<div>
Do you have a diagram, which includes the LAN/VLANs that exist now? Also would like to see how the switch is configured now (including port memberships).
</div>


<div>
Hi Mas, <br />
<br />
I'll be submitting one of those shortly. Thanks for looking
</div>


<div>
Hi Mas, <br />
<br />
I've included the diagram for you. <br />
<br />
The VLAN is untagged. <br />
<br />
Cheers<br />
Yash<br />
<a href="https://filedb.experts-exchange.com/incoming/2017/03_w12/1152323/Network.jpg" target="_blank" class="file-inline" title="Network (23 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Network.jpg</a>
</div>


Network.jpg

<div>
Let me ask this: What exactly is your goal? To have the AP use an address from VLAN 3, and have the clients connecting to the wireless network use a different VLAN?<br />
<br />
Also, is the port going from the Cisco to the Draytek a trunk port? And what type of port is the AP connected to?
</div>


<div>
Hi Mas, <br />
<br />
Our goal is for the AP to use an address from VLAN3, that's it. This AP is broadcasting two SSID's. One of them is for the external wi-fi and the other is internal wi-fi. For people connecting to the internal wi-fi, they must get an IP address via DHCP the network range on VLAN3. At the moment, they can't, as the PoE switch which the AP is connected to (we believe) needs to be configured to be able to talk to VLAN3 on the Cisco. The only way we can do this is by setting up a VLAN3 on this PoE switch?<br />
<br />
The port from the Cisco to the Draytek is not a trunk port, no. The port the AP is connected to on the PoE switch, is just a normal port that has not been configured with anything. <br />
<br />
Cheers<br />
Yash
</div>


<div>
Have you tried just connecting a laptop directly to your poe switch? If it't working there you could narrow the problem down. If you haven't already you should manually set the ports between the cisco and the draytek switches to access. By default the cisco switch will try and auto select trunk or access depending on what it sees on the other side. If it is set to trunk you could have vlan mismatch problems. I've never worked with Draytek, but on a Cisco standalone AP you can't have two different SSIDs on the same vlan, maybe that's the issue. Also it sounds like you have both your external and internal SSIDs using the same vlan, with the internal users getting DHCP, I'm assuming the external users use static IPs. If it were me I would setup two different vlans, 1 for external and the other for internal. You would then trunk the connection all the way through and setup &nbsp;the AP to use the different vlans for the different ssids
</div>


<div>
I'm assuming that all of the ports on the Cisco are configured for VLAN3? You have no other VLANs in use?<br />
<br />
So...<br />
1) The port on the Draytek that the Cisco is connected to needs to be configured to be a member of VLAN3 for untagged traffic. (This assumes you created a VLAN3 on your Draytek already)<br />
2) The port the AP is connected to does need to be configured the same way as the port the Cisco is connected to.<br />
<br />
This also means that you don't need to specific a VLAN tag for your SSID on the AP.
</div>


<div>
Andy, thanks for writing. There are two different networks. One is on a VLAN, one is not. The access point only has one ethernet cable going straight to the PoE switch. We can connect to the external-wifi without any issues. However, when we try to connect to the internal wi-fi, which is connected to VLAN3, is where the issue lies. There is no trunking or tagging.
</div>


<div>
Internal wifi is which VLAN?<br />
External wifi is which VLAN?<br />
<br />
You only mention a VLAN3 here, so that might be what requires clarification.
</div>


<div>
Hey Mas, <br />
<br />
I'm going to give your suggestion a go in a moment and let you know:). <br />
<br />
Cheers<br />
Yash
</div>


<div>
I tried and it doesn't work. The issue here is whether I'm even doing the whole VLAN'ing correctly.
</div>


<div>
Tell us how you want things to work with both VLANs, then it should be easier.
</div>


<div>
Okay, i will explain what I want it to do.<br />
<br />
There are two networks, but only one VLAN. <br />
<br />
Access point gives two SSID's. One is called GuestWifi, other one is called StaffWifi. <br />
On the access point itself, we have configured StaffWifi to associate itself with ID 3 on the VLAN, which equates to VLAN3 I assume. <br />
<br />
The access point is only connected by ONE cable directly to the Draytek P1100 PoE switch. &nbsp;From the Draytek P1100 PoEswitch is a cable that goes to the 10.0.5.0/24 network. And another cable that goes from the Draytek P1100 PoEswitch and into VLAN3, which is the 128.3.1.0/24 network. <br />
<br />
So to summerise the connections:<br />
Guestwifi connects to the 10.0.5.0/24 network. No VLAN<br />
StaffWifi connects to the 128.3.1.0/24 network. VLAN3. <br />
<br />
<br />
I can connect to the Guest-Wifi without any issues from the laptop. It gets the IP address, without any issues. But I can't do the same with the StaffWifi, as it won't assign the laptop an IP from the 128.3.1.0/24 range. <br />
<br />
I have been told that I need to setup the Draytek P1100 PoE with the ability to tag VLAN3 traffic on the port the access point connects.
</div>


