Access points not passing on DHCP, because of Draytek PoE Switch (VLAN related)
Hi guys,
We have some Watchguard access points which have been setup to talk to our VLAN (VLAN3, to be specific). These access points have to be connected to a PoE switch, which is a Draytek P1100, which they are on and they are on and the SSID's can be seen. Then I have connected a cable from a port on the Draytek P1100 directly into the VLAN3 network.
What's happening, from my perspective, is that the Draytek P1100 needs to be configured to pass on the VLAN3 traffic back and receive also. I have done what I can by creating a VLAN and setting a PVID of 3 and having untagged traffic permitted. But something tells me I may be missing something.
This is the manual: http://www.draytek.com/ftp/VigorSwitch%20P1100/Manual/DrayTek_UG_VigorSwitch%20P1100_V1.2.pdf
Any ideas?
Thanks a lot for helping
Yashy
We have some Watchguard access points which have been setup to talk to our VLAN (VLAN3, to be specific). These access points have to be connected to a PoE switch, which is a Draytek P1100, which they are on and they are on and the SSID's can be seen. Then I have connected a cable from a port on the Draytek P1100 directly into the VLAN3 network.
What's happening, from my perspective, is that the Draytek P1100 needs to be configured to pass on the VLAN3 traffic back and receive also. I have done what I can by creating a VLAN and setting a PVID of 3 and having untagged traffic permitted. But something tells me I may be missing something.
This is the manual: http://www.draytek.com/ftp/VigorSwitch%20P1100/Manual/DrayTek_UG_VigorSwitch%20P1100_V1.2.pdf
Any ideas?
Thanks a lot for helping
Yashy
masnrock
Do you have a diagram, which includes the LAN/VLANs that exist now? Also would like to see how the switch is configured now (including port memberships).
ASKER
Hi Mas,
I'll be submitting one of those shortly. Thanks for looking
I'll be submitting one of those shortly. Thanks for looking
ASKER
Let me ask this: What exactly is your goal? To have the AP use an address from VLAN 3, and have the clients connecting to the wireless network use a different VLAN?
Also, is the port going from the Cisco to the Draytek a trunk port? And what type of port is the AP connected to?
Also, is the port going from the Cisco to the Draytek a trunk port? And what type of port is the AP connected to?
ASKER
Hi Mas,
Our goal is for the AP to use an address from VLAN3, that's it. This AP is broadcasting two SSID's. One of them is for the external wi-fi and the other is internal wi-fi. For people connecting to the internal wi-fi, they must get an IP address via DHCP the network range on VLAN3. At the moment, they can't, as the PoE switch which the AP is connected to (we believe) needs to be configured to be able to talk to VLAN3 on the Cisco. The only way we can do this is by setting up a VLAN3 on this PoE switch?
The port from the Cisco to the Draytek is not a trunk port, no. The port the AP is connected to on the PoE switch, is just a normal port that has not been configured with anything.
Cheers
Yash
Our goal is for the AP to use an address from VLAN3, that's it. This AP is broadcasting two SSID's. One of them is for the external wi-fi and the other is internal wi-fi. For people connecting to the internal wi-fi, they must get an IP address via DHCP the network range on VLAN3. At the moment, they can't, as the PoE switch which the AP is connected to (we believe) needs to be configured to be able to talk to VLAN3 on the Cisco. The only way we can do this is by setting up a VLAN3 on this PoE switch?
The port from the Cisco to the Draytek is not a trunk port, no. The port the AP is connected to on the PoE switch, is just a normal port that has not been configured with anything.
Cheers
Yash
Have you tried just connecting a laptop directly to your poe switch? If it't working there you could narrow the problem down. If you haven't already you should manually set the ports between the cisco and the draytek switches to access. By default the cisco switch will try and auto select trunk or access depending on what it sees on the other side. If it is set to trunk you could have vlan mismatch problems. I've never worked with Draytek, but on a Cisco standalone AP you can't have two different SSIDs on the same vlan, maybe that's the issue. Also it sounds like you have both your external and internal SSIDs using the same vlan, with the internal users getting DHCP, I'm assuming the external users use static IPs. If it were me I would setup two different vlans, 1 for external and the other for internal. You would then trunk the connection all the way through and setup the AP to use the different vlans for the different ssids
I'm assuming that all of the ports on the Cisco are configured for VLAN3? You have no other VLANs in use?
So...
1) The port on the Draytek that the Cisco is connected to needs to be configured to be a member of VLAN3 for untagged traffic. (This assumes you created a VLAN3 on your Draytek already)
2) The port the AP is connected to does need to be configured the same way as the port the Cisco is connected to.
This also means that you don't need to specific a VLAN tag for your SSID on the AP.
So...
1) The port on the Draytek that the Cisco is connected to needs to be configured to be a member of VLAN3 for untagged traffic. (This assumes you created a VLAN3 on your Draytek already)
2) The port the AP is connected to does need to be configured the same way as the port the Cisco is connected to.
This also means that you don't need to specific a VLAN tag for your SSID on the AP.
ASKER
Andy, thanks for writing. There are two different networks. One is on a VLAN, one is not. The access point only has one ethernet cable going straight to the PoE switch. We can connect to the external-wifi without any issues. However, when we try to connect to the internal wi-fi, which is connected to VLAN3, is where the issue lies. There is no trunking or tagging.
