I have WLC 2106 with 10 APs and two internet lines (one for internal (top) and one for guest wifi (below)). Internal users use main SSID (users) and guests use different SSID (guest). When I looked at port 3 of WLC, it connected with one 8 ports netgear switch and then D-link router. I know that WLC supports auto MDI-X so I did not worry about cross cable. (Actually I tested with cross cable for test). But every time when I disconnected netgear switch, no matter what cable I used, WLC couldn't ping D-link router.
So, when I looked at Controller interface I saw that VLAN identifier was 14. So I did "show vlan b" at Core switch to find out whether this vlan was used by any access switch, but none of switch used this vlan. Core switch was connected through all access switches, but access switches did not have this vlan 14. Also all APs are connected through trunk port (which is not right, unless we used H-REAP mode). Anyhow I changed vlan ID as untagged and took out netgear switch, then it worked.
I guess that previous engineer made a vlan 14 in Core (He did not even make vlan 14 at any access switches connected to APs) and put trunk ports toward APs (which is not a best practice unless we used H-REAP mode). So he might think that this vlan was connected from WLC to every AP, so AP can send guest SSID.
Now these are my questions.
1. Is vlan 14 necessary in core switch? vlan 14 doesn't have any IP address (show ip int b --> no interface IP address, also even access switches do not have this vlan 14) So it seems like that someone in my company made a vlan 14 in core switch and made vlan Id 14 in WLC with extra netgear switch to make it work.
2. Why was this netgear dummy switch neccessary to make it work with tagged ID vlan 14 between WLC and D-link router? WLC had a tagged vlan 14 connected with Netgear switch, Does this netgear switch make untagged before it reaches to D-link router?
3. Usually dynamic vlan (data vlan) needs to be tagged like below (tag 16 for internal user). If this vlan (guest) was not tagged like below, does it make any problem because management and AP manager have same untagged vlan.
Thanks for your feedback and knowledge.
(update) for question 3) Actually this D-link router is connected at Port 3 (Not Port 1 which is connected to mamangement interface). I guess that is why untagged vlan ID works.