topic Re: native VLAN on WLC in Wireless

native VLAN on WLC

Saman Shamim — Sun, 04 Jul 2021 04:02:38 GMT

Hi guys,

Let’s say I want to put WLC’s management interface and APs in a separate VLAN than the native/untagged one as Cisco recommends that as a good design practice to use only tagged VLANs on the WLC:

Management Interface VLAN Identifier (0 = untagged): 60

Now on the switchport which connects to the WLC, can I just do the following:

interface GigabitEthernet1/0/1

description Trunk Port to Cisco WLC

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2-4,60

switchport mode trunk

no shutdown

or I need to add this command as well to make it work? :

switchport trunk native vlan 60

In other word, can I put the management interface in a tagged VLAN but not changing the native/untagged VLAN? The reason that I don’t want to touch native VLAN is that the non-Cisco L3 device in the network doesn’t let me to change its untagged VLAN.

Regards,

Saman

Re: native VLAN on WLC

Scott Fella — Tue, 08 Nov 2011 06:35:30 GMT

If you are setting the wlc vlan to 0 which is untagged, then you need the switchport trunk native vlan 60. If your network devices don't support untagged vlans, then set the wlc management interface vlan to 60.

Sent from my iPhone

Re: native VLAN on WLC

Saman Shamim — Tue, 08 Nov 2011 08:51:42 GMT

f you are setting the wlc vlan to 0 which is untagged, then you need the switchport trunk native vlan 60

If I'm using default untagged 0, then why do I bother changing naive VLAN to 60 on the switch?

where did you get that VLAN 60 from? Am I missing something or you made a typo?

By the way, here is my point of confusion:

Please go to this link . You'll see the following on WLC:

Management Interface VLAN Identifier (0 = untagged): 60

and the following on the switch:

interface GigabitEthernet1/0/1
description Trunk Port to Cisco WLC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-4,60
switchport mode trunk
no shutdown

Now go to this link and you will see this on WLC:

Management Interface VLAN Identifier (0 = untagged): 60

and this on the Switch:

interface GigabitEthernet1/0/1



description Trunk Port to Cisco WLC



switchport trunk encapsulation dot1q



switchport trunk allowed vlan 3-4,60



switchport mode trunk



switchport trunk native vlan 60


no shutdown

Re: native VLAN on WLC

nikhilcherian — Tue, 08 Nov 2011 09:30:55 GMT

WlC works like this

When you configure a VLAN to tag the management interface, WLC will tag all the packets going out of management interface with that VLAN. With native vlan configured in switch port, switch expects frames in native vlan come without any tag.

For example if you configure the vlan as 60 in WLC, any frame going out of management interface of the WLC will be tagged with vlan 60. With native vlan as 60 in the switch port, switch expects any frame coming in that port in vlan 60 without any tag. But since your frame from WLC is coming as tagged with VLAN 60, the switch will drop the frame. Where as if you had configured vlan as 0, the WLC will send out the frame without any vlan tag, and switch will recognize the frame as in vlan 60 and will process it .

The other way around is to configure the native vlan as som other vlan than 60, so that switch can still understand the frame and process it

Thanks

NikhiL

Re: native VLAN on WLC

Scott Fella — Tue, 08 Nov 2011 14:28:30 GMT

You stated that your management vlan on the wlc is 60, so this means you do not need the switchport trunk native vlan 60. You would use this command if you set the wlc management vlan to "0".

If I were you, set the wlc vlan to "0" and enter the native vlan 60 command to the trunk port in the switch.

Sent from my iPhone

Re: native VLAN on WLC

Saman Shamim — Tue, 08 Nov 2011 17:27:28 GMT

If I were you, set the wlc vlan to "0" and enter the native vlan 60 command to the trunk port in the switch.

Got you. with your and nikhilcherian's explanation it totally make sense now. Just two quick questions and I'm done:

1. You're recommending 0 untagged for the WLC but Cisco recommends tagged like 60. Which recommendation should I take? My network has one WLC and 122 APs.

2. In case that I can't change the native VLAN on the non-Cisco L3 device to 60, then I have no other option than tagging WLC's traffic so I don't have to issue any native command on L3 device. Is that correct?

Btw I really appreciate your help.

Re: native VLAN on WLC

Scott Fella — Tue, 08 Nov 2011 17:35:58 GMT

Cisco recommends you setting the WLC management vlan to '0' untagged. Even though your management vlan is 60, you basically saying, anything that comes in in vlan 60, do not tag. So the switch sees traffic from the WLC as not tagged and knows to send out that untagged traffic to vlan 60 and vice versa.

So on the switchport you would configure this:

interface GigabitEthernet1/0/1

description Trunk Port to Cisco WLC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3-4,60
switchport mode trunk
switchport trunk native vlan 60

no shutdown

Re: native VLAN on WLC

Scott Fella — Tue, 08 Nov 2011 17:46:33 GMT

Good explanation:

For switches running 802.1Q as the trunking mechanism, thenative VLAN of each port on the trunk must match. By default all COS ports are in VLAN 1; and the native VLAN on the IOS devices is also configured for VLAN 1, so the native VLAN does match. If you choose to change the native VLAN, use theset vlan command for COS switches or the switchport trunk nativevlan command for IOS switches to specify the native VLAN. Remember that thenative VLAN must match on both sides of the trunk link for 802.1Q; otherwise the link will not work. If there is a native VLAN mismatch,Spanning Tree Protocol (STP) places the port in a port VLAN ID(PVID) inconsistent state and will not forward on the link.

NOTE

Cisco Discovery Protocol (CDP) version 2 passes native VLAN information between Cisco switches. If you have a native VLAN mismatch, you will see CDP error messages on the console output.

For the switchport config

amandeepsingh2 — Fri, 17 Feb 2017 18:58:23 GMT

For the switchport config keep the native Vlan command with Vlan ID and then on WLC dont put any Vlan Identifier on Mgmt Interface.

In that way you could use any IP address from the Mgmt Subnet that you use on the WLC Mgmt Interface and WLC traffic will be sent to the switch without any tag . Once traffic reaches the switchport than switch will put the traffic in Native Vlan configured on the trunk port.

Thanks,

Aman