03-18-2014 03:27 PM
Ive made a lot of post regarding this but since my latest IAP installation failed ill ask again
I have 12 IAPs and all will be connected to ports that are configured as following:
untagged vlan 100
tagged vlan 200
tagged vlan 300
the vlan 100 have dhcp and the IAPs are going to be on that subnet. A ssid will be configured here with the settings "Network assigned" and vlan "default"
for vlan 200 and 300 the IAP will be dhcp and a firewall on that subnet the default gw. One ssid for each vlan, both with the vlan setting "Network assigned" and vlan "static"
Does the wired profile on all IAPs need to be set to trunk and have the native vlan as 100 the vlans 200 and 300 as allowed?
Cant the wired profile just be as default (access) since the port is untagged, or will the ssid with the vlans 200 and 300 not work?
thanks again for the help
03-18-2014 04:13 PM
Since IAP acts us a default-gateway for both VLAN`s 200 & 300; wired profile should be just configured as access and not trunk in this case. All traffic should be src-nated with VLAN 100 for the users connecting on VLAN 200 & 300 to get the traffic out.
03-21-2014 07:28 AM
personally i would expect you need a trunk with the native vlan on 100 and the tagged ones set the 200 and 300, or possibly all three tragged, depends on how you config your switch. with only access how would your user bridge from the AP to the VLAN on the wired net work?
the combination of dhcp on IAP, but default gateway on some routing device is still a bit unclear to me, though others said it should work.