Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
27522
Views
35
Helpful
8
Replies

native VLAN on WLC

Go to solution
Saman Shamim
Level 1
Level 1

‎11-07-2011 10:26 PM - edited ‎07-03-2021 09:02 PM

Hi guys,

Let’s say I want to put WLC’s management interface and APs in a separate VLAN than the native/untagged one as Cisco recommends that as a good design practice to use only tagged VLANs on the WLC:

Management Interface VLAN Identifier (0 = untagged): 60

Now on the switchport which connects to the WLC, can I just do the following:

interface GigabitEthernet1/0/1

description Trunk Port to Cisco WLC

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2-4,60

switchport mode trunk

no shutdown

or I need to add this command as well to make it work? :

switchport trunk native vlan 60

In other word, can I put the management interface in a tagged VLAN but not changing the native/untagged VLAN? The reason that I don’t want to touch native VLAN is that the non-Cisco L3 device in the network doesn’t let me to change its untagged VLAN.

Regards,

Saman

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
nikhilcherian
Level 5
Level 5
In response to Saman Shamim

‎11-08-2011 01:30 AM

WlC works like this

When you configure a VLAN to tag the management interface, WLC will tag all the packets going out of management interface with that VLAN.  With native vlan configured in switch port, switch expects frames in native vlan come without any tag.

For example if you configure the vlan as 60 in WLC, any frame going out of management interface of the WLC will be tagged with vlan 60. With native vlan as 60 in the switch port, switch expects any frame coming in that port in vlan 60 without any tag. But since your frame from WLC is coming as tagged with VLAN 60, the switch will drop the frame. Where as if you had configured vlan as 0, the WLC will send out the frame without any vlan tag, and switch will recognize the frame as in vlan 60 and will process it .

The other way around is to configure the native vlan as som other vlan than 60, so that switch can still understand the frame and process it

Thanks

NikhiL

View solution in original post

8 Replies 8

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎11-07-2011 10:35 PM

If you are setting the wlc vlan to 0 which is untagged, then you need the switchport trunk native vlan 60. If your network devices don't support untagged vlans, then set the wlc management interface vlan to 60.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Saman Shamim
Level 1
Level 1
In response to Scott Fella

‎11-08-2011 12:51 AM 

f you are setting the wlc vlan to 0 which is untagged, then you need the switchport trunk native vlan 60

If I'm using default untagged 0, then why do I bother changing naive VLAN to 60 on the switch?

where did you get that VLAN 60 from? Am I missing something or you made a typo?

By the way, here is my point of confusion:

Please go to this link . You'll see the following on WLC:

Management Interface VLAN Identifier (0 = untagged): 60

and the following on the switch:

interface GigabitEthernet1/0/1
description Trunk Port to Cisco WLC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-4,60
switchport mode trunk
no shutdown


Now go to this link and you will see this on WLC:


Management Interface VLAN Identifier (0 = untagged): 60


and this on the Switch:



interface GigabitEthernet1/0/1







description Trunk Port to Cisco WLC







switchport trunk encapsulation dot1q







switchport trunk allowed vlan 3-4,60







switchport mode trunk







switchport trunk native vlan 60






no shutdown
0 Helpful

Go to solution
nikhilcherian
Level 5
Level 5
In response to Saman Shamim

‎11-08-2011 01:30 AM

WlC works like this

When you configure a VLAN to tag the management interface, WLC will tag all the packets going out of management interface with that VLAN.  With native vlan configured in switch port, switch expects frames in native vlan come without any tag.

For example if you configure the vlan as 60 in WLC, any frame going out of management interface of the WLC will be tagged with vlan 60. With native vlan as 60 in the switch port, switch expects any frame coming in that port in vlan 60 without any tag. But since your frame from WLC is coming as tagged with VLAN 60, the switch will drop the frame. Where as if you had configured vlan as 0, the WLC will send out the frame without any vlan tag, and switch will recognize the frame as in vlan 60 and will process it .

The other way around is to configure the native vlan as som other vlan than 60, so that switch can still understand the frame and process it

Thanks

NikhiL

Go to solution
amandeepsingh2
Level 1
Level 1
In response to nikhilcherian

‎02-17-2017 10:58 AM

For the switchport config keep the native Vlan command with Vlan ID and then on WLC dont put any Vlan Identifier on Mgmt Interface.

In that way you could use any IP address from the Mgmt Subnet that you use on the WLC Mgmt Interface and WLC traffic will be sent to the switch without any tag . Once traffic reaches the switchport than switch will put the traffic in Native Vlan configured on the trunk port.

Thanks,

Aman

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Saman Shamim

‎11-08-2011 06:28 AM

You stated that your management vlan on the wlc is 60, so this means you do not need the switchport trunk native vlan 60. You would use this command if you set the wlc management vlan to "0".

If I were you, set the wlc vlan to "0" and enter the native vlan 60 command to the trunk port in the switch.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Saman Shamim
Level 1
Level 1
In response to Scott Fella

‎11-08-2011 09:27 AM 

If I were you, set the wlc vlan to "0" and enter the native vlan 60 command to the trunk port in the switch.

Got you. with your and nikhilcherian's explanation it totally make sense now. Just two quick questions and I'm done:

1. You're recommending 0 untagged for the WLC but Cisco recommends tagged like 60. Which recommendation should I take? My network has one WLC and 122 APs.

2. In case that I can't change the native VLAN on the non-Cisco L3 device to 60, then I have no other option than tagging WLC's traffic so I don't have to issue any native command on L3 device. Is that correct?   

Btw I really appreciate your help. 

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Saman Shamim

‎11-08-2011 09:35 AM

Cisco recommends you setting the WLC management vlan to '0' untagged.  Even though your management vlan is 60, you basically saying, anything that comes in in vlan 60, do not tag.  So the switch sees traffic from the WLC as not tagged and knows to send out that untagged traffic to vlan 60 and vice versa.

So on the switchport you would configure this:

interface GigabitEthernet1/0/1

description Trunk Port to Cisco WLC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3-4,60
switchport mode trunk
switchport trunk native vlan 60

no shutdown
-Scott
*** Please rate helpful posts ***

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎11-08-2011 09:46 AM

Good explanation:

For switches running 802.1Q as the trunking mechanism, thenative VLAN of each port on the trunk must match. By default all COS ports are in VLAN 1; and the native VLAN on the IOS devices is also configured for VLAN 1, so the native VLAN does match. If you choose to change the native VLAN, use theset vlan command for COS switches or the switchport trunk nativevlan command for IOS switches to specify the native VLAN. Remember that thenative VLAN must match on both sides of the trunk link for 802.1Q; otherwise the link will not work. If there is a native VLAN mismatch,Spanning Tree Protocol (STP) places the port in a port VLAN ID(PVID) inconsistent state and will not forward on the link.

NOTE

Cisco Discovery Protocol (CDP) version 2 passes native VLAN information between Cisco switches. If you have a native VLAN mismatch, you will see CDP error messages on the console output.

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card