Hi Scott,

From the second link it mention  PSE-LAN1 and LAN2 can also be used as local interface if no RLAN is configured on them.

That mean that these interface can switch traffic in AP1815-T locally to the WAN port , not through the CAPWAP tunnel, is this correct?

The first link, I followed the same steps including the Policy tag which I did not mention in my first post.

Additionaly I disabled the central switching and central dhcp in RLAN policy to force the traffic to be switched locally inside the AP1815T as far as  I understand isnt?

Thanks Scott for your information ,

The setting of 1815T interface configuration did not appears until I upgrade the firmware of the 9800 controller from version  16.12 to 17.03.

And  when i connect a pc to lan1 it could obtain ip address in the same vlan of the Ap as your advice

But the column of VLAN ID of each port in 9800 AP configuration page is not editable, how can I change it  when the port in not in RLAN??  So i can assign the connected pc to diffrent vlan than that of the AP?

Were you able to fix it?  You need to "Edit Policy Tag" and make sure you define the RLANs which id defined below the wlan policy.  (RLAN-POLICY Maps: 2)  The two (2) here is your mapping for port 2 & 3.  You also then need to apply this Policy Tag to the ap in order for the configuration to be enabled on the AP.  Once this is configured and applied to the ap, then you will see the interfaces in the configuration portion of the ap.

Attached are some images of my setup.

Hi Scott,

  I reviewed the configuration, and I did find any deviation or missing configuration, I created a RLAN profile without any security, I created also RLAN policy profile with the needed vlan (created before in configuration-->vlan) and all other setting keeped default.

Under a policy tag (which I mapped later to the 1815T AP), Under RLAN policy map , I mapped the created RLAN profile to the RLAN policy profile for port 3 (as I need port 1 and 2 to be locally switched inside the 1815T AP, not to be switched through capwap tunnel).

I assign this policy tag to my 1815T AP, then apply, waiting some minutes, but when I open the Configuration --> AP and the interface tab

under VLAN ID it is still 0 and non editable.

from your screenshot you sent below I noticed that the AP in flex mode, do I need to convert the AP point to flex mode instead of local mode? please note that the AP and the controller are in the same subnet.

Keep in mind, that when an ap is in local mode, that basically say's that all traffic will come back to the controller.  Only in FlexConnect can you choose to have traffic come back to the controller or egress locally.  This is the same for any other access point.

---

@Scott Fella wrote:

Keep in mind, that when an ap is in local mode, that basically say's that all traffic will come back to the controller.  Only in FlexConnect can you choose to have traffic come back to the controller or egress locally.  This is the same for any other access point.

---

As per my test and per your advice, when the ap is in local mode, and one of its ports is not assigned to RLAN, this port switch traffic locally in the AP using the AP VLAN, and doesnt use the capwap tunnel to the controller, as per my test I disconnect the controller from the network, and the PC connected to this not-RLAN port still can reach the network.

but my missed part here is to make this PC a member of another VLAN other than the AP vlan. should I use the flex mode instead?

Ok I'll convert the mode to flex connect and test the results, thanks Scott for your info