Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with VLAN's on AP1200

After enabling 802.1q VLAN's on the (test-)switch I tried to enable them on the AP1200 too. I added all VLAN's needed, entered a native-VLAN-ID (id '1' in my case) and enabled tagging. I want all RADIUS (802.1X) traffic to use this native-VLAN, and to assign the other VLAN's to users after authentication.

The first problem is that the native VLAN is never used (I'm really sure I enabled the VLAN and enabled the VLAN in general). I get the following error in the logs/on the console:

"VLAN (802.1Q) Tagging is Enabled, but no Native VLAN is Enabled"

when sniffing the traffic on this switch-port (with a hub) I see that the AP-1200 doesn't use 1q-tag's, but that there is tagged-traffic from other hosts. Tagging works, but the AP doesn't seem to use it.

Is this a known problem? I've seen the same behaviour on an AP350 earlier.

(I tried to disable the "When VLAN disabled"-vlan, that didn't work. The AP was reset to factory configuration before these attempts.)

The other problem is that the AP doesn't seem to "listen" to tags received from radius. I added the tags in the dictionary of the Radius server (Radiator) and in the users-file as in the VLAN Deployment example. (Tunnel-Type = VLAN, Tunnel-Medium-Type = 802, Tunnel-Private-Group-ID = "2".)

When using cisco-avpair = "ssid=test" the users is only able to connect to this ssid, and the VLAN defined for this ssid is correct (except for the native-VLAN). Since e.g. XP is not able (for as far as I've seen) to define this (secondary) ssid to be used and there is no switching from the ssid connected to, it is no good solution for me. If this would work it still looks nicer to me to assign a VLAN, so I really hope this is possible.

The AP used runs Vxworks 12.01T

Any input is appreciated.

Regards,

Paul

1 REPLY
New Member

Re: Problem with VLAN's on AP1200

I partially solved the issues in my previous post. The VLAN assignment by Radius now works: the problem was with Radius. ("802" does not refer to the correct Tunnel-Medium-Type (I guess it's interpreted as an integer value, not as dictionary entry), that should be Ether_802 as well in the dictionary as in the users-file. I used the wrong example :-| )

I still don't get my authentication traffic over an VLAN however. The traffic for the Native VLAN is still untagged. Maybe that is the normal behaviour, but it's not what I expect from it. If it's normal, I'd like to hear that.

I found out I /can/ seperate the traffic for the "default VLAN" a client gets from the authentication traffic by defining an second ssid that's used for the infrastructure only (with the Native VLAN in it) and set the default ssid on the one a user needs to get by default.

But I'd like to see my authentication traffic over an tagged VLAN, instead of the Native VLAN that seems to be untagged (however I doubt if that is normal), and have in fact no untagged VLAN's at all.

So that part is still unsolved.

Regards,

Paul

209
Views
0
Helpful
1
Replies
CreatePlease login to create content