<div>
DHCP is on the actual Windows machine connected to VLAN3. At the moment all traffic set for VLAN3 on the main Cisco 3750 switch is untagged. So VLAN3 is setup on the Cisco 3750 switch. <br />
<br />
<br />
By the way, really appreciate this, thanks a lot.
</div>


<div>
I know how to set the port to Trunk. I just don't know how to set it to get VLAN3 and VLAN1 traffic on a particular port. Any ideas on how to do that at all? <br />
<br />
This is the manual: <a href="http://www.draytek.com/ftp/VigorSwitch%20P1100/Manual/DrayTek_UG_VigorSwitch%20P1100_V1.2.pdf" rel="ugc">http://www.draytek.com/ftp/VigorSwitch%20P1100/Manual/DrayTek_UG_VigorSwitch%20P1100_V1.2.pdf</a>&nbsp;<br />
<br />
No worries if you can't. Appreciate the help.
</div>


<div>
On the manual, the section you need starts on page 55 for the VLAN management. Page 56 shows dealing with VLAN port membership. You only need to go to about page 58. That provides whatever you need.<br />
<br />
The more I'm hearing, the more something isn't adding up. Where is the 10.0.0.x LAN (VLAN1) coming from? You've described what it is, but your diagram makes no mention of it, so it's actually harder to see how you have this done. However, your diagram shows reasons that things getting to VLAN3 should work, not VLAN1.
</div>


<div>
Hi Mas, <br />
<br />
The 10.0.5.x network is connected directly from the PoE switch into our Watchguard firewall, which is providing DHCP for this particular range. So just think of it as an extra cable from the Draytek PoE straight into the port of our firewall that has been set with the 10.0.5.x range. You are right though, we can't connect to 10.0.5.x network whilst the VLAN3 is also connected. We can only connect to the 10.0.5.x network if VLAN3 is disconnected. I'm going to close this and take up your advice, but I will need to repost for setting up trunk port:). <br />
<br />
Cheers man<br />
Yash
</div>


<div>
<div class="content wysiwyg-content">
Hi guys, <br />
<br />
We have some Watchguard access points which have been setup to talk to our VLAN (VLAN3, to be specific). These access points have to be connected to a PoE switch, which is a Draytek P1100, which they are on and they are on and the SSID's can be seen. Then I have connected a cable from a port on the Draytek P1100 directly into the VLAN3 network. <br />
<br />
What's happening, from my perspective, is that the Draytek P1100 needs to be configured to pass on the VLAN3 traffic back and receive also. I have done what I can by creating a VLAN and setting a PVID of 3 and having untagged traffic permitted. But something tells me I may be missing something. <br />
<br />
This is the manual: <a href="http://www.draytek.com/ftp/VigorSwitch%20P1100/Manual/DrayTek_UG_VigorSwitch%20P1100_V1.2.pdf" rel="ugc">http://www.draytek.com/ftp/VigorSwitch%20P1100/Manual/DrayTek_UG_VigorSwitch%20P1100_V1.2.pdf</a><br />
<br />
Any ideas? <br />
<br />
Thanks a lot for helping<br />
Yashy
</div>
</div>


Hi guys, 

We have some Watchguard access points which have been setup to talk to our VLAN (VLAN3, to be specific). These access points have to be connected to a PoE switch, which is a Draytek P1100, which they are on and they are on and the SSID's can be seen. Then I have connected a cable from a port on the Draytek P1100 directly into the VLAN3 network. 

What's happening, from my perspective, is that the Draytek P1100 needs to be configured to pass on the VLAN3 traffic back and receive also. I have done what I can by creating a VLAN and setting a PVID of 3 and having untagged traffic permitted. But something tells me I may be missing something. 

This is the manual: http://www.draytek.com/ftp/VigorSwitch%20P1100/Manual/DrayTek_UG_VigorSwitch%20P1100_V1.2.pdf

Any ideas? 

Thanks a lot for helping
Yashy

Access points not passing on DHCP, because of Draytek PoE Switch (VLAN related)

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

Routers

Wireless networking is anything related to the transfer of data between two (or more) devices without the use of a physical connection, ranging from getting advice on a new Bluetooth headset to configuring sophisticated enterprise level networks.

Wireless Networking

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.

Switches / Hubs

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).