08-28-2009 05:12 AM - edited 03-06-2019 07:29 AM
I have setup a WAP with 2 SSIDs, one untagged and the other on VLAN tag 8. I tested it with one 2960 switch and I can get to my corp lan on the untagged and can get to a public TimeWarner connection on Vlan 8 SSID.
Once I have added a couple more switches to the mix I cannot get the VLAN 8 to give me an address for the public connection. On VLAN 8 SSID, I get an address from my corp DHCP server but should not.
I think the tags are working because when I connect to the VLAN 8 SSID and get a corp address, I cannot get to the Internet.
When I connect to the SSID for the corp lan, I get a corp address and can get to the Internet.
I have attached my setup that work and don't work. No routing between VLANs is needed.
Please help
08-28-2009 05:33 AM
Hi Ron,
A couple of questions:
1.) Why is in both cases the connection to your corporate server made as trunk? Moreover, the trunk seems to be limited to VLAN 1 only, and because the VLAN 1 is the native VLAN by default, you are essentially degrading that trunk to access operation in VLAN 1. If the corporate DHCP server is in a single VLAN only (which it normally should), you should set up the port as static access port, probably with VLAN 1 membership.
2.) Does the VLAN 8 exist on all your switches?
Best regards,
Peter
08-28-2009 06:08 AM
Peter,
Yes, VLAN 8 does exist on all the switchs. So, If I remove the trunking on the ports that are normally just my corp lan and leave the interconnecting ports how I have it now, should it work.
08-28-2009 07:29 AM
I have updated my drawing to make my corp lan only port for DHCP to access mode. I can get the SSID for VLAN1 to work, but cannot get an address for VLAN8. What else in my configs do I need to change. Does VLAN8 need an IP address on each switch? All I did on the switches to define vlan8 was configure the port with VLAN8.
08-28-2009 07:46 AM
Ron,
I assume you have 3 Catalyst 2950/2960 switches. Can you issue the show vlan brief command on each switch and confirm that the VLAN 8 exists everywhere? I am asking again because you have not defined the VLAN 8 as it is normally explicitely done - you have just used it but you haven't created it. Especially the middle switch does not have any access ports in VLAN 8 - you have just referenced the VLAN in a trunk configuration. Therefore I wonder if the VLAN 8 indeed exists.
Best regards,
Peter
08-28-2009 07:53 AM
08-28-2009 07:59 AM
Hi,
What commands have you configured to route between VLAN 8 and VLAN 1?
You'll need to have an SVI in place somewhere on VLAN 8 with an IP Helper Address pointing at your DHCP server on VLAN 1 and your DHCP server should have a scope setup for VLAN 8 requests.
08-28-2009 07:55 AM
The DHCP server will not understand frames tagged with VLAN 8.
You need to configure the ip helper - on a vlan 8 SVI interface pointing to the DHCP server.
08-28-2009 07:57 AM
Ok, the DHCP server should only respond to items on VLAN 1. The NETGEAR should respond to items on VLAN 8. The WAP has 2 SSIDs, one is (untagged vlan1) the other is tagged VLAN 8. The untagged should go to internal network, the VLAN 8 should go to the NETGEAR for guest internet access.
08-28-2009 08:02 AM
Ahh OK - why do you have 2 seperate DHCP servers?
From the AP can you ping the netgear DHCP server? and vice versa?
08-28-2009 08:04 AM
The corp Dhcp give out address to all my workstations and such. The Netgear gives out its own addresses to people on VLAN 8 and routes them to a TimeWarner connection for guest internet access.
In my test diagram that worked, yes everything worked exactly like I wanted it to. Only when I put the other swithes in place did the VLAN 8 stop working.
08-28-2009 08:14 AM
are you running vtp? ALL switches must know about vlan 8, if not VTP - then you have to configure vlan 8 on all switches.
The switches will not pass traffic for unknown vlans.
08-28-2009 08:17 AM
We are not running VTP because we are so small. How is the best way to configure VLAN 8 manually on each.
08-28-2009 08:20 AM
#conf t
vlan 8
name <
I would still configure VTP - that way you know all switches in the vtp domain will all have the correct vlan's.
Also make sure the vlan's are allowed on the trunk ports.
08-28-2009 08:21 AM
Ron,
If possible, please, post the complete configurations of all three switches. Also include the output of the following commands on each switch:
show cdp neigh
show int trunk
show vlan brief
show int status
That will be a long output but please no simplification. All that is necessary.
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide