I am trying to figure this out. I have two vlans I am trying to run to a trailer. One is for our wireless network(vlan2) and one for our wired(vlan3). Unfortunately I have only one physical link back to the main network, an unmananged SR2024C, and a WAP4410N. So, I came up with this solution to keep my networks seperate.
I configured the port on my Cisco 3560 that runs out to the trailer as trunking with native vlan3. This connects to the unmanaged SR2024C switch in the trailer. All the wired devices that connect should and are being put on vlan3. I then configured the WAP4410N to use a default vlan2, with the SSID of my wireless network on vlan2 as well. My wireless device connect and are able to communicate back to the network, but are on vlan3. Also, I cannot connect to the WAP4410N from the main network, but if I configure my laptop with a static IP on from vlan2, I can connect to the WAP while plugged into the SR2024C.
Diagram below shows the config on the C3560G for int gi1/1 and the WAP4410N vlan info.
Thank you in advance for any help!
I agree with you that the issue is on the SR2024C. It does seem that it has a problem with the tagged frames. My guess is that it is caused by the EtherType/Length, but it could also be a factor of the frame length. Whatever the cause I think that the solution is to replace that switch, hopefully with a managed switch that does support trunking and tagged frames.
This is a creative solution and it results in connectivity. But it does not accomplish part of what you want, and I think that there is not any solution that will accomplish what you want other than changing switch hardware.
The reason that we create two vlans is so that we can separate their traffic. If vlan 2 is for wireless and vlan 3 is for wired then we want any broadcast traffic from the wireless vlan 2 to not be received by any device in wired vlan 3. Unfortunately your switch does not understand vlans. It has all of its ports in the same broadcast domain. So if there is a broadcast sent by a wireless device (thinking that it is in vlan 2) that broadcast will be received by all of the wired devices connected to the switch.
The wireless controller thinks it is in vlan 2 and uses addressing based on vlan 2. But when you configure the wireless controller to use vlan 2 as the default vlan then it sends its Ethernet frames as untagged frames. And the unmanaged switch is sending those frames over its access port to the 3560 which treats them all as belonging to vlan 3.
The good news in this is that you have basic connectivity. The bad news is that you do not have any separation between the wired network and the wireless network. The only way that I see that you can achieve the separation between the networks is to replace the unmanaged switch.