AP121 behind 3rd party switch can't phone home

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Does anyone have some suggestions on how to diagnose and/or remedy this problem?

We've done an initial deployment of our hive that looks like this:

Building 1:

WAN gateway > BR100 > SR2024P > 200' cable under parking lot to ...

Building 2:

1 AP121 in portal mode (powered by the SR2024P)

5 AP121s in mesh point mode (powered by AC adapters)

We purchased an EnGenius EGS2110P to install in the riser room of building 2 with the plan that the network path to the AP121s would look like this:

Building 1:

WAN gateway > BR100 > SR2024P > 200' cable under parking lot to ...

Building 2:

EGS2110P > 6 AP121s in portal mode (powered by the EGS2110P)

Now to the problem:

We have 5 VLANs defined, and I've configured the EGS2110P using its 802.1Q tagging features such that all 8 ports are 'untagged' members of all 5 VLANs, with untagged packets being assigned to VLAN 2. According to the EnGenius documentation, this means that packets tagged for VLANs 1 thru 5 that arrive at any port will be switched through to the appropriate destination port without additional tagging. Untagged packets that arrive at any port will be tagged for VLAN 2 before forwarding. Packets tagged for any VLANs other than 1 thru 5 will be dropped.

In our HMOL network policy VLAN 2 is defined as the native (untagged) VLAN. The MGT interface is VLAN 1.

When I unplug the cable running from the SR2024P to the AP121, plug the EGS2110P in and then run a second cable to an AP121, it is never able to reconnect to the hive after rebooting.

When I plug a cable into the EGS2110P and then to a laptop or desktop that is configured for DHCP, they get addresses assigned to them that correspond to VLAN 2, and they're able to access network resources.

Photo of KatInTX81

KatInTX81

  • 23 Posts
  • 0 Reply Likes
  • Frustrated!

Posted 4 years ago

  • 1
Photo of James Forbes

James Forbes

  • 11 Posts
  • 6 Reply Likes
I think setting VLAN 2 as the native (untagged) VLAN is the problem here. You've set the untagged VLAN to 2, but your MGT interface is still on 1. This means that any MGT traffic from the AP will be tagged with a VLAN ID of 1. From what I read above this will get dropped. You should change your MGT VLAN to 2 or Keep it at 1 and also set VLAN 1 as the native (untagged) VLAN.

Really what you want is for you MGT interface to be untagged. Set it the same as your native (untagged) interface and it will be untagged.

I think what you want to do here is throw untagged traffic from the MGT interface to the EGS2110P.
Photo of KatInTX81

KatInTX81

  • 23 Posts
  • 0 Reply Likes
James,

Thanks for the idea, but it turns out that the real root cause was poor documentation from the 3rd party vendor. I spent an hour or so on the phone with one of the Aerohive techs running various Wireshark captures, and we finally stumbled on the right configuration for the EGS2110P that would pass packets tagged for VLANs 1, 3-5 and the untagged packets on VLAN 2.

Once the issue with the EGS2110P was resolved, I applied the same configuration to a Netgear GS108Ev2 (which was also giving us problems and has similarly poor documentation). So now we have traffic for all 5 VLANs passing through the 3rd party switches as needed. And we were able to leave VLAN 1 as the tagged management interface and VLAN2 as the untagged native interface.

Bob
Photo of KatInTX81

KatInTX81

  • 23 Posts
  • 0 Reply Likes
Oh ... for posterity's sake, the change was this ... in the EGS2110P and GS108Ev2:
  1. all switch ports are members of all 5 VLANs
  2. all ports are configured in the 802.1Q advanced settings as tagged for VLANs 1, 3, 4 and 5
  3. all ports are configured as untagged for VLAN 2
  4. all ports are configured with PVID = 2
The change that we stumbled upon, and which seems to contradict both the EnGenius and Netgear documentation, is item 2 ... configuring the ports as tagged for those VLANs.
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
I create
a mgmt vlan - with DHCP assigning the APs their mgmt IP
a native vlan - used for layer 2 communication

on switch
AP1 port
trunk mgmt vlan, native vlan, vlans for wireless users, AppleTV vlan etc..

uplink to another switch

trunk mgmt vlan, native vlan, vlans for wireless users, AppleTV vlan etc..

the another switch AP 2 port

trunk mgmt vlan, native vlan, vlans for wireless users, AppleTV vlan etc..

for cisco switches you can define the native vlan on the switch port that is trunking.