is it possible to separate two VLANs:
one is running for the users VLAN connects to the clients
one is for management purpose.
Is there a sample code available for access points, bridges, and switches?
I am really appreciated that
You can configure VLANs on enterprise access points.
What you need to do is configure the access point with its managment IP address, set this as the native vlan and then add the other VLAN or VLANs.
Then on the switch that the access point is connected to you need to configure a trunk port and make sure that the native vlan is the same VLAN you set as native on the access point.
As an example if the Access point has an IP address for managment vlan 20, we set this VLAN as native and then we add the other VLAN or VLANs, and on the switch you configure the port as a trunk port with the same native VLAN 20.
Note, native vlan is the same as untagged vlan. When we confgure a trunk port this will tag all vlans except the native vlan or untagged vlan that needs to be the same between directly connected devices.
I have an existing native VLAN (ex: VLAN01) for users. Now I add one more native VLAN (VLAN02) for management then make VLAN01 become non-native VLAN users. In order to make some change without interuption, should I change the root bridge first before the non-root bridge? What about the switches?
If you have an exisitng VLAN 01 for users and you want to add a new VLAN, VLAN 02 for managment.
In this case you will need to add the new VLAN 2 to the switches database, link the subnet to VLAN 2, then configure a trunk port on the switches with native vlan 1 and then configure the access points with VLAN 2.
FInaly you will need to change the IP address on the access points to be for VLAN 2 instead of VLAN 1, set the native VLAN to be VLAN 2 and then on the trunk port of the switch change the native vlan from being 1 to 2.
This changes are better to be made with local access if something goes wrong.