EAP683-LR Poor network performance with tagged vlans on SSID
Hooked up my new EAP683-LR wifi access point and configured it to match my previous AP configuration (ubiquiti) via a OC200. Network looks like this:
mikrotik router -> eth7 -> trunk port with default vlan1 untagged, vlans 11,20,30 tagged.
EAP683-LR configured with 3 SSIDs, each one tags a vlan (11,20,30).
When a device connected to the SSID tries to connect to a local resource on the same vlan, the device receives duplicate TCP ACKs and TCP Retransmissions but will never connect to the backing TCP service. In this case it affects multiple services but I'm primarily testing with plex.
If, for instance, I configure the trunk port on the mikrotik router to set untagged on vlan11 and tagged vlan1 (and then remove the vlan tag on the SSID), everything works as expected.
I also tested upgrading the OC200 to the latest beta firmware to try with PPSK and that also did not work as expected.
Is there any advice to setup the access point to work correctly when connected with tagged vlans with 3rd party routers?
Thank you.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@rumblpak I am using a Cisco Layer 3 Switch (4506E) with different EAP connected, however, the concept should be the same.
If I understand what you have listed, it is roughly the same as I have. I am not using VLAN 1 as default. I use VLAN 254. In my case, I have the native VLAN set to 254, which is untagged, and all other VLANS tagged, and it works correctly. You can see the port config below:
interface GigabitEthernet2/6
description Lobby AP
switchport trunk native vlan 254
switchport trunk allowed vlan 25,100-102,112,113,200,254
switchport mode trunk
logging event link-status
My EAP's don't use VLAN 254 for ANY of the SSID's though, so for a test, you may want to try not using VLAN 1, and just use another VLAN for your traffic and tag it as well. At least as a test. To be clear though, I do use VLAN 254 as the management VLAN, just not on any tagged SSID's. Hopefully that make sense.
If that doesn't work, make sure that there are no firewall rules, etc that could be blocking traffic.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@rumblpak yeah, that is weird. Can you ping your plex server? Or any other device on the network? Can you ping the gateway for those VLAN's?
- Copy Link
- Report Inappropriate Content
@rumblpak i know this is probably a stupid question, but in addition to the above, make sure you didn't mark the SSID's as a 'guest' network.
- Copy Link
- Report Inappropriate Content
ICMP traffic (ping) works fine, its only udp and tcp traffic where I see issues. The main SSID does not have guest enabled but the other two do, would that be a problem?
- Copy Link
- Report Inappropriate Content
@rumblpak yes, that's the problem. Guest networks will block any traffic that isn't destined for the wan. So any local ip's will be blocked (ie:192.168.0.0/16).
Uncheck guest on those and use acl's to block traffic that you want between vlans.
Edit: replied from my phone, so please excuse any typos!
- Copy Link
- Report Inappropriate Content
@muzicman0 even on the network that isn't a guest network?
- Copy Link
- Report Inappropriate Content
@rumblpak if client and server are on the same vlan and same subnet, and it isn't a guest network then it should work. If either guest or client are on guest then it won't work.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@rumblpak no idea at this point. I think it would be worth it to try disabling the guest on all ssid's just as a test. In theory it shouldn't matter, but perhaps there is a bug or something. It might even be worth rebooting everything after making that change.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1955
Replies: 28
Voters 0
No one has voted for it yet.