cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6578
Views
0
Helpful
12
Replies

Cisco RV 120W (f/w: 1.0.2.6) VLAN Membership Table (tagged / untagged)

Jeffesmi1
Level 1
Level 1

I just finished reading the only other discussion I could find on this issue here: https://supportforums.cisco.com/message/3414388#3414388 and the suggested document suggested in that discussion http://www.tech-faq.com/vlan.html .I'm still confused, but maybe someone can help me figure this out:

I have 3 VLANs:

1 (Default)

2 (ADMIN)

100 (SCHOOL)

My VLAN Membership table on my RV 120W looks like this:

VLAN IDDescriptionInter VLAN RoutingDevice MgmtPort 1Port 2Port 3Port 4
1DefaultDisabledEnabled

Untagged

Untagged

Untagged

Untagged

100AdminDisabledEnabled

Tagged

Tagged

Tagged

Tagged

2SchoolDisabledDisabledTaggedTaggedTaggedTagged

Port 3 of the RV 120W is plugged into a WAP4410N (Bridge1) that has the same 3 VLANs defined which acts as a bridge to another WAP4410N (Bridge 2).  Bridge 2 is connected to a Cisco SF 300 24port Poe Switch. My plan was to setup Bridge 2 as a tagged trunk to the SF 300 switch and Bridge 1 as a tagged trunk to  port3 on the RV120W.  The goal is to use the wireless connection to trunk the RV120W router in the admin building with the SF 300-24p switches in the school building to provide routing and share Internet while not allowing the students to access the admin network. I am trying to accomplish the following:

- both VLANS to have Internet access

- no communications between the school and admin VLANS

- access point isolation on the school VLAN

I haven't got this working yet, but I did speak to Cisco's small business pre-sales dept and confirmed that I can do this before purchasing the equipment.  Since I can't define a trunk, I would think that the proper setup would be to have all the VLANS on port 3 tagged, but the system won't let me.  Since it won't let me, I figure there is something wrong with what I am trying to do. The error message is Configure at least one VLAN association in Untagged mode for port 3.  Also,a dumb switch is plugged into port 2 that drives a couple of admin printers, workstations, etc.  I figure that port 2 should be untagged for VLAN 100.  This seems to work in that it will allow me to do it.  However, I am not going to plug any of this equipment into the live system until I figure out the proper settings for trunking the two WAP4410Ns. I guess my questions are:

1) How should port 3 be configured on the RV 120W to allow a proper trunk connection between the WAP4410N, bridge 1, to the WAP4410N, bridge 2?

2) How should the port 2 be configured on the RV 120W for the dumb switch that should be VLAN 100 only?

3) Why must you have a single untagged VLAN for each port, no more, no less?

4) Do you see anything horribly wrong with my proposed proposed course of action?

My general concept is something like this:

VLAN Proposal (1).jpg

Thanks in advance for any advice and suggestions.

Jeff

12 Replies 12

Jeffesmi1
Level 1
Level 1

Correction in the beggining section:

I have 3 VLANs:

1 (Default)

2 (ADMIN)

100 (SCHOOL)

SHOULD READ:

1 (Default)

2 (School)

100 (Admin)

This is listed correctly in the table.  Sorry, I'm getting tired and my proofing skills are kind of weak right now.

Jeff

Jeffesmi1
Level 1
Level 1

I'm not sure why there hasn't even been a whisper in 96 hours.  Did I format this poorly?  DId I post it in the wrong forum? Does no one know or understand the new VLAN membership table on the RV120W routers?  I guess I'll setup a lab with the equipment I have an try the different configurations and see how it works. 

I am VERY DISAPPOINTED that the documentation is so sparse on an integral feature of the router.  I am equally disappointed that no Cisco tech rep has posted an answer for me.  I thought this was a moderated forum with Cisco personnel fielding the tough questions that couldn't be answered by the community.  It is a shame that I have to waste my time and my client's money making a lab and testing multiple configurations to figure out how these settings work because Cisco did not document the router well and the primary line of Cisco tech support, these forums, has been so ineffective.

Jeffesmi1
Level 1
Level 1

Apparently, no one cares, but I figured I'd update this in case someone else has similar questions or issues.  Right now, I'm working with a Cisco Technical Support Case manager as there seems to be an issue with the WAP4410N where tagging over a bridged connection does not work.  I am hopeful that a firmware update will fix this issue so I can then figure out the configuration I asked about above.  Can't worry too much about how the VLAN membership table needs to be setup when I can't get VLAN tagging to work over the wireless bridge. 

