Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3882
Views
5
Helpful
7
Replies

Cisco Aironet 1810W difficulties with local VLAN switching in trunk mode

ds_warwick
Level 1
Level 1

‎11-25-2016 02:04 AM - edited ‎07-05-2021 06:09 AM

We have some of the new Cisco 1810W access points. We're trying to set them up with the following configuration but having difficulties:

  • AP tunnels Wi-Fi traffic to the controller for central switching at the controller.
  • Wired ports on the underside of the access point to be switched on a local VLAN rather than being tunnelled to the controller.

The Deployment Guide for 1810W suggests it is possible. It was certainly possible to do it on the older 702W access points that we already use.

Cisco 1810W Deploment Guide

During our testing we are doing the following (as per the Deployment Guide):

  • Convert AP to Flexconnect mode.
  • Configure a Native VLAN.
  • Configure an RLAN for the wired ports that is mapped to a local VLAN (different from the Native VLAN).
  • Change the switchport hosting the AP from access mode to trunk mode and configure native VLAN and allowed VLANs.

When we convert the switchport to trunk mode, the access point cannot get an IP address using DHCP and seems unable to discover the local gateway using ARP.

Wireshark shows frames being sent out from the AP as untagged frames (DHCPDISCOVER, ARP, etc) and the replies coming back (DHCP OFFER, etc) on the native VLAN - but the AP ignores the replies and is therefore unable to obtain an IP address or discover the gateway.

Ultimately, this means we can use it as a standalone access point, or use it with wired ports tunnelled to the controller but we haven't been able to succeed with the wired ports switched locally in trunk mode.

Has anyone achieve the above configuration who could offer any tips?

2 people had this problem
Labels:
0 Helpful
7 Replies 7

Ric Beeching
Level 7
Level 7

‎11-27-2016 04:14 AM

Does the AP get a lease when the port is in access mode? I'm just wondering if something like ip dhcp snooping trust is missing from your Trunk port towards your DHCP server (not on the AP Port).

If you plug something else like a laptop into that port do you get a lease? Trying to rule out switch/wired config before checking the AP config.

Ric

-----------------------------
Please rate helpful / correct posts
0 Helpful

ds_warwick
Level 1
Level 1
In response to Ric Beeching

‎11-28-2016 12:58 AM

Hi Ric,

Thanks for your reply.

Yes, the AP gets a lease when the port is an access mode.

A laptop or other device will also obtain a lease if the port is in access mode and a laptop also works when the port is in trunk mode.

It's only the 1810w that fails.

in Trunk mode:

We see the 1810w send the DHCP Discover. We log receipt of it on our DHCP server. We also see the DHCP Offer return to the access point. Then nothing.

1810w will then repeatedly send DHCP Discover as it tries to obtain an IP. The DHCP server sends DHCP Offers. We know those offers arrive at the AP Uplink port but nothing happens with them.

We think it has something to do with how the AP evaluates the VLAN tags on the replies.

Darren

0 Helpful

Ric Beeching
Level 7
Level 7
In response to ds_warwick

‎11-28-2016 07:25 AM

That is quite frustrating! You could try altering the AP IOS file directly to see if that resolves a potential bug?

Ric

-----------------------------
Please rate helpful / correct posts
0 Helpful

ds_warwick
Level 1
Level 1
In response to Ric Beeching

‎12-08-2016 03:55 AM

We discovered that if the access point is plugged into a switch with a very minimal configuration, it works as expected.

If we plug the access point into one of our own production switches, which has a comprehensive configuration - the AP fails to connect.

We have worked out that the AP connectivity is broken by the following global configuration line that appears on our switches:

vlan dot1q tag native

If this line is removed from the global configuration, the AP works fine. If it is present, the access point won't work properly in trunk mode.

I post this here for anyone else who happens to have the same issue - but we need to understand the purpose of this line in our configuration and the implications of removing it.

0 Helpful

ds_warwick
Level 1
Level 1
In response to ds_warwick

‎03-17-2017 05:07 AM

Having spoken to our Cisco representative on this, we've been told that the issue 'should' be resolved in code versions from 8.5 and upwards.

The workaround given to us is to tunnel all LAN traffic up to the controller, to be routed at the network subnets local to the controller (rather than local to the user).

The ability to do this will depend on your controller, your network capacity and security requirements.

Richard Wakefield
Level 1
Level 1
In response to ds_warwick

‎06-22-2018 05:07 PM

I've got it working with 8.3.141.0, no problem other than the config is colossally complicated. 

 

https://www.cisco.com/c/en/us/support/docs/wireless/aironet-1810w-series-access-points/200630-AP1810W-LAN-Port-Mapping.html

 

You have to create an RLAN, turn on Flex with VLANs in the RLAN, map that RLAN to an AP Group, add the AP to the group, then map the RLAN to the port, and the AP has to be in Flex mode. 

0 Helpful

ds_warwick
Level 1
Level 1

‎01-25-2017 05:18 AM

The issue is due to bug CSCva41204. Currently categorised as "enhancement".

CSCva41204

Tagged Management VLAN Option Broken for 1800/3800

Symptom:
"VLAN Tagging" for 2800/3800 in advanced settings does not work as for IOS AP


Conditions:
AP 1800/3800

Workaround:
Dont use the feature (capwap traffic remains untagged)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card