?
Solved

How to tag Native VLAN1 for taffic coming out of a single Trunk Port?

Posted on 2011-05-10
17
Medium Priority
?
1,248 Views
Last Modified: 2013-12-09
Hi,

I have an Engenius ECB-9500 access point setup with Two: SSID's, plugged into a Cisco 2960 Switch...

AP in: Port:40 (Trunk Mode)
SSID1: VLAN 1 (LAN)
SSID2: VLAN 200 (Guest Access)

I'm not sure if its by design, but My AP does not recognize the Native VLAN... No traffic goes to SSID1 (VLAN1), it gets dropped, Wireless Devices can connect to SSID1, just can't communicate with the LAN. SSID2 is working fine.. Have full access to the Guest Network.

Tech support says its because the AP is designed to ignore all untagged traffic.. In my case: Native VLAN's are untagged..

I guess I need to know: How do I make all native traffic be tagged as VLAN 1.. I want this done only for Trunk Port 40 of my switch..  Not sure if I want to enable the Native tagging for the entire switch.. (Don't want to break something)

Thanks.
0
Comment
Question by:theonlyallan
  • 5
  • 4
  • 4
  • +4
17 Comments
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35733020
Can you post the config for the switchport so I can better understand how it's set?
0
 
LVL 8

Expert Comment

by:spiderwilk007
ID: 35733028
can you give me the output of show VLAN 1, and show VLAN 200. Are you using a single AP for both VLANs?

I would probably just do the following

Switch(config)# interface FastEthernet 0/40
Switch(config-if)#switchport access vlan 1

But I would like to see the config first to get a better idea if that is the best thing or not.
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35733072
If it switches to access port then you can't have guests go through VLAN 200.

I think the answer here is to trunk VLAN1 and 200 and turn off any native tags but I wanted to see the port config first to make sure I understood correctly.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 6

Author Comment

by:theonlyallan
ID: 35733118

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/24
200  AAAAAAAA_Wireless                active    Fa0/23
201  AAAAAAAA_WAN                     active    Fa0/22
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
331  enet  100331     1500  -      -      -        -    -        0      0
332  enet  100332     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    srb      0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------



Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        connected    1          a-full  a-100 10/100BaseTX
Fa0/2                        connected    1          a-full  a-100 10/100BaseTX
Fa0/3                        notconnect   1            auto   auto 10/100BaseTX
Fa0/4                        notconnect   1            auto   auto 10/100BaseTX
Fa0/5                        notconnect   1            auto   auto 10/100BaseTX
Fa0/6                        notconnect   1            auto   auto 10/100BaseTX
Fa0/7                        notconnect   1            auto   auto 10/100BaseTX
Fa0/8                        notconnect   1            auto   auto 10/100BaseTX
Fa0/9                        connected    trunk      a-full  a-100 10/100BaseTX
Fa0/10                       notconnect   1            auto   auto 10/100BaseTX
Fa0/11                       notconnect   1            auto   auto 10/100BaseTX
Fa0/12                       notconnect   1            auto   auto 10/100BaseTX
Fa0/13                       notconnect   1            auto   auto 10/100BaseTX
Fa0/14                       notconnect   1            auto   auto 10/100BaseTX
Fa0/15                       notconnect   1            auto   auto 10/100BaseTX
Fa0/16                       connected    trunk      a-auto  a-100 10/100BaseTX
Fa0/17                       notconnect   1            auto   auto 10/100BaseTX
Fa0/18                       connected    1          a-full  a-100 10/100BaseTX
Fa0/19                       connected    1          a-full  a-100 10/100BaseTX
Fa0/20                       connected    1          a-half  a-100 10/100BaseTX
Fa0/21                       connected    1          a-full  a-100 10/100BaseTX
Fa0/22                       connected    201        a-full  a-100 10/100BaseTX
Fa0/23                       connected    200        a-full  a-100 10/100BaseTX
Fa0/24                       connected    1          a-full  a-100 10/100BaseTX
Fa0/25                       notconnect   1            auto   auto 10/100BaseTX
Fa0/26                       notconnect   1            auto   auto 10/100BaseTX
Fa0/27                       notconnect   1            auto   auto 10/100BaseTX
Fa0/28                       notconnect   1            auto   auto 10/100BaseTX
Fa0/29                       notconnect   1            auto   auto 10/100BaseTX
Fa0/30                       notconnect   1            auto   auto 10/100BaseTX
Fa0/31                       connected    1          a-half   a-10 10/100BaseTX
Fa0/32                       notconnect   1            auto   auto 10/100BaseTX
Fa0/33                       connected    1          a-full  a-100 10/100BaseTX
Fa0/34                       connected    1          a-full  a-100 10/100BaseTX
Fa0/35                       connected    1          a-half  a-100 10/100BaseTX
Fa0/36                       connected    1          a-full  a-100 10/100BaseTX
Fa0/37                       connected    1          a-full  a-100 10/100BaseTX
Fa0/38                       connected    1          a-full  a-100 10/100BaseTX
Fa0/39                       connected    trunk      a-full  a-100 10/100BaseTX
Fa0/40                       connected    trunk      a-full  a-100 10/100BaseTX




