This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

different Vlan configuration

different Vlan configuration

Malik
New Contributor

‎10-14-2021 04:57 AM

how can configure  different VLANs for Access Points and WLANs for clients ??
0 Kudos
15 REPLIES 15

Malik
New Contributor

‎11-15-2021 08:21 AM

5b858de5719243eea2e51e92e551ea80.png


thanks rmu 
kindly find the above network diagram,

so all devices are connecting together by core switch and all devices in vlans have an ips from an External DHCP server so 
ths APs connected to the ERS Access switch on port (eth 1 - 9 ) Which belong to vlan 1089 kindly find the below configuration on ERS 3600 SW :

3626GTS-PWR+#sh running-config
! Embedded ASCII Configuration Generator Script
! Model = Ethernet Routing Switch 3626GTS-PWR+
! Software version = v6.1.1.017
!
! Displaying only parameters different to default
!================================================
enable
configure terminal
!
! *** CORE ***
!
telnet-access login-timeout 0
!
! *** RADIUS ***
!
!
! *** RADIUS Dynamic Server ***
!
!
! *** TACACS+ ***
!
!
! *** SNMP ***
!
!
! *** IP ***
!
ip default-gateway 10.234.88.2
!
! *** IP Manager ***
!
!
! *** ASSET ID ***
!
!
! *** System Logging ***
!
!
! *** STACK ***
!
!
! *** Custom Banner ***
!
!
! *** SSH ***
!
ssh
!
! *** SSL ***
!
!
! *** SSHC ***
!
!
! *** MSTP (Phase 1) ***
!
!
! *** LACP (Phase 1) ***
!
!LACP mode is set to OFF on all interfaces to enable manipulation of
!ports with LACP enabled
interface Ethernet ALL
lacp mode port ALL off
exit
!
! *** VLAN ***
!
vlan create 1088-1092, type port cist
vlan name 1088 "mgmt"
vlan name 1089 "Wirleses"
vlan name 1090 "voice"
vlan name 1091 "Peripherals"
vlan name 1092 "Supervisors"
vlan ports 24-25 tagging tagAll
vlan configcontrol flexible
vlan members 1 13-14,17-21,24-25,27-28
vlan members 1088 15,25
vlan members 1089 1-12,25
vlan members 1090-1091,1725 25
vlan members 1092 16,22-23,25
vlan ports 1-12 pvid 1089
vlan ports 15 pvid 1088
vlan ports 16,22-23 pvid 1092
vlan configcontrol strict
!
! *** 802.1ab ***
!
!
! *** 802.1ab vendor-specific TLVs config ***
!
interface Ethernet ALL
! no lldp tx-tlv port 1-10 vendor-specific fa-element-type ==> controlled by FA
agent
! no lldp tx-tlv port 1-10 vendor-specific fa-isid-vlan-asgns ==> controlled by
FA agent
exit
!
! *** 802.1AB MED Voice Network Policies ***
!
!
! *** QOS ***
!
!
! *** RMON ***
!
!
! *** EAP ***
!
!
! *** EAP Guest VLAN ***
!
!
! *** EAP Fail Open VLAN ***
!
!
! *** EAP Voip VLAN ***
!
!
! *** Interface ***
!
!
! *** Rate-Limit ***
!
!
! *** MLT (Phase 1) ***
!
!
! *** MAC-Based Security ***
!
!
! *** LACP (Phase 2) ***
!
!
! *** ADAC ***
!
!
! *** MSTP (Phase 2) ***
!
interface Ethernet ALL
spanning-tree mstp port ALL learning disable
exit
!
! *** Port Mirroring ***
!
!
! *** VLAN Phase 2***
!
!
! *** MLT (Phase 2) ***
!
!
! *** PoE ***
!
!
! *** RTC ***
!
!
! *** Extreme Networks Energy Saver ***
!
!
! *** AUR ***
!
!
! *** AAUR ***
!
!
! *** L3 ***
!
interface vlan 1088
ip address 10.234.88.4 255.255.255.0 2
exit
ip route 0.0.0.0 0.0.0.0 10.234.88.2 10
!
ip routing
!
!
! *** IPV6 ***
!
!
! *** MLD ***
!
!
! *** FHS ***
!
!
! --- FHS Global settings ---
!
!
! --- IPV6 access list settings ---
!
!
! --- IPv6 mac access list settings ---
!
!
! --- IPV6 dhcp guard settings ---
!
!
! --- IPV6 RA Guard settings ---
!
!
! --- IPV6 Policy Port Map settings ---
!
!
! --- IPV6 FHS ND SBT Table settings ---
!
!
! --- IPV6 Source Guard Interface settings ---
!
!
! *** VLACP ***
!
!
! *** DHCP Relay ***
!
!
! *** L3 Protocols ***
!
!
! --- IP Directed Broadcast ---
!
!
! --- Proxy ARP ---
!
!
! --- UDP Broadcast Forwarding ---
!
!
! --- Route Policies ---
!
!
! --- RIP ---
!
!
! *** DHCP SNOOPING ***
!
ip dhcp-snooping vlan 1089
!
! *** ARP INSPECTION ***
!
!
! *** IP SOURCE GUARD ***
!
!
! *** IGMP ***
!
interface vlan 1
ip igmp
exit
interface vlan 1088
ip igmp
exit
interface vlan 1089
ip igmp
exit
interface vlan 1090
ip igmp
exit
interface vlan 1091
ip igmp
exit
interface vlan 1092
ip igmp

