Extra Vlan's coming in on Mgmt Vlan 1 (Free Bonjour Gateway)

  • 1
  • Question
  • Updated 5 years ago
  • Answered
  • (Edited)
Hi we have 4 schools routed to out tech Center for Layer 3. We set up 4 of the free Bonjour Gateway's so we could combine each of the schools wireless and wired traffic together but not share with other schools. We set up the Vlan's specific to each school in the config and uploaded.

We still see all traffic from all 4 schools showing up on all aerohives. If School A uses Vlan's 201 & 1525. Then on the Bonjour Services it shows up on Unit A as 201 & 1525 but Vlan 1 also shows up and Vlan 1 contains all the traffic from Shools B-D. So Vlan's 201 & 1525 which should only be on box A show up on B-D also as Vlan 1?

How do I fix this?

Thanks Ben
Photo of Ben Dummar

Ben Dummar

  • 3 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of James Forbes

James Forbes

  • 11 Posts
  • 6 Reply Likes
It sounds like the bonjour advertisements are being propagated to all schools through VLAN1, our default, native (untagged) VLAN that is used by the management interface.

You could address this by putting the management interface of each Bonjour Gateway into a different VLAN, a VLAN that is only available at the school in which a particular Bonjour Gateway resides.

For example: at School A you are using VLANs 201 and 1525. Configure the management interface for the bonjour gateway at school A to be in VLAN 201 or 1525. There are two main ways you can accomplish this:

1. Use a separate network policy for each school, each with a different mgt VLAN

Mgt VLAN config in HiveManager


More Detail


The management VLAN separates management traffic from user traffic on our devices. The native, untagged VLAN is set to 1 by default. Any user profile or management interface marked with VLAN 1 will not tag the traffic from the interface or clients given that user profile. When a management interface, user profile, or Bonjour Gateway listening interface is configured for any VLAN other than one, our Ethernet port becomes a trunk port, configured with those VLANs.

Or, you could have one common network policy and override the mgt VLAN at the device level.

Check box the device (Bonjour Gateway) and click the Modify Button



Open Advanced Settings and Override MGT VLAN

Photo of Ben Dummar

Ben Dummar

  • 3 Posts
  • 0 Reply Likes
1. I am impressed with the customer service that you would go to this extent in answering a question regarding your free product. This speaks volumes to those considering your paid services.

2. After spending several hours and recording our test's we finally did get it working with the configuration listed below. I am not sure why though and would love to understand it better.

VmWare Settings: Schools A-E
VmWare Aerohive VM Ehternet 1 had to be set to a Trunk Port
VmWare Aerohive VM Ethernet 2 had to be set to the Wireless Vlan

Aerohive Online Mangement: Schools A-E
Management Vlan = Wireless Vlan
Native Vlan = 1

Allowed Vlan's Online Management: Schools A-E
Wireless, Wired

Tech Center-(This is the location the schools route back too)

VmWare Settings: Tech Center
VmWare Aerohive VM Ehternet 1 had to be set to a Trunk Port
VmWare Aerohive VM Ethernet 2 had to be Deleted

Aerohive Online Mangement: Tech Center
Management Vlan = 1
Native Vlan = 1

Allowed Vlan's Online Management: Schools A-E
Wireless, Wired

Why would it only work with Wireless Vlan in management not Wired? Why does it only work with a VmWare Trunk Port on Ethernet 1 and the Wireless on Ethernet port 2? Why on Tech Center it only works with 1 VmWare port? What documentation would help me better understand this?
Photo of James Forbes

James Forbes

  • 11 Posts
  • 6 Reply Likes
Ben,

I'm glad you like our support--even for a free product. I had a hard time following the VLANs, ports, trunk or not in your explanation so I created this little diagram to show a good way to set this up.

It seems like you have several schools A-E connected together in a large layer two domain, but with VLANs / subnets broken out for each school. The VLANs at each school are unique to that school, although they can traverse the main link between the schools via VLAN trunking (and probably connect to a layer 3 switch / router at a central location that provides the routing between the schools subnets--intra school and interschool). And this is probably why you were seeing Bonjour advertisements everywhere when VLAN1, the Aerohive default management VLAN was used for each Bonjour gateway. Doing so meant that every school listened and propagated on VLAN 1 and propagated everything it say to and from VLAN 1 which carried Bonjour advertisements interschool when they should only be intra school.

A good way to set this up is to use different VLANs at every school, including for the management interface. You should be able to use a single Ethernet interface for each Bonjour gateway, VLAN trunk the interface, but make sure that the management interface is on a separate VLAN for each Bonjour gateway. YOu can accomplish this through using a different Network policy for each school or overriding the management VLAN at the device level as I illustrated in my last post. Here is a diagram that illustrates this concept:



Of course, your VLAN numbers / names will not be the same as what I am using, but the idea is to put the management interface in a separate VLAN for each Bonjour gateway. You can use an existing VLAN that is unique to a school or create a new VLAN as long as the mgt interface is in a VLAN that no other bonjour gateway is in.

I hope this makes sense.
Photo of Bradley Chambers

Bradley Chambers, Champ

  • 302 Posts
  • 53 Reply Likes
James, I like the switch icons! :)