asked on

How to tag Native VLAN1 for taffic coming out of a single Trunk Port?

Hi,

I have an Engenius ECB-9500 access point setup with Two: SSID's, plugged into a Cisco 2960 Switch...

AP in: Port:40 (Trunk Mode)
SSID1: VLAN 1 (LAN)
SSID2: VLAN 200 (Guest Access)

I'm not sure if its by design, but My AP does not recognize the Native VLAN... No traffic goes to SSID1 (VLAN1), it gets dropped, Wireless Devices can connect to SSID1, just can't communicate with the LAN. SSID2 is working fine.. Have full access to the Guest Network.

Tech support says its because the AP is designed to ignore all untagged traffic.. In my case: Native VLAN's are untagged..

I guess I need to know: How do I make all native traffic be tagged as VLAN 1.. I want this done only for Trunk Port 40 of my switch.. Not sure if I want to enable the Native tagging for the entire switch.. (Don't want to break something)

Thanks.

Member_2_4940386

Can you post the config for the switchport so I can better understand how it's set?

spiderwilk007

can you give me the output of show VLAN 1, and show VLAN 200. Are you using a single AP for both VLANs?

I would probably just do the following

Switch(config)# interface FastEthernet 0/40
Switch(config-if)#switchport access vlan 1

But I would like to see the config first to get a better idea if that is the best thing or not.

Member_2_4940386

If it switches to access port then you can't have guests go through VLAN 200.

I think the answer here is to trunk VLAN1 and 200 and turn off any native tags but I wanted to see the port config first to make sure I understood correctly.

theonlyallan

ASKER

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/24
200  AAAAAAAA_Wireless                active    Fa0/23
201  AAAAAAAA_WAN                     active    Fa0/22
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
331  enet  100331     1500  -      -      -        -    -        0      0
332  enet  100332     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    srb      0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------



Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        connected    1          a-full  a-100 10/100BaseTX
Fa0/2                        connected    1          a-full  a-100 10/100BaseTX
Fa0/3                        notconnect   1            auto   auto 10/100BaseTX
Fa0/4                        notconnect   1            auto   auto 10/100BaseTX
Fa0/5                        notconnect   1            auto   auto 10/100BaseTX
Fa0/6                        notconnect   1            auto   auto 10/100BaseTX
Fa0/7                        notconnect   1            auto   auto 10/100BaseTX
Fa0/8                        notconnect   1            auto   auto 10/100BaseTX
Fa0/9                        connected    trunk      a-full  a-100 10/100BaseTX
Fa0/10                       notconnect   1            auto   auto 10/100BaseTX
Fa0/11                       notconnect   1            auto   auto 10/100BaseTX
Fa0/12                       notconnect   1            auto   auto 10/100BaseTX
Fa0/13                       notconnect   1            auto   auto 10/100BaseTX
Fa0/14                       notconnect   1            auto   auto 10/100BaseTX
Fa0/15                       notconnect   1            auto   auto 10/100BaseTX
Fa0/16                       connected    trunk      a-auto  a-100 10/100BaseTX
Fa0/17                       notconnect   1            auto   auto 10/100BaseTX
Fa0/18                       connected    1          a-full  a-100 10/100BaseTX
Fa0/19                       connected    1          a-full  a-100 10/100BaseTX
Fa0/20                       connected    1          a-half  a-100 10/100BaseTX
Fa0/21                       connected    1          a-full  a-100 10/100BaseTX
Fa0/22                       connected    201        a-full  a-100 10/100BaseTX
Fa0/23                       connected    200        a-full  a-100 10/100BaseTX
Fa0/24                       connected    1          a-full  a-100 10/100BaseTX
Fa0/25                       notconnect   1            auto   auto 10/100BaseTX
Fa0/26                       notconnect   1            auto   auto 10/100BaseTX
Fa0/27                       notconnect   1            auto   auto 10/100BaseTX
Fa0/28                       notconnect   1            auto   auto 10/100BaseTX
Fa0/29                       notconnect   1            auto   auto 10/100BaseTX
Fa0/30                       notconnect   1            auto   auto 10/100BaseTX
Fa0/31                       connected    1          a-half   a-10 10/100BaseTX
Fa0/32                       notconnect   1            auto   auto 10/100BaseTX
Fa0/33                       connected    1          a-full  a-100 10/100BaseTX
Fa0/34                       connected    1          a-full  a-100 10/100BaseTX
Fa0/35                       connected    1          a-half  a-100 10/100BaseTX
Fa0/36                       connected    1          a-full  a-100 10/100BaseTX
Fa0/37                       connected    1          a-full  a-100 10/100BaseTX
Fa0/38                       connected    1          a-full  a-100 10/100BaseTX
Fa0/39                       connected    trunk      a-full  a-100 10/100BaseTX
Fa0/40                       connected    trunk      a-full  a-100 10/100BaseTX




interface FastEthernet0/22
 switchport access vlan 200
!
interface FastEthernet0/23
 switchport access vlan 201
!
interface FastEthernet0/40
  switchport mode trunk
!

Open in new window

theonlyallan

ASKER

FYI: I'm using ONE- Access Point..

The Access Point is plugged into Port 40..

Port 40- Assigned as Trunk
SSID1- Tagged as VLAN1
SSID2- Tagged as VLAN200

Member_2_4940386

interface FastEthernet0/40
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allow vlan 1,200
!

On the AP set tags for both SSIDs.

spiderwilk007

Yep that should work.

theonlyallan

ASKER

@llarmeu: I don't think that works.. traffic coming In from all the other ports are untagged. They need to be tagged, VLAN1, so my AP will recognize them.

My old AP wasn't this complicated.. and I don't want to replace this AP..

Member_2_4940386

What other ports?

spiderwilk007

I don't think you need to do anything with the other ports. If you do what llarmeu said it should work as long as you have the tagging setup on the AP. As far as the other ports go the switch should be able to route the traffic without the need to tag all VLAN1 ports.

spiderwilk007

Do you have your AP configured like this?

http://www.engeniustech.com/images/stories/VLAN-ECB9500-EAP9550.pdf

Member_2_4940386

Yes, make the change specific to that one port and it won't affect any of the other ports.

Login, enable, put in your password, then:

configure terminal
int fe0/40
switchport trunk encapsulation dot1q
switchport trunk allow vlan 1,200
exit
exit
wri mem

That will change ONLY port 40 and all of the others will work exactly as they are now.

Wissam

global command "tag dot1q native"

SOLUTION

Craig Beck

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER CERTIFIED SOLUTION

Fidelius

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

theonlyallan

ASKER

I actually figuired it out before coming back to EE to check..

I selected a random vlan as native for that port.. and VLAN1 and 200 is coming through as tagged.. thanks!

CSTAR05

I have a Cisco Aironet 1200 series. I created 2 SSIDs and trying to tag it with Cisco catalyst switch 3500. There is no option for vlan tagging in the access point.
Here is the output of show vlan in the switch

MO-3524-1>show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
2 VLAN0002 active Fa0/2, Fa0/3, Fa0/4, Fa0/5,
Fa0/6, Fa0/7, Fa0/8, Fa0/9,
Fa0/10, Fa0/11, Fa0/12, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa0/24
3 VLAN0003 active Fa0/13, Fa0/14, Fa0/15
4 VLAN0004 active
5 VLAN0005 active
50 uxsrv active
254 internet active
302 VLAN0302 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
254 enet 100254 1500 - - - - - 0 0
302 enet 100302 1500 - - - - - 0 0
1002 fddi 101002 1500 - 0 - - - 0 0
1003 tr 101003 1500 - 0 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0