Tunnel mode in WLAN?

  • 0
  • 2
  • Problem
  • Updated 5 months ago
  • Solved
Hi all,
I have a topology of WLAN system.

- In X460, I configure:
+ VLAN 10 and 50
+ Gateway: 172.16.10.254/24 and 172.16.50.254/24; Inter-vlan routing.
+ DHCP server for VLAN 10, 50 and enable dhcp on port 1 and 2
+ Access vlan 50 on port 2
+ Access vlan 50 and trunk vlan 10 in port 1

- In RFS 4010, I configure:
+ Profile RFS4010:  VLAN 10, 50. Access vlan 50 and trunk vlan 10 on port GE1
+ Profile AP-7522: VLAN 10, 50. Access vlan 50 on GE1
+ WLAN: Test_vlan10 (vlan 10) and Test_vlan50 (vlan 50). 2 WLAN were configured in mode Tunnel

Problem:
+ If PC connect WLAN: Test_vlan50 --> PC was  offered IP from DHCP server (X460) with IP:  172.16.50.x/24
+ If PC connect WLAN: Test_vlan10 --> PC was  not offered IP from DHCP server (X460).

--> Help me to solve this problem.
Thanks.
Photo of Long Tran

Long Tran

  • 666 Points 500 badge 2x thumb

Posted 5 months ago

  • 0
  • 2
Photo of Shay Weir

Shay Weir

  • 1,648 Points 1k badge 2x thumb
Try adding an "IP helper" on the vlan10 interface to point to the gateway.  Also add trunk vlan 10 on port 2 to allow it to pass through to the RFS.
Photo of Andrew Webster

Andrew Webster

  • 1,746 Points 1k badge 2x thumb
Tran,
If you define vlan 10 on the AP7522 profile, it will think that it has a path directly to vlan 10 and won't tunnel the traffic.  Remove that config and it should work.
Photo of Timo

Timo

  • 3,210 Points 3k badge 2x thumb
Right, if a VLAN is available, it'll be use. Tunnel mode for WLAN doesn't mean "always" tunnel traffic to RFS.

MINT is like a routing protocol and search for the best path. Local vlan is better as tunnel.
Photo of Shay Weir

Shay Weir

  • 1,648 Points 1k badge 2x thumb
Tunneling does route all traffic back to the RFS.  This is necessary if you are roaming across different subnet or if yo want to monitor ALL client traffic at a single point on the network.   MINT is used more for AP management.

The AAA policy can do either proxy through controller or go direct to authentication service

If you set up Access port on the AP, then the switch port should also be set up as Access.  Don't mix switchport trunk and access modes.  Native vlan should be the vlan for the AP.  allowed vlans should include 10 and 50.

Best to get with your Extreme SE to discuss this design in detail to make sure you are clear on Tunneling and roaming, RF-Domain design and traffic shaping and monitoring points.
Photo of Timo

Timo

  • 3,210 Points 3k badge 2x thumb
+ Access vlan 50 on port 2 -> vlan 50 is not available for the AP. 

In that case do not configure vlan 50!

For sure, you can add vlan 50 and 10 to AP AND RFS. But do not add it on one site.
Photo of Andrew Webster

Andrew Webster

  • 1,746 Points 1k badge 2x thumb
Shay,
I think you are confusing tunnelling and local bridging.

MiNT IS used for tunneling wlan tunneled traffic, and the only way the traffic will get into that tunnel is if there is no local definition for it on the AP (device or profile).
As Timo correctly points out, MiNT is perceived as a path to the routing engine, but at a lower priority than a local interface, hence,  if you define a local interface the traffic will try to use it and ignore the MiNT tunnel.
Photo of Shay Weir

Shay Weir

  • 1,648 Points 1k badge 2x thumb
Local bridging:
WLAN is where the vlan is assigned.
GE1 port is where the VLAN is allowed to pass through
Switchport allows the VLAN to pass through on to the wired network
Gateway is where the VLAN is defined and routed

Tunneled:
MINT will bypass all of that (except for the WLAN VLAN assignment) and go directly to the RFS where it will get processed out from there.

If you add "no mint mlcp vlan" and "controller host IP" to the AP profile, that will help direct traffic to the controller and reduce some of the overhead.  Try not to have both enabled in the AP profile.
Photo of Timo

Timo

  • 3,210 Points 3k badge 2x thumb
No, tunneled just is an option to tunnel traffic, but it's not explicated tunneled to RFS!

"no mint mulch vlan" just disable the L2 "broadcast" to find an controller. You need to use mint IP in that case.

"controller host IP" add a static controller entry.

This two settings are just important for adoption. Not for tunnel traffic.
Photo of Shay Weir

Shay Weir

  • 1,648 Points 1k badge 2x thumb
There are many ways to set up tunneling and traffic shaping.  It is best for the originator of this question to work with their local Extreme SE to fully understand what the customer is trying to do.  My config for tunneling is much different that what yours is apparently.  Let's not confuse this.  Best to work with local SE to determine best configuration for their network and use.  We are both trying to offer our interpretation of how this person should configure this and in the end it is their decision as to how they implement correctly to match their needs.  Check with the SE.  It is what they do.
Photo of Christopher Frazee

Christopher Frazee, Employee

  • 1,446 Points 1k badge 2x thumb
When WLANs are configured in bridging mode tunnel, the VLANs are configured on the WLC (wireless controller) and the only VLAN that should be configured on the APs is the adoption VLAN. 

When WLANs are configured in bridging mode local, the VLANs are configured on the APs and the only VLAN that should be configured on the WLC is the AP adoption VLAN. 

Most deployments are using the later (bridging mode local) for obvious reasons.