!
! *** STACK MONITOR ***
!
!
! *** SLPP-guard ***
!
!
! *** DHCP Server ***
!
!
! *** SLAMON ***
!
!
! *** STORM CONTROL ***
!
!
! *** Fabric Attach ***
!
no fa port-enable 1-10


and each access point has an own profile that gets from controller to  adopt on the two cluster controller with following parameter in each profile :

profile anyap 
no mint mlcp vlan
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan Mutah-Wifi bss 1 primary
interface radio2
wlan Mutah-Wifi bss 1 primary
interface radio3
interface bluetooth1
shutdown
mode le-sensor
interface up1
interface ge1
interface ge2
interface fe1
interface fe2
interface fe3
interface fe4
interface vlan1
ip address dhcp
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
controller host 172.25.0.5 pool 1 level 1
controller host 172.25.0.6 pool 1 level 1
service pm sys-restart
router ospf
adoption-mode controller
!

We need to make clients take ip addresses from vlan 1725, so when configuring bridge tunnel mode in wlan config, clientes get ip from vlan 1725 but the loop and unstable connection were accured, and when turn off one of the controllers the connection become stable.



 
0 Kudos

rmu
Contributor

‎11-14-2021 06:57 PM

hi malik

there are a few things:


both nx controllers use the same profile but still have
different configurations.

> it looks like you configured both controllers seperately
> best practice would be: configure everything in profiles except unique settings like hostnames,
ip adresses, priorities and such things

Karol Radosovsky already posted the link with the best practice guide

e.g.

> master has layer 2 adoption enabled, while stby has mlcp vlan disabled
> master has vlan 102 configured and ge3 in it, stby does not even have it

> both controllers use vlan 1 with the same ip! on interface ge1/vlan1
>> maybe thats the cause of your instability.

> stby controller does not use dhcp-server-policy
> stby controller does not use auto-provisioning-policy

> dhcp-server-policy: you only send the ip of the master controller, stby controller ip is missing


## and some more settings

so, can you pls send over a little network diagram, how you plan to set up your wlan?

nr
rmu
0 Kudos

rmu
Contributor

‎11-14-2021 04:34 PM

hi malik

do you also have a little network diagram?

nr
rmu
0 Kudos

Malik
New Contributor

‎11-14-2021 05:58 AM

thanks rmu

kindly find the attached configuration file for NX-5500 controller.
Preview file
13 KB
0 Kudos
GTM-P2G8KFN