Catalyst 2960 switch - Multiple Vlans for Multiple Wifi SSD's

twellings · ‎12-29-2015

All,

I'm trying to setup multiple vlans to route traffic from multiple ssids on netgear aps (which support vlan tagging).

vlan 117 for guest wifi and vlan 104 for corporate wifi. The aps can connect to the netgear controller but in some instances they will need to connect to the cisco 2960's.

Can anyone help me to set up a fast gigabit ethernet port for multiple vlans that correspond to the vlans per ssid. We have a fortigate that handles routing and windows for dhcp.

The wireless clients need an address and guest users route straight through to the internet.

Thanks

Tom

casanavep · ‎12-29-2015

let's say the FastEthernet port was going to be 20 on the switch, only VLANs 104 and 117 needed to go to the AP (may be more for AP management (untagged)), it could look something like this to setup the port:

! Enter global configuration mode

config t

!

! WIPE ANY EXISTING CONFIGURATIONS from port 20

default interface Fa0/20

!

! Trunk (send multiple tagged VLANs down port) on interface 20

! with just those VLANs allowed (don't forward broadcast or multicast

! for other VLANs down that port)

interface fa0/20

shut

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 104,107

switchport mode trunk

no shut

!

twellings · ‎12-30-2015

Thanks both for your replies. You are both recommending the same answer which is encouraging. I tried to follow the instructions but the 2960 wouldn't let me set encapsulation ( I hope this means I don't have to).

Do I need to set a native vlan? I followed the instructions but I can no longer ping the ap.

I changed the allowed vlans to all but still no ping.

What am I missing?

Reza Sharifi · ‎12-30-2015

Hi,

You also need to create both vlans on the 2960

config t

vlan 104

name corporate-wifi

exit

vlan 117

name guest-wifi

exit

also, can you post the output of the interface config?

sh run inter x/x

HTH

twellings · ‎01-20-2016

All thanks for the advice, this is where my issues currently stand.

Background

I have 4 wireless ap's 192.168.4.194,5,6,7 on 255.255.255.192 subnet. vlan104

This used to be the old wireless range.

I have three ssids guest vlan 117, corp114 and staff118.

I have set up the vlans and given vlan 114 access to corp network and internet

Vlan 117 and 118 connect straight to the internet. All vlans have dhcp subnets set up and all ssids give the correct ip addresses.

Netgear Aps tags ssid traffic with the corresponding vlan 114,117 and 118.

On the switch the port is in 802.1q trunk and allows all vlans but to be able to connect to the ap I had to make vlan 114 the native vlan.

The ap's untagged vlan is 1 and it is also the management vlan.

Where does the aps untagged and mgment vlan come into the setup. Is there a simpler way to set up multiple vlans for multiple ssids?

m.agostinelli1 · ‎12-31-2015

Cisco 2960 switches do not support the encapsulation command.

Can you post the following outputs?

show vlan brief

show run interface fast 0/20

show vlan id 104

show vlan id 117

Clearly your vlans should be configured on the interface connected to the AP, and on an interface connected to the router.

If you use the native vlan, you send the packets to that vlan without tag in the header (as in access mode), while other traffic is passed tagged with the own vlan.

Reza Sharifi · ‎12-29-2015

Hi,

On the 2960s you just need to trunk the ports with vlans 117 and 104.

example:

config t

interface gi0/10

switchport mode trunk

switchport trunk allowed vlan 117,104

HTH