Hi Jeff,

Thank you for posting. Sorry I didn't see this earlier. You are correct that port 2 should be VLAN 100 untagged. The problem you have is trying to trunk the VLANs over the wireless bridge. Each SSID can only be a member of 1 VLAN and therefore cannot be a trunk. So the bridge can pass a single VLAN. To accomplish what you are trying to do with this equipment you would need to attach another WAP4410N for each VLAN that you want to bridge. The Access Point that is connected to the router can have multiple SSIDs, each associated to a different VLAN. The bridge AP at the other side can only receive a single VLAN and pass it to the switch. So if you added another AP at the switch side it could pick up another VLAN/SSID and pass that traffic to the switch.

Hi, My name is Eric Moyers. I am a Network Support Engineer in the Cisco Small Business Support Center. Thank you for using the Cisco Community Post Forums.

First let me apologoze that you have not been contacted before now. I have done some research and reviewed the case that you currently have opened with our Level 2 support (620535517). You are correct until that is fixed, the rest of your configuration is mute.

To answer your questions though:

1) How should port 3 be configured on the RV 120W to allow a proper trunk connection between the WAP4410N, bridge 1, to the WAP4410N, bridge 2?

A) See Below

2) How should the port 2 be configured on the RV 120W for the dumb switch that should be VLAN 100 only?

A) See Below

3) Why must you have a single untagged VLAN for each port, no more, no less? The untagged VLAN is the Native Port or Management VLAN

A) For a trunk to work properly that untagged VLAN has to be there.

4) Do you see anything horribly wrong with my proposed course of action?

A)Not as it stands, but would need to fully test once rest of network is up and running.

Port VLANs Table

Port   Name

Mode

PVID

VLAN   Membership

Port   1

Trunk

1

1u,   2t, 100t

Port   2

Access

100

100t

Port   3

Trunk

1

1u,   2t, 100t

Port   4

Trunk

1

1u,   2t, 100t

Thanks

Eric Moyers

Cisco Network Support Engineer

SBSC Wireless and Surveillance SME

CCNA, CCNA-Wireless

1-866-606-1866

Eric,

Thanks for the comprehensive reply.  I am killing a tree and printing it out right now to add to my project folder so I have it handy once I get this pesky tagging over the bridge problem resolved.One question about the port VLAN table you've proposed:

- I understand that an earlier firmware version had the ability to define trunk and VLAN membership on the RV 120W router which I'm minimally competent enough to figure out with help.   The current firmware (1.0.2.6)  only gives you the VLAN membership table I have listed at the top of this post.  Can you translate the settings for this mechanism?  Here is what the table looks like if you don't have an RV 120W with the current firmware handy:

If I'm right, your table translates something like make VLAN1 stays untagged across all ports except port 2; VLAN 2 stays tagged across all ports but port 2; and VLAN 100 stays tagged across all ports.  Since port 2 has to have an untagged port, I'm guessing I should leave VLAN1 untagged? Or would it be better to use the 4th VLAN as a NULL or something and put the untagged  for port 2 on that? Also, Will the trunk/access mode just be inherent in how the ports are set for tagged and untagged, or do I have to do something to make them this way?  Again, I can find no way to specifically define this in the current firmware, but in reading the boards, it appears that a previous firmware gave you this ability. I wouldn't mind them putting back in standard VLAN tagging mechanisms like you find in switches.  I have trouble understanding this table mechanism they have implemented.

As a side note, while I'm a bit frustrated with this problem I'm having, I am really happy to see Cisco put some affordable small business solutions with full feature sets like this out on the market.  I've upgraded a dozen of my clients to the RV120W including my home and office networks, and once I get this VLAN issue resolved, I'll start placing these APs as a standard solution for my business clients.  I generally don't spring for smart-switches for my small clients as a 10 user network doesn't really benefit from the abilities and better performance of a higher quality switch, however the series 300 with POE at a fairly reasonable price gives me a reason to place this more expensive piece of equipment at some of my larger small clients where they need to power a remote network device like a camera or AP and as a side benefit give me a bit more monitoring and control over the network.  I would really like to continue seeing small-business network devices from Cisco to give my clients a quality choice for their network needs.

