Port type between Access Point MR and Switch Access Cisco

natuan
Here to help

Port type between Access Point MR and Switch Access Cisco

Hello everybody,

 

Our office has over 100 clients and 4 APs MR33.

Our Topology:

(Meraki MX)  <----->  (Switch Access 2960 Cisco)  <----->  (AP MR33)

Meraki MX is the gateway + DHCP Server.

We have 4 VLANs:

- VLAN 10: Staff

- VLAN 20: Guest

- VLAN 30: Management

- VLAN 40: Partner

 

My question is when I configure port type between MR33 and C2960 is trunk. It worked, 4 SSIDs broadcasted and correctly VLANs assigned.

When I configure port type between MR33 and C2960 is access to Staff VLAN. It worked as well.

I have no idea why access ports still work. Please help me to understand it.

 

Thank you,

natuan

12 Replies 12
rhbirkelund
Kind of a big deal
Kind of a big deal

How is Client IP Assignment configured for the SSIDs under Wireless -> Access Control?
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

We use Bridge Mode for both situations.
NolanHerring
Kind of a big deal


@natuan wrote:
We use Bridge Mode for both situations.

Can you show us an image example of how you have this configured for one of the SSIDs? Curious to check something.

Nolan Herring | nolanwifi.com
TwitterLinkedIn

For Staff WiFi, we use WPA2-Enterprise with radius and Bridge mode.
NolanHerring
Kind of a big deal

are you tagging the VLAN when you have bridge-mode enabled?
Nolan Herring | nolanwifi.com
TwitterLinkedIn

I show config on another access switch 🙂
In fact, that AP is connecting to VLAN 10 - Staff with access port.
No VLAN tagging for Staff SSID and other SSIDs are Layer 3 roaming with a concentrator.

Hi,

Just make a simple test, change between Bridge mode and Layer 3 roaming with a concentrator for guest VLAN

When I use Bridge mode, user has the same IP with staff VLAN.
When I use Layer 3 roaming with a concentrator and conventrate traffic on VLAN guest, user has the guest IP.

My conclusion is L3 roaming with a concentrator can bypass access port.
ww
Kind of a big deal
Kind of a big deal

Thats normal because al traffic tunnels to you wlc/appliance. The switch does not know whats inside the tunnel packets. 

 

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Modes_for_Client_IP_Assignme...

ww
Kind of a big deal
Kind of a big deal

can you add the full config of the cisco switch port when configured for access.

natuan
Here to help

The configuration:

 

interface GigabitEthernet0/3
switchport access vlan 30
switchport mode access
spanning-tree portfast edge
end

ww
Kind of a big deal
Kind of a big deal

you could check the vlans on the port.

 

#sh int G0/3 status
#sh vlan | i 0/3
 
it also works if you bounce the port?
natuan
Here to help

oh I show config on another access switch. LOL

In fact, that AP is connecting to VLAN 10 - Staff with access port.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels