Re: mesh network and ethernet bridging

guillaume.chartrand · ‎04-04-2019

Hi,

i try to setup a mesh network (bridge) to connect two building together. The mesh network goes up successfully but can't pass anything over the other building.

Here is my setup

WLC5520 version 8.5.160

Two AP 1562D, one as RAP and one as MAP, both ethernet bridging is enabled

On the primary building we connect the root AP to a 2960S switch with power injector

switch to power injector data in..power injector POE/data out to the AP

The switch port is configurated like this:

switchport trunk native vlan 903
switchport trunk allowed vlan 1,311,312,330,393,410,903
switchport mode trunk
spanning-tree bpdufilter enable

The AP in the WLC configuration is configurated in bridge mode, in the MESH section, the RootAP role is selected

the Ethernet Bridging is checked

Vlan support is checked

native vlan id is 1

On the ethernet port, Access mode is selected with vlan ID 0

On the other building

We have the second AP 1562D connected to a power injector and on a 2960X

So ethernet port of the AP1562D connected to POE data out of the power injector and data in is connected to the swith on port g1/0/48

The swith port is configurated like this

switchport trunk native vlan 903
switchport trunk allowed vlan 1,311,312,330,393,410,903
switchport mode trunk
spanning-tree bpdufilter enable

In WLC, the AP is in bridge mode

Mesh role is MAP

Ethernet bridging is checked

vlan support is grayed out but is checked

native vlan is grayed out but is checked

the ethernet port is in access mode and vlan is 0.

From the console port of the MAP, I was able to ping machine in the primary building

From my computer (in primary building) I was able to ping both rootAP and MAP ap

I can't ping the switch, the switch is on the same vlan (903).

on MESH config on WLC, vlan transparent is check

What is strange is that I have the same config with another mesh network but with 1532E AP and it's exactly configurated like this and it's working well.

So what can be the problem?

Thanks

Ric Beeching · ‎04-04-2019

If I remember this correctly you have two options: VLAN Transparent or Ethernet Bridging but not both at the same time as you seem to have.

If you disable VLAN Transparent globally this will allow your Mesh APs to tag traffic on the VLANs specified and you should set the Mesh AP Ethernet port to Trunk with the permitted VLANs included. As it stands with them it in access mode, the port will only accept untagged packets from the LAN. I don't think your RAP requires configuring at all but the interface needs to be Trunk as you have it.

A side note: Spanning tree is likely to **bleep** itself at some point during this setup and sometimes causes interface flapping. You've probably already experienced that but just in case..

Ric

-----------------------------
Please rate helpful / correct posts

guillaume.chartrand · ‎04-04-2019

Ok I will try that but is strange that the same settings working in my other site. I have 4-5 vlan and all can communicate with the -primary site

guillaume.chartrand · ‎04-04-2019

Hi, it's working for voici vlan and data vlan but I can't access the switch itself.

Vlan transparent is uncheck

Ethernet bridge is check on both AP

Root AP the vlan support is enabled and native is 1

The ethernet port is set in trunk with vlan 903 and no other allowed vlan

On the MAP ap, the vlan support is enable and native vlan is 1

The ethernet port is set to trunk vlan 903

allowed vlan, 311, 312, 330, 393.

So is it the vlan ip support need to be set to 903 to get management of my switch?

Ric Beeching · ‎04-05-2019

What VLAN are your switches management running on?

-----------------------------
Please rate helpful / correct posts

guillaume.chartrand · ‎04-05-2019

903 the map AP have a static addr. 172.22.9.97 and the switch vlan 903 have an addr. 172.22.9.98

All our switch we managed it thru vlan 903

Ric Beeching · ‎04-05-2019

Ah so the native VLAN won't cross the link to avoid loops. If you can change the VLAN your Mesh APs are on then 903 will be allowed to cross the link. Alternatively change the switch VLAN, whichever is easier.

Ric

-----------------------------
Please rate helpful / correct posts

guillaume.chartrand · ‎04-08-2019

Hi, I try to separate native vlan but nothing change

here is my current config. I change IP Address of both AP to 172.22.40.251 and 172.22.50.252 (vlan 410)

In the Mesh section the vlan support native vlan is 410

The gigabitEthernert/0 on RAP is set to trunk with native vlan 1

the gigabitEthernet/0 on MAP is set to trunk with natvie vlan 1, allowed vlan 410, 330, 903, 393, 311, 312.

Both port on switch is configurated like this

switchport trunk native vlan 410
switchport trunk allowed vlan 1,311,312,330,393,410,903
switchport mode trunk
spanning-tree portfast
spanning-tree bpdufilter enable

From my pc I can ping both AP and the Ip phone on the other side but can't ping or access my switch which vlan 903 is set with an IP address and the default gateway of the switch is the ip address of vlan 903 on my core switch.

guillaume.chartrand · ‎04-10-2019

I was able to resolve my problem

On the switch where the MAP reside I remove the sw tr nat vl and but switchport access vl 999 (a dummy vlan) and now all seems fine.

I can ping and manage the switch on both side of the bridge.

Thanks for your help and cue