Thanks,

Jeffery Smith

The WAP4410N's have a feature called "VLAN Tag over WDS" which both Cisco presales and my current Cisco case manager have indicated should work as I'm expecting.  i.e. that VLAN tagged traffic will be passed across the WDS bridge regardless of it's VLAN membership. . . I guess it is supposed to work like a trunk connection that passes everything.)  Right now when you enable that feature, it causes the bridge to stop working within a few minutes of turning everything on, but Cisco is working on this and I hope to have a solution in the near future.  Hopefully, the next f/w update will resolves the issue.  I'll update this post when I've finished this project one way or another. Regardless of anything else, thanks for posting on this.  I was getting a bit bitter about the silence.  I thought my blurry graphic had upset everyone or something.

Thanks,

Jeff

Jeff,

It has been confirmed and next release is suppose to address Vlan tagging over WDS. If you're needing to get fixed and possible wouldn't mind using beta code then give the SBSC a call @ 1-866-606-1866 and open a support case.

Jasbryan

Thanks Jasbryan, I'm currently working with a Cisco Case manager.  We tried the last beta, but it wasn't quite there yet as the VLAN tagging was still not working quite right.  We have high-hopes that this next one will be the silver bullet that will kill our beast.

Best Wishes,

Jeffery Smith

Any resolution to this Jeffery?  I have a similar setup where I wish to push two subnets across a street using two Aironet 1310s.  The answer you got that showed how to mark a port as trunked or not is where I'm hung up too.  Your interface and mine appear to be the same where one vlan must be untagged for each port.  Kinda like the whole UI ideology shifted somewhere on how to approach setting up the ports.  Any help would be appreciated if you have figured this out.

Thanks!

Brian Gardner

Although the thread is a bit old, here's my new understanding after a few hours of reading and fidgeting.

After reading the wikipedia entry for 802.1q, this makes a bit more sense.  If you want to send, for example, two subnets (vlans) over one link, wireless or otherwise, you will need to setup three vlans.  Each port on the RV120 must be instructed as to what to do for both tagged and untagged ethernet frames.  For example, on port 4, you flag vlan 1 and 2 as tagged and vlan 3 as untagged, the port will handle untagged ethernet frames as vlan 3 traffic.  It will also send tagged ethernet frames for vlan 1 and 2 over port 4.  In short, despite the intent to reserve a port as purely a "trunked" port, it must be instructed on what to do for untagged (non vlan) frames.  Now, trunked is double quoted here because Cisco has a specific term here that is not the same as ethernet trunking.  Again, refer to wikipedia for further delineation of the usage of these terms.  Kudos to Cisco for using the terms tagged and untagged which are actually consistent with the 802.1q protocol.

http://en.wikipedia.org/wiki/IEEE_802.1Q

http://en.wikipedia.org/wiki/VLAN_Trunking_Protocol

http://en.wikipedia.org/wiki/Ethernet_trunking#VLANs

Hi Brian,

I'm sorry I didn't update this sooner, but once I found a work around, it became much lower priority.  I ended up returning the WAP4410N APs and buying some D-Link DAP-2553 APs.  They did the job without any additional setup or tweaking.  However, I'm not following the logic of your message.  The way I had it setup, if I understand your message, the primary VLAN1 may have failed because of being untagged, but since in any VLAN enabled configuration, the APs became unstable and unresponsive, we never got to the point where we could troubleshoot the specifics of sending tagged traffic over a WDS connection.  I will tell you that the D-Link DAP-4553 (I think that's the right model) worked flawlessly for both the untagged VLAN1 and the tagged VLAN5 traffic.  The only problem we had recently is when we lost power for an extended time, the Cisco Series 300 switch connected to the RV 120W router lost it's configuration and all VLAN traffic except VLAN1 stopped crossing the bridge.  I fixed it and made sure to commit the configuration.  If it happens again, I'll have to get Cisco involved, but it's possible that I just never committed the configuration after setting it up and this is the first time we lost power long enough for the UPS to drain and reset the switch's settings.  I had serious reservations about mixing vendor products like this, but I think I ended up with a fairly robust, stable, and expandable network with the mixture of Cisco and D-Link equipment.

As a note, they may have fixed this issue as I noticed the other day my RV120W at home had a new firmware update and the WAP4410N isn't a close relative of the 120W, I'd be surprised.

Best Wishes,

Jeff