Solved

tunneled to local bridged


Userlevel 2
Hi

the current setup is with 2x rfs7000 with mixture of AP7131 and 7532, theWIFI networks are set to tunnel at present, I would like to test a new setup with one AP/WIFI network to be locally bridged on the AP.

The port of the AP will connect to on the network switch and the port set to be a trunk port, The AP is set to allow 1,4096 vlans so the network switch hold the allows VLAN information.

Will it work ? having just this one AP / wifi network to locally bridged ? or is it an all or nothing setting ?
icon

Best answer by Tomasz 5 December 2018, 11:56

Hi Phil,

When you bridge WLAN to Ethernet locally on an AP, you don't need to create VLAN virtual interface (SVI in fact, based on Cisco terminology). It would have to be there if you needed L3 communication for AP on that VLAN (as a RADIUS client for example). If you want to locally bridge 802.11 to Ethernet with some 802.1Q tag it has to be specified for that WLAN and it has to be in 'allowed VLANs' for AP's ge1 set as trunk.

Hope that helps,
Tomasz

View original

9 replies

Userlevel 3
Hi

The short answer is yes. However you cannot have a vlan that is both tunneled and locally bridged.

Son on this single AP you would need to have a new set of WLANs that are locally bridged and using VLANS that have not been assigned to a previously created WLAN that was TUNNELING traffic
Userlevel 5
Hello Phil,

  • Change the WLAN from tunnel to local
  • Make sure the VLANs are configured on the AP (Interfaces >> Virtual Interfaces)
  • Make sure the VLAN is mapped to the WLAN (Vlan Assignment >> VLAN)
  • Trunk only if you have more than one vlan is configured on the AP or else no need to trunk the port.
  • If more than one VLAN exists, make sure they are also allowed through the switchport the AP is connected to.
  • Make sure that the wireless clients get the correct DHCP IP address information assigned to them (DGW, DNS, etc...)
  • Test
This way, traffic will be routed by the AP (local) versus the controller (tunnel).
Userlevel 3
Hello Phil,
In addition to what is recommended already:
1. Try to keep allowed vlans list reasonable. With "mint mlcp vlan" (default) MiNT link creation protocol (MLCP) will send discovery to all allowed vlans - i.e. to 4096 vlans. Which creates some CPU load.
2. Having same VLAN tunelled and availabe in trunk as well will potentially create loops. For instance client's dhcp request will be tunneled to controller, bridged there to target vlan than reach AP's LAN interface. So as recommended - filter all tunneled vlans in AP trunk

Misha
Userlevel 2
Hi And thanks for the information, I would just like to see if this is a valid way

On the network switches make sure the ports the AP's are connected to are trunk ports ( only two vlan's at present )

The AP's on the ethernet adapter is set to 1-4096 vlans as the network switch trunk port has the two allowed valns.

Then on the WLAN change it to tunnelled, But on the AP I would need to add the additional vlan in the virtual interface for the wlan to valn ? as currently the RFS is handling that bit.

Am I on the right track or way off ?
Userlevel 4
Hi Phil,

When you bridge WLAN to Ethernet locally on an AP, you don't need to create VLAN virtual interface (SVI in fact, based on Cisco terminology). It would have to be there if you needed L3 communication for AP on that VLAN (as a RADIUS client for example). If you want to locally bridge 802.11 to Ethernet with some 802.1Q tag it has to be specified for that WLAN and it has to be in 'allowed VLANs' for AP's ge1 set as trunk.

Hope that helps,
Tomasz
Userlevel 2
Hi
having read my post back think I may have answered my own question as I have set the VLAN's on the network switch, Thanks for your input, I think I will so this change at the weekend when no users are in the office, Always nervous about these sort of changes. Not saying I'm unlucky but I could be the only person is a raffle and still lose 
Userlevel 2
Hi Tomasz
Sorry to ask again "you don't need to create VLAN virtual interface (SVI in fact, based on Cisco terminology). It would have to be there if you needed L3 communication for AP on that VLAN (as a RADIUS client for example)."
so the virtual adapter that is already setup is that removed ?
phil

Userlevel 4
Hi Phil,

I didn't ever remove vlan1 but if you plan to use just AP local bridging (like L2 switch does) with only Layer 2 MiNT adoption and control, with no direct SSH/Telnet/Web to that AP etc... it might not be needed. Never tried that though.
For ge1 I would recommed to set allowed VLANs just those you need, separated with comma. Makes things more clear and you might sooner spot some issue with VLANs if there was any.

Hope that helps,
Tomasz
Userlevel 2
Hi Tomasz
so the virtual adapter stays ? the reason for allowing all the VLAN;s is that the network switch holds the VLAN allowed list in this case 1,10. But eventually I would like to get the 802.1x setup for laptops etc, so we can change the wifi key when ever we like so when the user is disabled in the AD all access to the network is removed - but that is another project in the future

Reply