Unanswered Question
Apr 24th, 2008

I have doubt with regard to WLC.

The scnerio is like this

WLC is connected to switch1 with port gi0/1 switch1 is connected to

switch2 on gi0/2,and i have AP on switch2 .

Problem is this:

I have 2 vlan on controller 20,30 for user and 10 as management vlan for WLC.

The trunk link coming from switch 1 to switch2 have vlan 10 allowed

and also for switch2 to access point.

I have Vlan 20 and 30 configured on both the switches.

All the user are getting connected without any problem to vlan 20 and 30 ,

I know that information of vlan 20 and 30 will be carried by Vlan 10 ,but how will the

switch know about that.since i am not letting vlan 20 and 30 to pass on the trunk which i not allowed

I hope i am clear enough

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
SJessulat_2 Thu, 04/24/2008 - 03:31

I hope i understood your problem: you don't see, why the users can connect to vlan 20 and 30 although you blocked that vlans between the two switches?

If this is your concern, maybe this helps you: A WLC establishes a LWAPP-tunnel to each AP. Every AP sends its traffic through this tunnel. So the user traffic sorta origins on the WLC-ports.

But i have a question: Can the wireless users on VLAN 20 or 30 reach clients on switch 2 VLAN 20 or 30? They should not be able to, since the traffic is not allowed to pass the trunk.

vishwancc Thu, 04/24/2008 - 22:52

Hello SJessulat ,

Thanks for the quick reply.

I understand what you are saying put i need little more explanitation.

To answe your question the wireless user are only on switch Switch2 not on Switch1.

If i understand correctly,switch2 will send traffic for guest using vlan 10 ,but i am not sure how the encapsulation takes palce on the switch for the VLAN.i am attaching network diagram hope it helps.

SJessulat_2 Fri, 04/25/2008 - 06:11

The wireless users connect to the ap and the ap sends their traffic through the LWAPP-tunnel to the WLC. So Switch2 doesn't even have to have vlan 20 or 30, because the user traffic enters the wired LAN through the WLC-connection to switch1.

Therefore i think, if you would put a machine on switch2 into vlan 20 or 30, the wlan-users would not be able to reach this machine, because their traffic would enter switch1 through the WLC but it would not pass the trunk.


This Discussion