There's an "AP Management VLAN" which I presume defines both the VLAN membership and the PVID of the switch itself for the purpose of accessing/managing the switch.
Then there's a "Default VLAN ID" and also each SSID has its own "VLAN ID". This is where I'm confused. Is the "VLAN ID" of each SSID essentially the PVID? In that case, why is a "Default VLAN ID" needed (when would it be used)? And where do we define VLAN membership?
If these are anything like the 1100/1200 series, then the vlan is assigned to the ssid. You can have a default vlan that one ssid can be assigned to if you only have one ssid. If you have more than one ssid, you can only have one ssid per vlan. You'd need to now tell the device that SSIDA is on vlan 1 (native) and SSIDB is on vlan 2 (non-native). When someone connects to SSIDB, the AP will tag the traffic as vlan 2 and your switch will receive that tag and carry it to your router, forward to dhcp and put you on the correct subnet.
VLAN membership is defined by the ssid and vlan that it's attached to. Currently, my APs I have 3 ssids on them. I have my "default vlan" as only my management vlan and my ssids are attached to different VLANs.
Many thanks for that reply. I was still slightly confused so I spent about 30 minutes speaking to cisco support (and very patient and polite chap from Bulgaria) and this is what they have to say:
1. Each SSID is assigned a VLAN ID. That's straightforward enough, so it means that depending on which SSID you connect to, the packets going from your wireless laptop to the switch (via the access point) get tagged with the VLAN ID.
2. There is a "Default VLAN ID". This is the VLAN ID used by the switch itself to connect to resources on the network. It is not a VLAN ID used by anyone (e.g. a wireless laptop) connecting to the access point.
3. There is a "Management VLAN ID". This is the VLAN ID for the network manager that connects to the access point to change its settings.
4. There is a "tagged/untagged" dropdown next to the "Default VLAN ID" textbox. This is for communication between the wireless user (e,g. a wireless laptop) and the access point. If set to "tagged" then all untagged packets going from the latop to the access point are dropped. If set to untagged, then all packets are let through. Although I would hope that packets tagged with a VLAN ID that is not the VLAN ID of the SSID would get dropped in any case.
I think that about answers it, hope it's useful for anyone also confused.
To optimize the database description (DBD) packet exchange between two OSPF neighbors, use the compatible rfc5243 in router configuration mode or address family configuration mode for OSPFv3 AF. To disable RFC5243 optimization, use the no form of this com...
We said always that OSPF is a link-state routing protocol.For most engineer stuying CCNA or CCNP, OSPF is misunsdertanding.In reality, OSPF is a link-state routing protocol only within an area (intra-area); but almost a distance-vector routing protocol be...
A brief difference between ISIS and OSPF link state protocolsISIS and OSPF belongs to the same routing protocol family Link State, but if you study the two routing protocols, you will find several differences, in this article you will get the answer about...
The OSPF Type-2 LSA is one of the misunderstanding LSA among all the popular LSAs in OSPF , most people learns that this kind of LSA (Type-2) is generated by DR the Designated Router in a broadcast segment, for example when two or more than two routers ar...
Table of Contents
RADIUS has been the de-facto protocol for Remote Access Authentication for decades. RADIUS/UDP as defined by RFC 2865 has traditionally used MD5 for authentication and integrity. Unfortunately, successful attacks ...