11-08-2012 01:20 PM - edited 11-08-2012 01:40 PM
I am trying to get an IAP-105 configured for access on my network. The IAP will operate on VLAN 201, kept segregated from my internal network. I have a Juniper EX2200 set up as a test switch with ports 0-11 left on their factory default VLAN. Port 12 is configured as a trunk port in VLAN 201 only. Port 13 is configured as an access port in VLAN 201 only. Port 47 is configured as a trunk port with VLAN 201, with the network uplink connected.
When a laptop and the IAP are plugged into ports 0-11, I can connect to the IAP's GUI from the wired interface on the laptop.
Of course, there is no internet access. When I connect the IAP to port 12, I can connect to the IAP with the laptop's wireless card and my phone, both devices get IPs from the network DHCP server, and they can both access the internet through the IAP. However, when I plug the laptop in to port 13, I cannot make a wired connection from the laptop to the IAP's GUI. The laptop can connect to the internet through port 47, so basic network connectivity and access to VLAN 201 is functioning correctly, but it just flat cannot hit the IAPs GUI. I have looked over every setting in the IAP that has anything to do with VLANs, wired access, etc., and I'm at a loss on what to do next.
Worst case, I could configure the IAPs in my office on a test VLAN(default) switch, then install them in their final public access locations, but if I ever needed to connect to the GUI I'd need to pull them off the ceiling and connect them back to the VLAN(default) switch ports. Obviously something is not configured correctly, but I've run out of ideas.
Has anyone run into this issue?
*Update: I have verified connectivity between ports 12 and 13. Workstations connected to these ports can ping each other, so I don't see how it could be an issue with the switch.
Solved! Go to Solution.
11-08-2012 01:39 PM
I suspect you have the Juniper port 13 untagged where Vlan 201 in the IAP is tagged. The IAP uses the Default / Native untagged vlan for management then the additional vlans (Vlan 201) are tagged.
You need port 13 set up as a trunk port if you have management on the Default / Native vlan (default setting) and an SSID on another Vlan -- IAP will tag the additional vlans you create.
Alternatively, you can override the default setting with mgmt on the Native vlan and assign it to a spefic vlan ID and also have the SSID in that vlan but it will still be tagged. See "Configuring Uplink Management Vlan" in the IAP User's Guide.
11-08-2012 01:59 PM - edited 11-08-2012 02:00 PM
Apparently the software version that this IAP shipped with (220.127.116.11-18.104.22.168_33617) does not support setting a management VLAN other than default. I will try again once I upgrade it to 22.214.171.124.
11-09-2012 08:36 AM
Updating the firmware to version 126.96.36.199-188.8.131.52_35899 enabled the new Uplink tab on the Edit Access Point menu. Changing the Uplink management VLAN from default (0) to 201 enabled IAP management GUI access from within the unit's production VLAN 201.
Thank you Marcus.