Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Understanding concept of native vlan in the wireless

     

     

    Introduction

    Understanding concept of native vlan in the wireless

    Legend

    A is the vlan ID that is given to the management interface of the WLC

    B is the port of the switch, to which the WLC is connected and is configured in trunk mode allowing the traffic of vlan 1,2, and 3

    ' ' indicate that the indicated vlan is configured to be Native

    -------------------------------------------------------------------------------------

     

    WLC       TrunkPort
    A         B
    1         1,    2,   3   -> will work if wlc has ip address of vlan 1
    2         1,    2,   3   -> will work if wlc has ip address of vlan 2
    3         1,    2,   3   -> will work if wlc has ip address of vlan 3
    0        '1' ,  2 ,  3   -> will work provided wlc has ip address of vlan 1, else not
    0         1  , '2',  3   -> will work provided wlc has ip address of vlan 2, else not
    0         1  ,  2 , '3'  -> will work provided wlc has ip address of vlan 3, else not
    0        '1' ,  2 ,  3   -> will !work if wlc has ip address of vlan 2 or 3
    0         1  , '2',  3   -> will !work if wlc has ip address of vlan 1 or 3
    0         1  ,  2 , '3'  -> will !work if wlc has ip address of vlan 1 or 2

    Types of ports

    1. trunk  (native keyword)

    2. access (native keyword not reqd)

    1= say, out of vlan X,Y and Z, if vlan Y has been marked as 'native', that means
    if any untagged frame (a frame without a tag for a vlan) will arrive, the data of that frame will be sent to the vlan Y
    2= if any untagged frame (a frame without a tag for a vlan) will arrive, the data of that frame will be sent to the access port
    Please note that the concept of nativity is , port-specific.
    We can have two ports native to their respective vlans, even though both ports could belong to the same switch!

    More Information

    Significance of Native VLAN When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the "native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged. Therefore, when an AP is connected to the switchport, the native VLAN configured on the AP must match the native VLAN configured on the switchport.

    Note: If there is a mismatch in the native VLANs, the frames are dropped.

    This scenario is better explained with an example. If the native VLAN on the switchport is configured as VLAN 12 and on the AP, the native VLAN is configured as VLAN 1, then when the AP sends a frame on its native VLAN to the switch, the switch considers the frame as belonging to VLAN 12 since the frames from the native VLAN of the AP are untagged. This causes confusion in the network and results in connectivity problems. The same happens when the switchport forwards a frame from its native VLAN to the AP.

    The configuration of native VLAN becomes even more important when you have a Repeater AP setup in your wireless network. You cannot configure multiple VLANs on the Repeater APs. Repeater APs support only the native VLAN. Therefore, the native VLAN configuration on the root AP, the switch port to which the AP is connected, and the Repeater AP, must be the same. Otherwise traffic through the switch does not pass to and from the Repeater AP.

    An example for the scenario where the mismatch in the Repeater AP's native VLAN configuration can create problems is when there is a DHCP server behind the switch to which the root AP is connected. In this case the clients associated with the Repeater AP do not receive an IP address from the DHCP server because the frames (DHCP requests in our case) from the Repeater AP's native VLAN (which is not the same as root AP and the switch) are dropped.

    Also, when you configure the switch port, ensure that all the VLANs that are configured on the APs are allowed on the switchport. For example, if VLANs 6, 7, and 8 exist on the AP (Wireless Network) the VLANs have to be allowed on the switchport. This can be done using this command in the switch:

    switchport trunk allowed vlan add 6,7,8

    By default, a switchport configured as a trunk allows all VLANs to pass through the trunk port. Refer to Interaction with Related Switches <http://www.cisco.com/c/en/us/support/docs/wireless/aironet-1100-series/46141-vlanswireless.html>for more information on how to configure the switchport.

    Note: Allowing all VLANs on the AP can also become a problem in some cases, specifically if it is a large network. This can result in high CPU utilization on the APs. Prune the VLANs at the switch so that only the VLAN traffic that the AP is interested in passes through the AP to avoid high CPU.

    Reference

    Using VLANs with Cisco Aironet Wireless Equipment

    VLANs on Aironet Access Points Configuration Example

    1026
    Views
    0
    Helpful
    0
    Comments