Environment : This article applies to all Controller models and AOS versions.
In deployments that have a local DHCP server (SSIDs and wired ports operating in Bridge mode), the native VLAN parameter is used. The frames on the native VLAN are not tagged with 802.1q tags, so the native VLAN ID in the AP system profile of an APgroup determines if bridged traffic is tagged or not. If the native VLAN ID value matches the VLAN value in the bridged VAP or wired AP profile, then the traffic is not tagged. If the native VLAN ID value does not match the VLAN value in the bridged VAP or wired AP profile, then the traffic is tagged with the VLAN ID that is specified in the bridged VAP or wired AP profile.
For example:
Scenario 1:
AP uplink is access
vlan on the AP uplink is vlan 1
native vlan in ap system profile is 10 and
vlan in the birdge VAP profile is 10,
As The native VLAN in the AP system profile matches the VLAN ID in the VAP profile, so the traffic is untagged. Hence, users get IP addresses from VLAN 1.
Scenario 2:
AP uplink is access
VLAN on the AP uplink is vlan 1
Native vlan in ap system profile is 10 and
vlan in the bridge VAP profile is 20,
Here, the native VLAN in the AP system profile does not match the VLAN ID in the VAP profile, so the traffic is tagged as VLAN 20. Users do not get an IP address and they cannot pass traffic because the uplink switch will drop all the 802.1Q tagged packets received on access ports.
Scenario 3:
AP uplink is trunk
VLAN on the AP uplink is vlan 1 (native vlan)
Native vlan in ap system profile is 10 and
vlan in the bridge VAP profile is 100,
Here, the native VLAN in the AP system profile does not match the VLAN ID in the VAP profile, so the traffic is tagged as VLAN 100. Hence, the users get IP addresses from VLAN 100 and all the user traffic forwarded through the uplink trunk is tagged with VLAN 100.
Scenario 4:
AP uplink is trunk
VLAN on the AP uplink is vlan 1 (native vlan)
Native vlan in ap system profile is 10 and
vlan in the bridge VAP profile is 20
Here, the native VLAN in the AP system profile does not match the VLAN ID in the VAP profile, so the traffic is tagged as VLAN 20. Hence, the users get IP addresses from VLAN 20 and all the user traffic forwarded through the uplink trunk is tagged with VLAN 20.
Scenario 6:
AP uplink is trunk
VLAN on the AP uplink is vlan 30 (native vlan)
Native vlan in ap system profile is 20 and
vlan in the bridge VAP profile is 20
Here, the native VLAN in the AP system profile matches the VLAN ID in the VAP profile, so the traffic is untagged. Hence, users get IP addresses from VLAN 30 and all the user traffic forwarded through the uplink trunk is untagged.