Solved: Multiple VLAN's over one port

Adam.Jaster · ‎10-04-2011

I am trying to find a way to configure 4 AP's (LAP1142N model) to broadcast 2 WLANs, each with its own VLAN. There is already an existing one that is connected to the internal network, but we woud like to add a second segmented network that goes directly to the internet without touching any of our internal systems for guest access.

All of the AP's are lightweight and are managed by a Cisco Wireless Controller, but cannot be connected directly to it due to being spread around the building.

I have found that there is a way to do this using the "switchport voice vlan xx" command, but I am not sure exactly how to execute this and propagate it through the successive switches out to our firewall. The network was constructed by someone else and from what I can tell all of the routing between the vlans does not occur in any of the switches that the AP's are connected to.

I apologize if the description of the situation was confusing to anyone, but I appreciate any help/advise that anyone has to offer.

Thanks,

Adam

Jon Marshall · ‎10-04-2011

Adam

If you want to use multiple data vlans then the switchport voice vlan command isn't really what you need unless it is actually for VOIP.

You simply connect the APs using trunk links which allows multiple vlans to go down the same physical link.

It's not clear what you mean by the segmented network not touching any internal systems ? Do you mean that the traffic can be carried across your switches etc. but it should only be allowed to access the internet ie. not talk to any internal devices ?

Jon

View solution in original post

Jon Marshall · ‎10-04-2011

Adam

If you want to use multiple data vlans then the switchport voice vlan command isn't really what you need unless it is actually for VOIP.

You simply connect the APs using trunk links which allows multiple vlans to go down the same physical link.

It's not clear what you mean by the segmented network not touching any internal systems ? Do you mean that the traffic can be carried across your switches etc. but it should only be allowed to access the internet ie. not talk to any internal devices ?

Jon

Adam.Jaster · ‎10-05-2011

Yes Jon, the data can go through the switches to the internet, but should not be able to talk to internal systems.

I tried to set up a trunk port to the AP's and I was able to ping it directly, but it was not able to communicate with the Controller anymore. Are the lightweight AP's capable of handling and decoding the encapsulation that comes with a trunk port?

Jon Marshall · ‎10-05-2011

Adam

That's a good question actually. I assumed they could but it may not be that simple. Can you repost this into the Wireless forums where they should be able to give you a definitive answer.

It may be a native vlan issue but it could just as easily be because you cannot run 802.1q on LAPs.

Jon

Adam.Jaster · ‎10-05-2011

I did a lot of digging and it looks like this is no possible to do how I want to do it because the AP's indeed do not support dot1q. It needs to be handled through the controller using AP groups and VLANs. Supposedly, all of the ports on the controller are trunk ports, but I am having some trouble connecting to it when I make the port on the neighboring switch and trunk port as well.

However, like you said that is a question for the Wireless forums so thats where I am headed. Thanks for the help Jon