08-28-2009 05:12 AM - edited 03-06-2019 07:29 AM
I have setup a WAP with 2 SSIDs, one untagged and the other on VLAN tag 8. I tested it with one 2960 switch and I can get to my corp lan on the untagged and can get to a public TimeWarner connection on Vlan 8 SSID.
Once I have added a couple more switches to the mix I cannot get the VLAN 8 to give me an address for the public connection. On VLAN 8 SSID, I get an address from my corp DHCP server but should not.
I think the tags are working because when I connect to the VLAN 8 SSID and get a corp address, I cannot get to the Internet.
When I connect to the SSID for the corp lan, I get a corp address and can get to the Internet.
I have attached my setup that work and don't work. No routing between VLANs is needed.
Please help
08-28-2009 05:33 AM
Hi Ron,
A couple of questions:
1.) Why is in both cases the connection to your corporate server made as trunk? Moreover, the trunk seems to be limited to VLAN 1 only, and because the VLAN 1 is the native VLAN by default, you are essentially degrading that trunk to access operation in VLAN 1. If the corporate DHCP server is in a single VLAN only (which it normally should), you should set up the port as static access port, probably with VLAN 1 membership.
2.) Does the VLAN 8 exist on all your switches?
Best regards,
Peter
08-28-2009 06:08 AM
Peter,
Yes, VLAN 8 does exist on all the switchs. So, If I remove the trunking on the ports that are normally just my corp lan and leave the interconnecting ports how I have it now, should it work.
08-28-2009 07:29 AM
I have updated my drawing to make my corp lan only port for DHCP to access mode. I can get the SSID for VLAN1 to work, but cannot get an address for VLAN8. What else in my configs do I need to change. Does VLAN8 need an IP address on each switch? All I did on the switches to define vlan8 was configure the port with VLAN8.
08-28-2009 07:46 AM
Ron,
I assume you have 3 Catalyst 2950/2960 switches. Can you issue the show vlan brief command on each switch and confirm that the VLAN 8 exists everywhere? I am asking again because you have not defined the VLAN 8 as it is normally explicitely done - you have just used it but you haven't created it. Especially the middle switch does not have any access ports in VLAN 8 - you have just referenced the VLAN in a trunk configuration. Therefore I wonder if the VLAN 8 indeed exists.
Best regards,
Peter
08-28-2009 07:53 AM
08-28-2009 07:59 AM
Hi,
What commands have you configured to route between VLAN 8 and VLAN 1?
You'll need to have an SVI in place somewhere on VLAN 8 with an IP Helper Address pointing at your DHCP server on VLAN 1 and your DHCP server should have a scope setup for VLAN 8 requests.
08-28-2009 07:55 AM
The DHCP server will not understand frames tagged with VLAN 8.
You need to configure the ip helper - on a vlan 8 SVI interface pointing to the DHCP server.
08-28-2009 07:57 AM
Ok, the DHCP server should only respond to items on VLAN 1. The NETGEAR should respond to items on VLAN 8. The WAP has 2 SSIDs, one is (untagged vlan1) the other is tagged VLAN 8. The untagged should go to internal network, the VLAN 8 should go to the NETGEAR for guest internet access.
08-28-2009 08:02 AM
Ahh OK - why do you have 2 seperate DHCP servers?
From the AP can you ping the netgear DHCP server? and vice versa?
08-28-2009 08:04 AM
The corp Dhcp give out address to all my workstations and such. The Netgear gives out its own addresses to people on VLAN 8 and routes them to a TimeWarner connection for guest internet access.
In my test diagram that worked, yes everything worked exactly like I wanted it to. Only when I put the other swithes in place did the VLAN 8 stop working.
08-28-2009 08:14 AM
are you running vtp? ALL switches must know about vlan 8, if not VTP - then you have to configure vlan 8 on all switches.
The switches will not pass traffic for unknown vlans.
08-28-2009 08:17 AM
We are not running VTP because we are so small. How is the best way to configure VLAN 8 manually on each.
08-28-2009 08:20 AM
#conf t
vlan 8
name <
I would still configure VTP - that way you know all switches in the vtp domain will all have the correct vlan's.
Also make sure the vlan's are allowed on the trunk ports.
08-28-2009 08:21 AM
Ron,
If possible, please, post the complete configurations of all three switches. Also include the output of the following commands on each switch:
show cdp neigh
show int trunk
show vlan brief
show int status
That will be a long output but please no simplification. All that is necessary.
Best regards,
Peter
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: