EAP sending traffic both tagged and untagged
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.EAP sending traffic both tagged and untagged
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hello,
I have a new EAP670v1 running 1.0.3. This is my first Omada configuration.
I have a very simple setup, 2 SSIDs, one on 2.4 and the other on 5 Ghz. Both SSIDs are assigned VLAN100. The mgmt vlan is 600, but is sent as a native, so untagged.
After the AP starts taking on clients, it starts sending data on both VLAN100 and 600 intermittently, so nothing is able to communicate with the network correctly. Output from Cisco switch (I've highlighted a duplicate as an example):
switch1#show mac address-table interface gigabitEthernet 1/0/8
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
100 14c1.4e65.ff86 DYNAMIC Gi1/0/8
100 14c8.8b24.ec39 DYNAMIC Gi1/0/8
100 201f.3bd8.4930 DYNAMIC Gi1/0/8
100 582f.407e.4b59 DYNAMIC Gi1/0/8
100 9c76.13d8.3131 DYNAMIC Gi1/0/8
100 a45e.60be.5231 DYNAMIC Gi1/0/8
100 a477.3375.c856 DYNAMIC Gi1/0/8
100 d436.398f.7944 DYNAMIC Gi1/0/8
600 14c8.8b24.ec39 DYNAMIC Gi1/0/8
600 1c61.b4cc.6764 DYNAMIC Gi1/0/8
600 5231.8100.0064 DYNAMIC Gi1/0/8
600 5231.8100.c064 DYNAMIC Gi1/0/8
600 a45e.60be.5231 DYNAMIC Gi1/0/8
600 ec39.8100.0064 DYNAMIC Gi1/0/8
I have tried moving the management VLAN to a tagged VLAN, but the packed still arrive as duplicates, on VLAN1 instead.
The data is being sent in a load balanced method, oddly. If I block every other VLAN, traffic is dropped from the client perspective, but I suspect the EAP is still trying and the switch is just dropping the traffic.
Anyone have any troublehsooting ideas? I am out of ideas.
Switch config:
interface GigabitEthernet1/0/8
description access-point
switchport trunk native vlan 600
switchport mode trunk
switchport nonegotiate
spanning-tree portfast edge trunk
spanning-tree bpdufilter enable
spanning-tree guard root
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I have changed the AP to have a management VLAN and the results are as I stated. Traffic is duplicated, but half of it is tagged and half is untagged. Without a native VLAN, it ends up on VLAN 1, as expected:
switch#show mac address-table dynamic interface gig1/0/8
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
100 9c76.13d8.3131 DYNAMIC Gi1/0/8
100 d436.398f.7944 DYNAMIC Gi1/0/8
100 d44d.a417.4052 DYNAMIC Gi1/0/8
1 4052.8100.0064 DYNAMIC Gi1/0/8
1 d44d.a417.4052 DYNAMIC Gi1/0/8
600 1c61.b4cc.6764 DYNAMIC Gi1/0/8 # This is the MAC of the access point
I am frustrated. I really want to use this AP. Is it possible there is a hardware issue with my access point? Is there something in the CLI I can do to further my troubleshooting?
- Copy Link
- Report Inappropriate Content
Hi, I agree with @shberge, from my knowledge, the current mechanism of the EAP is to send messages to two layers at the same time, one is to send management information to the management VLAN, and the other is to send the wireless client's Internet traffic information to the current VLAN based on the data layer.
It is recommended that if you are using a non-Omada switch, to prevent problems such as network downtime that may be caused by incorrectly set management VLANs, you can keep the EAP in the default VLAN 1 and also set ACLs to play a role in preventing guest clients from accessing the management interface.
Additionally, the management VLAN should be Tagged, others should be Untagged.
- Copy Link
- Report Inappropriate Content
@Virgo Thank you, I did not realize it is a normal process to send traffic to the controller as well. Do you have any documentation on this, so I can better understand and make sure my configuration is correct? As I said in my previous posts, the clients do not have a stable connection once they go onto the EAP.
- Copy Link
- Report Inappropriate Content
@Tyrade Why did you create 2 SSIDs? While you can create one SSID for both bands and enable Band Steering.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Virgo Yes I have setup the management VLAN correctly, and I don't really believe the AP will send traffic to the controller as specified. I think my logs speak for themselves. Even with a management VLAN set, the controller is not tagging traffic for VLAN 600, it's just not tagging it.
Also, the traffic destination MAC address is the AP client, not the controller.
I honestly think I have hit some bug. I agree it makes no sense I would hit a bug like that for such a common configuration, but I bought this $150 AP to use it and I can't.
Is there an easy way to engage the vendor?
- Copy Link
- Report Inappropriate Content
FYI, still happening after zeroizing controller and AP.
- Copy Link
- Report Inappropriate Content
so based on the previous replies, you did follow Virgo's guide and config it based on the correct steps.
then your cisco switch still shows up in the logs like that? yes or no?
next, did you verify this by wireshark?? what does wireshark say about this?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1820
Replies: 18
Voters 0
No one has voted for it yet.