Internal wifi is which VLAN?
External wifi is which VLAN?
You only mention a VLAN3 here, so that might be what requires clarification.
External wifi is which VLAN?
You only mention a VLAN3 here, so that might be what requires clarification.
ASKER
Hey Mas,
I'm going to give your suggestion a go in a moment and let you know:).
Cheers
Yash
I'm going to give your suggestion a go in a moment and let you know:).
Cheers
Yash
ASKER
I tried and it doesn't work. The issue here is whether I'm even doing the whole VLAN'ing correctly.
Tell us how you want things to work with both VLANs, then it should be easier.
ASKER
Okay, i will explain what I want it to do.
There are two networks, but only one VLAN.
Access point gives two SSID's. One is called GuestWifi, other one is called StaffWifi.
On the access point itself, we have configured StaffWifi to associate itself with ID 3 on the VLAN, which equates to VLAN3 I assume.
The access point is only connected by ONE cable directly to the Draytek P1100 PoE switch. From the Draytek P1100 PoEswitch is a cable that goes to the 10.0.5.0/24 network. And another cable that goes from the Draytek P1100 PoEswitch and into VLAN3, which is the 128.3.1.0/24 network.
So to summerise the connections:
Guestwifi connects to the 10.0.5.0/24 network. No VLAN
StaffWifi connects to the 128.3.1.0/24 network. VLAN3.
I can connect to the Guest-Wifi without any issues from the laptop. It gets the IP address, without any issues. But I can't do the same with the StaffWifi, as it won't assign the laptop an IP from the 128.3.1.0/24 range.
I have been told that I need to setup the Draytek P1100 PoE with the ability to tag VLAN3 traffic on the port the access point connects.
There are two networks, but only one VLAN.
Access point gives two SSID's. One is called GuestWifi, other one is called StaffWifi.
On the access point itself, we have configured StaffWifi to associate itself with ID 3 on the VLAN, which equates to VLAN3 I assume.
The access point is only connected by ONE cable directly to the Draytek P1100 PoE switch. From the Draytek P1100 PoEswitch is a cable that goes to the 10.0.5.0/24 network. And another cable that goes from the Draytek P1100 PoEswitch and into VLAN3, which is the 128.3.1.0/24 network.
So to summerise the connections:
Guestwifi connects to the 10.0.5.0/24 network. No VLAN
StaffWifi connects to the 128.3.1.0/24 network. VLAN3.
I can connect to the Guest-Wifi without any issues from the laptop. It gets the IP address, without any issues. But I can't do the same with the StaffWifi, as it won't assign the laptop an IP from the 128.3.1.0/24 range.
I have been told that I need to setup the Draytek P1100 PoE with the ability to tag VLAN3 traffic on the port the access point connects.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DHCP is on the actual Windows machine connected to VLAN3. At the moment all traffic set for VLAN3 on the main Cisco 3750 switch is untagged. So VLAN3 is setup on the Cisco 3750 switch.
By the way, really appreciate this, thanks a lot.
By the way, really appreciate this, thanks a lot.
ASKER
I know how to set the port to Trunk. I just don't know how to set it to get VLAN3 and VLAN1 traffic on a particular port. Any ideas on how to do that at all?
This is the manual: http://www.draytek.com/ftp/VigorSwitch%20P1100/Manual/DrayTek_UG_VigorSwitch%20P1100_V1.2.pdf
No worries if you can't. Appreciate the help.
This is the manual: http://www.draytek.com/ftp/VigorSwitch%20P1100/Manual/DrayTek_UG_VigorSwitch%20P1100_V1.2.pdf
No worries if you can't. Appreciate the help.
On the manual, the section you need starts on page 55 for the VLAN management. Page 56 shows dealing with VLAN port membership. You only need to go to about page 58. That provides whatever you need.
The more I'm hearing, the more something isn't adding up. Where is the 10.0.0.x LAN (VLAN1) coming from? You've described what it is, but your diagram makes no mention of it, so it's actually harder to see how you have this done. However, your diagram shows reasons that things getting to VLAN3 should work, not VLAN1.
The more I'm hearing, the more something isn't adding up. Where is the 10.0.0.x LAN (VLAN1) coming from? You've described what it is, but your diagram makes no mention of it, so it's actually harder to see how you have this done. However, your diagram shows reasons that things getting to VLAN3 should work, not VLAN1.
ASKER
Hi Mas,
The 10.0.5.x network is connected directly from the PoE switch into our Watchguard firewall, which is providing DHCP for this particular range. So just think of it as an extra cable from the Draytek PoE straight into the port of our firewall that has been set with the 10.0.5.x range. You are right though, we can't connect to 10.0.5.x network whilst the VLAN3 is also connected. We can only connect to the 10.0.5.x network if VLAN3 is disconnected. I'm going to close this and take up your advice, but I will need to repost for setting up trunk port:).
Cheers man
Yash
The 10.0.5.x network is connected directly from the PoE switch into our Watchguard firewall, which is providing DHCP for this particular range. So just think of it as an extra cable from the Draytek PoE straight into the port of our firewall that has been set with the 10.0.5.x range. You are right though, we can't connect to 10.0.5.x network whilst the VLAN3 is also connected. We can only connect to the 10.0.5.x network if VLAN3 is disconnected. I'm going to close this and take up your advice, but I will need to repost for setting up trunk port:).
Cheers man
Yash