management vlan for 6.6r1 HM and 230 APs

  • 1
  • Question
  • Updated 1 year ago
experts,

My current configuration for 230 APs with juniper switches:

description ap326;native-vlan-id 80;
unit 0 {
    family ethernet-switching {
        interface-mode trunk;
        vlan {
            members all;
        }
    }
}
HM is a virtual appliance and that VM is set as switch-port on the ESX host - 1GB for 80 A-Points. 

However, under policy Management and Native VLAN Settings are set to VLAN1. In juniper EX switches vlan1 is not allowed. My HM is set and configured with 192.168.80.100 co with current config all APs are connected to HM. Using VLAN proble vlan 1 is recognized ad 192.168.80.1.
Also all vlan are recognized as expected.

1. I am trying to fallow best practices and really have concern if I should change Management and Native VLAN Settings for MGTM vlan = 80.

2. As we used juniper switches for 3 months now, I have noticed a small latency on the ports that AP are connected as resulting in CAPWAP alerts as some AP are being disconnected for short time. 

Thank You
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes

Posted 2 years ago

  • 1
Photo of Knarf

Knarf

  • 18 Posts
  • 2 Reply Likes
Hey,

1. You are right that the default mgt and native VLANs are set to 1. However, there is no problem with setting the mgt and native to 80.

2. As long as your APs are not losing WAN connectivity, it should not be a major issue, and client traffic will not be impacted. If you just deployed the switch and started to see the issue happen right when you deployed the switch, you may want to investigate that further with Juniper. It also doesnt hurt to see what duplex and speed the switch ports are negotiating with the APs. The APs use auto for duplex and speed by default.
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
Thank You Knarf, Once I have changed both to VLAN 80 on HM connection to the HM is lost. 

Interface on the swithc for HM VM is set as switchport:

unit 0 {    family ethernet-switching {
        vlan {
            members 80;
        }
    }
}

Should I change it to trunk port ?
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
Yes. APs need to be on trunk ports as they need to access any VLANs that they will be servicing.

And you actually do not need to change the mgt and native VLAN on the AP from the default of 1 if they are on the same VLAN and the native VLAN of the switch port is the VLAN for AP management. Since you have the native VLAN on the switch port set to 80 and this is the management VLAN for the AP, the AP does not need its config changed since it does not need to tag its management traffic.
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
That make sense. Since HM is on 80 and all APs are on 80. Other VLANS are visible since I allowed are vlans on the trunk ports. 
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
I understand this post was made 8 months ago, but I found some issue when used native vlan 80 in the trunk mode on juniper 4300 switches:

unit 0 {    family ethernet-switching {
        port-mode trunk;
        vlan {
            members [ 3 5 10 15 ];
        }
        native-vlan-id 80;
    }
}

And I have noticed all ports that aerohive access points are connected are bouncing once a while assuming there is loop and STP causing that. When I contact Aerohive Tech I was told to idnore CAPWAP alerts but from what I see its a bigger issue may affects my whole Aerohive wifi infrastructure. There is nothing worst than misconfigured wifi network. 

If I delete native vlan 80 from trunk mode access point losing the connection to HM.

What would You advice? 
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
I don't know Juniper's commands, so I can only guess at this. But if it is similar to Cisco, 80 would also need to be listed in the members. In Cisco you list all the allowed VLANs in the trunk, so the native VLAN must also be listed in the allowed VLANs.

Are the APs actually bouncing, i.e. they reboot? A loop should not cause them to reboot. A loop will cause APs to show as down in HM, but if you look at the uptime of the APs they will show that they have not rebooted. That is unless in Juniper when STP blocks a port it also disables the PoE to the port. But that also means that the loop was detected on a port that the AP is on, which I would think is unlikely.
Photo of MST

MST

  • 152 Posts
  • 3 Reply Likes
I will have Juniper tech looking into that. The Access Points are loosing CAPWAP connection for a few seconds according to Juniper and email warnings from Aerohive but all access points are up and running. Juniper ports with Aerohive access point shows port down and then port up. I assume RSTP but I might be wrong since I still investigate that and Juniper will be looking into that too. I opened a case with Aerohive but i was advised to ignore these email alerts from aerohive HM. I just want to make sure all is ok like it should. Thank You -Adam