There's an "AP Management VLAN" which I presume defines both the VLAN membership and the PVID of the switch itself for the purpose of accessing/managing the switch.
Then there's a "Default VLAN ID" and also each SSID has its own "VLAN ID". This is where I'm confused. Is the "VLAN ID" of each SSID essentially the PVID? In that case, why is a "Default VLAN ID" needed (when would it be used)? And where do we define VLAN membership?
If these are anything like the 1100/1200 series, then the vlan is assigned to the ssid. You can have a default vlan that one ssid can be assigned to if you only have one ssid. If you have more than one ssid, you can only have one ssid per vlan. You'd need to now tell the device that SSIDA is on vlan 1 (native) and SSIDB is on vlan 2 (non-native). When someone connects to SSIDB, the AP will tag the traffic as vlan 2 and your switch will receive that tag and carry it to your router, forward to dhcp and put you on the correct subnet.
VLAN membership is defined by the ssid and vlan that it's attached to. Currently, my APs I have 3 ssids on them. I have my "default vlan" as only my management vlan and my ssids are attached to different VLANs.
Many thanks for that reply. I was still slightly confused so I spent about 30 minutes speaking to cisco support (and very patient and polite chap from Bulgaria) and this is what they have to say:
1. Each SSID is assigned a VLAN ID. That's straightforward enough, so it means that depending on which SSID you connect to, the packets going from your wireless laptop to the switch (via the access point) get tagged with the VLAN ID.
2. There is a "Default VLAN ID". This is the VLAN ID used by the switch itself to connect to resources on the network. It is not a VLAN ID used by anyone (e.g. a wireless laptop) connecting to the access point.
3. There is a "Management VLAN ID". This is the VLAN ID for the network manager that connects to the access point to change its settings.
4. There is a "tagged/untagged" dropdown next to the "Default VLAN ID" textbox. This is for communication between the wireless user (e,g. a wireless laptop) and the access point. If set to "tagged" then all untagged packets going from the latop to the access point are dropped. If set to untagged, then all packets are let through. Although I would hope that packets tagged with a VLAN ID that is not the VLAN ID of the SSID would get dropped in any case.
I think that about answers it, hope it's useful for anyone also confused.
Listen: https://smarturl.it/CCRS8E38 Follow us: twitter.com/CiscoChampionAdding learning capabilities to the internet will increase the overall network SLO and application experience. Real data driven experiments have shown that such an approach...
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th...
We know that the Type-1 LSA describes the link type connected to the router, the neighbor router and the subnet number.In this topology, assume we dont have a Type-2 LSA, so each router will create its own Type-1 LSA, the Type-1 LSA will describe the neig...
Here are some commonly asked questions and answers to help with your adoption of Cisco DNA Center Wireless. Subscribe to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
Q. I have a Cisco Appl...