Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco WAP321 VLan tagging

OK, here is my problem.

I have a SonicWALL with a lan and dmz set-up on separate ports. the lan is a subnet and the dmz is Each plug into an HP switch that has a vlan, the first vlan is vlan2 (the lan) and the other is vlan3 (DMZ or guest). vlan1 is the trunking vlan I set up. The switch is configured  so that the first half are untagged vlan2, the other excluded and the last 4 ports are tagged for vlan2. The second half (excluding the last 4 ports) are untagged for vlan3 and the last 4 are tagged vlan3 and the first half excluded. vlan1 is untagged in the last 4 ports and all others excluded. this switch plugs into an HP PoE switch that has all trunking ports on it that service wap312's. Again, the vlan config for the PoE switch is all ports are untagged vlan1 and tagged for vlan2 and vlan3. When I configure a WAP2000, I create the ssid for vlan2 and vlan3 and select vlan2 as the management vlan and there is on option that says untagged or tagged. When I select tagged everything works great. on the WAP321, I can only get to the internet with the vlan2. I get DHCP on vlan3, but can't get out to the internet. I don't understand why this is working on the wap2000 but not the wap321. There is on option under lan>vlan and ipv4 that says untagged vlan and there is a checkbox. Whether I check or uncheck that box, the vlan3 still doesn't work. Can someone please help me out because I can't get wap2000 anymore and I don't know what I'm missing. Thanks,

Community Member

Nevermind, I got it figured

Nevermind, I got it figured out. Here's the problem. There is a glitch that causes these things to work incorrectly. I had to remove the PoE switch and use power injectors and use the first switch. I had to change six of the ports to vlan2 untagged and vlan3 as tagged and exclude the trunking port vlan1. I then had to configure the APs on the guest subnet and have vlan3 the management vlan and vlan 2 as untagged on the AP. This is a total workaround and is unsupported. It works but it shouldn't and Cisco has no solution.

CreatePlease to create content