andreacadia
asked on
Catalayst 2960 VLAN Guest Wifi
good day,
I have a relatively simple requirement to have an access point broadcast 3 wifi networks that are each on a separate VLAN. however i ran into some issues with the switch as it works fine when the WAP bypasses the switch and plugs direct into the Security Appliance. The end result is to achieve a configuration where a client will be on a different VLAN and IP subnet when it connects to each wifi network that the WAP is broadcasting. Again, when the WAP is linked directly to the security appliance, it works as planned. so it may be safe to assume that the security appliance is not the issue. i should note that the security appliance is providing DHCP services for each of the 3 VLANs without issue when the WAP is plugged directly to it.
Our issues begin when the switch is inserted in the middle and we begin trunking. When port 21 on the switch is patched to the Security Appliance, all IP connectivity to the switch itself goes down and IP connectivity between clients connected to the switch also goes down.
And port 21 shows as down/down at that point so it wont establish physical link.
is the switch doing some sort of blocking? my setup is below:
Here are the details:
3 Devices Involved:
1 x Wireless Access Point with a native (default) VLAN ID of 1
1 x Catalyst 2960x switch with a native (default) VLAN ID of 1
1 x Meraki MX 84 Security Appliance as the internet gateway with native (default) VLAN ID of 1
Connectivity looks like this:
WAP -> Switch Port 23
Switch Port 21 -> Meraki Appliance
VLANS:
Corp - VLAN 1 - 192.168.1.0/24
Staff - VLAN 190 - 192.168.190.0/24
Guest - VLAN 200 - 192.168.200.0 /24
Port configurations:
Switch Port 23:
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 1,190,200
switchport mode trunk
Switch Port 21:
interface GigabitEthernet1/0/21
switchport mode trunk
Any assistance is appreciated!
I have a relatively simple requirement to have an access point broadcast 3 wifi networks that are each on a separate VLAN. however i ran into some issues with the switch as it works fine when the WAP bypasses the switch and plugs direct into the Security Appliance. The end result is to achieve a configuration where a client will be on a different VLAN and IP subnet when it connects to each wifi network that the WAP is broadcasting. Again, when the WAP is linked directly to the security appliance, it works as planned. so it may be safe to assume that the security appliance is not the issue. i should note that the security appliance is providing DHCP services for each of the 3 VLANs without issue when the WAP is plugged directly to it.
Our issues begin when the switch is inserted in the middle and we begin trunking. When port 21 on the switch is patched to the Security Appliance, all IP connectivity to the switch itself goes down and IP connectivity between clients connected to the switch also goes down.
And port 21 shows as down/down at that point so it wont establish physical link.
is the switch doing some sort of blocking? my setup is below:
Here are the details:
3 Devices Involved:
1 x Wireless Access Point with a native (default) VLAN ID of 1
1 x Catalyst 2960x switch with a native (default) VLAN ID of 1
1 x Meraki MX 84 Security Appliance as the internet gateway with native (default) VLAN ID of 1
Connectivity looks like this:
WAP -> Switch Port 23
Switch Port 21 -> Meraki Appliance
VLANS:
Corp - VLAN 1 - 192.168.1.0/24
Staff - VLAN 190 - 192.168.190.0/24
Guest - VLAN 200 - 192.168.200.0 /24
Port configurations:
Switch Port 23:
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 1,190,200
switchport mode trunk
Switch Port 21:
interface GigabitEthernet1/0/21
switchport mode trunk
Any assistance is appreciated!
Garry Glendown
Do you get any log infos from either the switch or the Meraki device? What do you see on the switch if you have "term mon" active and plug/unplug port 21?
ASKER
Haven't tried term mon monitoring. Was looking to validate the configuration on the switch side first.
Did you add the vlans on the switch. post a show vlans.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.