vlans 11,20,30 tagged.

 

EAP683-LR configured with 3 SSIDs, each one tags a vlan (11,20,30).

 

When a device connected to the SSID tries to connect to a local resource on the same vlan, the device receives duplicate TCP ACKs and TCP Retransmissions but will never connect to the backing TCP service. In this case it affects multiple services but I'm primarily testing with plex.

 

If, for instance, I configure the trunk port on the mikrotik router to set untagged on vlan11 and tagged vlan1 (and then remove the vlan tag on the SSID), everything works as expected.

 

I also tested upgrading the OC200 to the latest beta firmware to try with PPSK and that also did not work as expected.

 

Is there any advice to setup the access point to work correctly when connected with tagged vlans with 3rd party routers?

 

Thank you.

  0      
  0      
#1
Options
28 Reply
Re:EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 16:28:06

  @rumblpak I am using a Cisco Layer 3 Switch (4506E) with different EAP connected, however, the concept should be the same.

 

If I understand what you have listed, it is roughly the same as I have.  I am not using VLAN 1 as default.  I use VLAN 254. In my case, I have the native VLAN set to 254, which is untagged, and all other VLANS tagged, and it works correctly.  You can see the port config below:

 

interface GigabitEthernet2/6
 description Lobby AP
 switchport trunk native vlan 254
 switchport trunk allowed vlan 25,100-102,112,113,200,254
 switchport mode trunk
 logging event link-status

 

My EAP's don't use VLAN 254 for ANY of the SSID's though, so for a test, you may want to try not using VLAN 1, and just use another VLAN for your traffic and tag it as well.  At least as a test.  To be clear though, I do use VLAN 254 as the management VLAN, just not on any tagged SSID's.   Hopefully that make sense.

 

If that doesn't work, make sure that there are no firewall rules, etc that could be blocking traffic.

  0  
  0  
#2
Options
Re:EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 16:38:23
Yeah did that test already and don't see any improvement. vlan1 (as you probably guessed is my management vlan). I only seem to be able to get services to work when the wifi is set to untagged vlan mode. None of my SSIDs use vlan1, under normal usage, they'd all be set to tagged vlans. Everything worked before the switch from Ubiquiti to TP-Link so I doubt its firewall related. Devices can get IPs in the correct vlans, surf the web just fine, its only when they go to access resources on the local network that I get this odd behavior. Super weird.
  0  
  0  
#3
Options
Re:EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 17:00:56

  @rumblpak yeah, that is weird.  Can you ping your plex server?  Or any other device on the network?  Can you ping the gateway for those VLAN's?

  0  
  0  
#4
Options
Re:EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 17:04:51

  @rumblpak i know this is probably a stupid question, but in addition to the above, make sure you didn't mark the SSID's as a 'guest' network.

  0  
  0  
#5
Options
Re:EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 18:04:20

  @muzicman0 

 

ICMP traffic (ping) works fine, its only udp and tcp traffic where I see issues. The main SSID does not have guest enabled but the other two do, would that be a problem?

  0  
  0  
#6
Options
Re:EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 18:30:36 - last edited 2023-12-26 18:36:04

  @rumblpak  yes, that's the problem. Guest networks will block any traffic that isn't destined for the wan. So any local ip's will be blocked (ie:192.168.0.0/16). 

 

Uncheck guest on those and use acl's to block traffic that you want between vlans. 

 

Edit: replied from my phone, so please excuse any typos!

  0  
  0  
#7
Options
Re:EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 18:42:13

  @muzicman0 even on the network that isn't a guest network?

  0  
  0  
#8
Options
Re:EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 18:48:19

  @rumblpak if client and server are on the same vlan and same subnet, and it isn't a guest network then it should work. If either guest or client are on guest then it won't work. 

  0  
  0  
#9
Options
Re:EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 18:49:28
Client and server on the same vlan with guest network disabled did not work.
  0  
  0  
#10
Options
Re:EAP683-LR Poor network performance with tagged vlans on SSID
2023-12-26 18:54:57

  @rumblpak no idea at this point. I think it would be worth it to try disabling the guest on all ssid's just as a test. In theory it shouldn't matter, but perhaps there is a bug or something. It might even be worth rebooting everything after making that change. 

  0  
  0  
#11
Options