Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
2
Replies

RAP/MAP with VLAN Issue

marcrichards
Level 1
Level 1

‎02-22-2019 05:33 AM

Hello,

 

I am having an issue with a MAP/RAP setup that I have delivering to one of our sites.  Seems I cannot find the working combination of the Access/Voice VLANs and Management VLAN (better explanation to follow).  To start with I want to give an overview of what gear I'm using.  At Site A I have a Catalyst 3650 (Denali Version 16.3.7) connected to a Nexus 7K (6.2(20a)) by fiber to our HQ (trunk/vtp-enabled).  On the 3650 at Site A on a Gig/E interface I am connected to an AP1572EAC, serving as the RAP ('switchport trunk native vlan 10' for this interface on the switch) so that the AP can get an IP and have an L3 path back to the controller (redundant 5520's code is 8.5.135.0).  On the far side at Site B I have matching AP1572EAC connecting to a Cat. 2960CX (switchport trunk native vlan 10). 

 

On the access point at Site A in the Mesh tab, Ethernet Bridging, and the Gig/E interface that is connected to the switch I have the Mode set to Trunk, Native VLAN Id 10 and allowed VLANs 10, 200, 300, etc.. On the access point at Site B in the Mesh tab, Ethernet Bridging, and the Gig/E that is connected to the switch I have the Mode set to Trunk, Native VLAN Id 10 and the same set of allowed VLANs.  

 

Now that we have the basic setup out of the way my issue is that at Site B I can have one or the other, but not both;  Management, or happy users (phones and computers work / access vlan 200, voice vlan 300).  Obviously we chose happy users since this site is only a mile or so away.  The management is on interface VLAN 10 (which yes is the native vlan) for all devices in our network, the switch at Site B being no exception.  To get management but not access/voice vlan connectivity, I can change the native VLAN on both the MAP and RAP to 1. Additional detail: Not sure of the relevancy but we do have a trunk going to another switch at Site B.  I do not have an IP conflict with any of the management network devices.

 

Configuration Snippets to follow...

 

Site A Gig/E to the RAP: 

description TRUNK LINK to SITE A RAP
switchport trunk native vlan 10
switchport mode trunk
spanning-tree bpduguard disable

 

Site A 10Gig/E to Nexus:

description TRUNK to HQ

switchport mode trunk

 

Site B Gig/E to the MAP:

description TRUNK LINK to SITE B MAP
switchport trunk native vlan 10
switchport mode trunk

 

Site B Management Interface:

interface Vlan10
description Network_Management
ip address 10.0.0.XX 255.255.255.0

 

Site B Link to other switch:

interface Port-channel1
switchport mode trunk

!

interface GigabitEthernet0/7
description PAgP Link to SITE B Switch 2
switchport mode trunk
channel-group 1 mode auto
!
interface GigabitEthernet0/8
description PAgP Link to SITE B Switch 2
switchport mode trunk
channel-group 1 mode auto
!

 

I hope the above are enough details to help!

Labels:
0 Helpful
2 Replies 2

paul driver
VIP
VIP

‎02-22-2019 06:06 AM - edited ‎02-22-2019 06:09 AM

Hello

So are just wireless users  having issues connecting to the mgt vlan or wired also?

I am assuming looking at the config youve posted that the 7K is perfroming the intervlan routing for both sites?


Are you using any fabric extenders?

How are you trying to connect to the mgt vlan and where from, does it work from anywhere in the estate?
Can you post the config of the 7K and site A/Bs accesss switches if applicable and maybe a simple toplogy of your network


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

marcrichards
Level 1
Level 1
In response to paul driver

‎02-22-2019 07:06 AM

So, not so much wireless users as much as it is a site being fed over wireless.  The 7K is performing interVLAN routing for the entire network.  Attached is a quick and dirty diagram of the scenario at hand and also the config of the Site B switch.  The config of the Nexus is not quiet relevant since the VLANs are correctly configured and the hardwired fiber sites (all 8 of them) are working perfectly. In the present state I cannot ping EITHER site B switch.  I can ping and have established full connectivity to the phones and PCs located at Site B on VLANs 203 and 300 (I think I said Vlan 200 above, which was in error).  NetworkDiagramRev1.jpg

 

Preview file
5 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card