interface FastEthernet0/22
 switchport access vlan 200
!
interface FastEthernet0/23
 switchport access vlan 201
!
interface FastEthernet0/40
  switchport mode trunk
!

Open in new window

0
 
LVL 6

Author Comment

by:theonlyallan
ID: 35733141
FYI: I'm using ONE- Access Point..  

The Access Point is plugged into Port 40..

Port 40- Assigned as Trunk
SSID1- Tagged as VLAN1
SSID2- Tagged as VLAN200
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35733208
interface FastEthernet0/40
  switchport mode trunk
  switchport trunk encapsulation dot1q
  switchport trunk allow vlan 1,200
!

On the AP set tags for both SSIDs.
0
 
LVL 8

Expert Comment

by:spiderwilk007
ID: 35733224
Yep that should work.
0
 
LVL 6

Author Comment

by:theonlyallan
ID: 35733293
@llarmeu: I don't think that works.. traffic coming In from all the other ports are untagged.  They need to be tagged, VLAN1, so my AP will recognize them.

My old AP wasn't this complicated.. and I don't want to replace this AP..
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35733308
What other ports?
0
 
LVL 8

Expert Comment

by:spiderwilk007
ID: 35733388
I don't think you need to do anything with the other ports. If you do what llarmeu said it should work as long as you have the tagging setup on the AP. As far as the other ports go the switch should be able to route the traffic without the need to tag all VLAN1 ports.
0
 
LVL 8

Expert Comment

by:spiderwilk007
ID: 35733407
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35733410
Yes, make the change specific to that one port and it won't affect any of the other ports.  

Login, enable, put in your password, then:

configure terminal
int fe0/40
switchport trunk encapsulation dot1q
switchport trunk allow vlan 1,200
exit
exit
wri mem

That will change ONLY port 40 and all of the others will work exactly as they are now.
0
 
LVL 6

Expert Comment

by:Wissam
ID: 35735074
global command "tag dot1q native"
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 800 total points
ID: 35738457
If you don't want to tag the native VLAN on all trunk ports, and only Fa0/40 you could do the following:

interface FastEthernet0/40
switchport trunk native vlan tag
exit
0
 
LVL 12

Accepted Solution

by:
Fidelius earned 1200 total points
ID: 35739418
Create new VLAN, let's say VLAN 2

And configure port 40 as follows:
interface FastEthernet0/40
 switchport mode trunk
 switchport trunk native vlan 2

So VLAN 2 will be untagged and VLANs 1 and 200 will be tagged on that port.
0
 
LVL 6

Author Closing Comment

by:theonlyallan
ID: 35749323
I actually figuired it out before coming back to EE to check..

I selected a random vlan as native for that port.. and VLAN1 and 200 is coming through as tagged.. thanks!
0
 
LVL 1

Expert Comment

by:CSTAR05
ID: 36410868
I have a Cisco Aironet 1200 series. I created 2 SSIDs and trying to tag it with Cisco catalyst switch 3500. There is no option for vlan tagging in the access point.
Here is the output of show vlan in the switch
                                             
MO-3524-1>show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
2    VLAN0002                         active    Fa0/2, Fa0/3, Fa0/4, Fa0/5,
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9,
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/16,
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20,
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
3    VLAN0003                         active    Fa0/13, Fa0/14, Fa0/15
4    VLAN0004                         active
5    VLAN0005                         active
50   uxsrv                            active
254  internet                         active
302  VLAN0302                         active
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
3    enet  100003     1500  -      -      -        -    -        0      0
4    enet  100004     1500  -      -      -        -    -        0      0
5    enet  100005     1500  -      -      -        -    -        0      0
50   enet  100050     1500  -      -      -        -    -        0      0
254  enet  100254     1500  -      -      -        -    -        0      0
302  enet  100302     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      0      -        -    -        0      0
1003 tr    101003     1500  -      0      -        -    srb      0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question