Native Vlan and tagging

Unanswered Question
Aug 31st, 2009


I have a particular installation on a customer site.

The management vlan is the number 1 (which is the native vlan) for the whole network and all the switches tag the native vlan.

So when I plug my AP on a port of a switch configured in trunk mode, it doesn't work.

How can I resolve this issue?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dancampb Mon, 08/31/2009 - 05:31

Sounds like you might have a native VLAN mismatch. On the controllers you mark the native VLAN with a 0 as the vlan identifier. If your management interface is on a different VLAN than one and you have it untagged then there is a native VLAN mismatch.

Also keep in mind that the native VLAN is only link specific. It doesn't have to be the same throughout the network.

angedibartolo Mon, 08/31/2009 - 05:40

Thanks for your answer but my problem is that all vlans are tagged on the switch so the native vlan too and not on the AP.

When I define an HREAP AP, I have to configure a trunk port connected to my AP but the AP isn't joignable because the native vlan is untagged for the wireless part and tag on the network part.

George Stefanick Mon, 08/31/2009 - 18:49

So the native vlan is tagged too? Can you draw this out ... How is the network configured.

angedibartolo Mon, 08/31/2009 - 23:44

On the global configuration on each switch, there is the command : dot1q tag native so the native vlan is tagged on the network but still untagged on my AP.

ethiel Wed, 09/02/2009 - 14:01

Depending on if the switching hardware supports it, you could use the command "no switchport trunk native vlan tag" on the ports connecting to APs to disable native VLAN tagging on a per-port basis.

Also, have you enabled VLAN support for the AP, and specified the Native VLAN ID?

angedibartolo Wed, 09/02/2009 - 23:36

I use 3560 switches.

It's a centraziled wireless solution with a WLC and I use HREAP that's why I have to define a trunk port.

Can I specify a native vlan with this solution? I don't think so.

ethiel Thu, 09/03/2009 - 06:44

Yes, you can specify the native VLAN, though I am not sure if that will enable tagging of that VLAN or not. You might have to try it yourself to see. See the following link for pictures of the pages in question.

Because I think it will require a reboot after enabling HREAP but before setting up VLAN support, you might need to set it as an access port while making the changes.

1. Do not use VLANs for your H-REAP deployment and set the access point switch ports as Access ports in the VLAN you want your users to be in. The AP will need an IP in the user VLAN, but that is not usually a problem. If you do not need multiple user VLANs from different SSIDs, this will be the easiest option.

2. Disable native VLAN tagging for the ports with APs with the command I listed above.

angedibartolo Thu, 09/03/2009 - 07:05

If I change the native vlan on the controller, my AP will try to have an IP address on this new native vlan because I cannot change the bridge group on the BVI.

On the 3560 switches, it is not possible to untag native vlan per port.

Does the controller support ISL trunk?

Maybe it's a way to bypass dot1Q vlan tagging!!

weterry Wed, 09/02/2009 - 19:40

I'm assuming this is autonomous, given that you a trunking vlans into the AP.

If so, perhaps you could create a fa0.1 subinterface tagged as vlan 1 (not native).... if you bridged this to the BVI would it put the interface in a tagged vlan 1?

You may need to create some other dummy vlan and make it "native" on the AP, but I'd think you could bridge the .1 subinterface so that it would tag the vlan appropriately.

weterry Thu, 09/03/2009 - 09:16

Are you trunking for HREAP then?

Otherwise, why are you trunking?

If you are HREAP, then I'm not sure what to tell you at the moment.

wrair_carraed Fri, 09/04/2009 - 05:06

Is this your first Wireless installation in lightweight mode and controllers?

angedibartolo Fri, 09/04/2009 - 05:11

No, it's not my first installation but it's the first time where the network tags the native vlan.


This Discussion



Trending Topics - Security & Network