Hi
I am re-configuring my test network and an unexpected error has occurred. I am in the first stage of moving devices to appropriate VLANs. The VLANs used by the two SSIDs are circled in the screenshot below -
The phone attaches either of the SSIDs as selected -
However, the Access Point is reporting an error -
Doubtless, I've done something silly, but I am a little surprised at the mention of VLAN 0.
Any suggestions greatly welcomed.
@uberseehandel
Philip
Thanks for your interest.
I just tried getting the phone to forget both networks so it was unattached and then re-attached to VLAN 111 Analytics ( via the Enigma SSID. I still get the same error message and the orange status on the AP.
The default is VLAN 1 not 0. The switch and the AP are on the management VLAN 11. Eventually, I intend removing VLAN 1 and I do not see that I need VLAN 0 (is that a normal VLAN), if everything is specifically assigned?
I'm a bit puzzled.
@uberseehandel
Thanks for your suggestion - the screenshot below shows how the AP is configured -
Both the SSIDs function as expected. The AP is getting its IP address from the correct VLAN DHCP server. I am not sure where to go looking for more causes . . .
@uberseehandel
LAN1 port on MX plugs into the MS220-8P port 10
@uberseehandel
I've accessed the local pages for the switch (MS220-8P) and the AP, everything appears to be Healthy.
However, I check the entry on the switch port page and it shows that that the port the switch is connected to has
Native VLAN - 11
Allowed VLAN - 11, 111, 1001
(11 Management, 111 Analytics, 1001 Isolated Guests)
- is this correct?
@uberseehandel
Thanks for your help guys, it is much appreciated.
As you both predicted, changing the native VLAN for the AP(s) back to 1 solved the problem.
Because of my background, I'd prefer it if there was not a default VLAN, and to avoid using VLAN 1, because both 0 and 1 are predictable and often default values.
I'm trying to develop a core architecture that can act as a template for future deployments, rather than configure on a one-off basis.
I am not a network engineer, so what is obvious to everybody else is not always obvious to me. As I said before, your assistance is much appreciated.
Robin
@uberseehandel
I've found a lot of information on the Cisco education site so I'll take it on board (hopefully weeding out the misleading stuff), and I'll re-organise the VLAN numbering scheme accordingly. I'm tempted by (room) 101 for the unused VLAN.
@uberseehandel
Thanks for your suggestions.
I now have the VLANs configured pretty well the way I want them to work.
My next issues are to do with isolating "risky" devices into their own VLAN yet still be able to access their services, eg Bonjour or Chromecast.
Virtually all the "smart" devices I have seen are woeful from a security viewpoint, so should be kept away from the rest of the network, yet some are quite convenient. Whether it is at home or work, I cannot see us having fewer smart devices in the future. So we have to be able to find a way of being able to live with them, securely.
@uberseehandel
@PhilipDAth wrote:Reading this again I missed this was an AP issue.
I would think by "VLAN0" it means the native or untagged VLAN.
The switch port that that the AP plugs into, I assume it is a trunk port. Is the native VLAN - VLAN1, or a different native VLAN?
At present he "default" VLAN is VLAN 1. At present all the switch ports are trunk ports.
My aim is to use VLAN 11 as the management VLAN and avoid using any defaults.
Its after 2235 here I'll get back to this in the morning (my time), thank you for your assistance.
Do I need to do anything on the switches other than set which VLANs each port will pass? Do I need to set up the ports to also pass the management VLAN when a client device is directly attached?
laters . .
@uberseehandel
