Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3992
Views
0
Helpful
5
Replies

AP 2802 vlan tagging (wlc based) not working

norbert alig
Level 1
Level 1

‎06-25-2018 01:26 AM - edited ‎07-05-2021 08:46 AM

Hi all,

I'm trying to use vlan tagging for the AP-2602 access port to join the WLC.

VLAN-Tagging is enabled for the AP (WLC setting) and the switchport as tunk.

 

AP won't access the right VLAN.

Work when I change the switchport to access-mode, access vlan xx.

 

VLAN-tagging Works for the AP 2700 version.

 

Can it be that AP's 2800/1800 do not support the vlan tagging?

 

 

Thanks,

Norbert

Labels:
0 Helpful
5 Replies 5

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎06-25-2018 01:47 AM - edited ‎06-25-2018 01:48 AM

AP are in local or flexconnect mode ?

 

If the AP is in local mode, the switch's port is in access mode no matter how many ssid are managed by the AP. All the trafic go in the CAPWAP tunnel

 

If the LAP is in HREAP/Flexconnect mode, the switch's port is in trunk mode.

H-REAP allows to swtich some wlans locally, that's why a trunk port is necessary on the switch.

 

REgards

Dont forget to rate helpful posts

 

0 Helpful

norbert alig
Level 1
Level 1
In response to Sandeep Choudhary

‎06-25-2018 02:30 AM

The AP is in local mode.

I know that the AP need's only one vlan to connect with the wlc.

As the AP's area are not secure, I want to tagging the "access-vlan" from AP view.

E.g. somebody diconnect the AP network cable an put the laptop on it, it will connect to an "empty" vlan (the native one). When the AP is connected, it tagges the "right" vlan to get connected with the wlc.

 

This setup worked for AP 2700.

 

Regards,

Norbert

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to norbert alig

‎06-25-2018 03:02 AM

I don’t know how it worked with the 2700’s. Where are you setting the management vlan when the AP is in local mode? For the longest time, all Cisco access points require that the AP management is not tagged. Basically either access vlan or if trunked, native vlan. This is in their deployment guide(s).
What you are trying to do is typically done with 802.1x auth on the switchport. The switch would send auth to radius and then radius would assign the vlan.
-Scott
*** Please rate helpful posts ***
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to Scott Fella

‎06-25-2018 04:26 AM

Or the cheaper, easier, less secure way of mac-address-learning (sticky mac address). This will only work with APs in Local mode and not protect from clients copying the mac address of the AP.
0 Helpful

norbert alig
Level 1
Level 1
In response to Scott Fella

‎06-25-2018 04:32 AM

It’s on the WLC / Wireless / Detail for AP / Advanced / VLAN Tagging


VLAN Tagging Settings

VLAN Tagging

VLAN tagging of the CAPWAP packets that you can enable or disable.

Trunk VLAN ID

ID of the trunk VLAN.
If the access point is unable to route traffic through the specified trunk VLAN, it untags the packets and reassociates with the controller. The controller sends a trap to a trap server such as the Cisco PI, which indicates the failure of the trunk VLAN.
If the trunk VLAN ID is zero, the access point untags the CAPWAP packets.

VLAN Tag Status

Whether the access point tags or untags the CAPWAP packets.



0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card