Wireless Access

Reply
Occasional Contributor I

Access or Trunk Port? that is the question

I have inherited a network with a centralized controller and 100+ APs across 15 locations.  The APs are on switch trunk ports and access ports across the sites, sometimes both in the same site.  What madness.  Shouldn't it be one or the other?  Which?  Yes, there are more than one VLAN (3) and each is related to a separate SSID.

MVP

Re: Access or Trunk Port? that is the question

Are these APs tunneling clients to a controller or are they instant APs?

 

If I am tunneling clients to a controller I put the APs on access ports. If I am bridging wireless clients to multiple VLANs using instant access points and no controller, I use a trunk port. 

 

Sean Rynearson
MVP

Re: Access or Trunk Port? that is the question

Also, Big Welcome to the Community :-)

Sean Rynearson
Occasional Contributor I

Re: Access or Trunk Port? that is the question

Each remote location has 100 mbps Layer 2 point to point fiber.
Occasional Contributor I

Re: Access or Trunk Port? that is the question

THANK YOU!
MVP

Re: Access or Trunk Port? that is the question

Controller or no controller?

Sean Rynearson
Occasional Contributor I

Re: Access or Trunk Port? that is the question

Controller at centralized data center
MVP

Re: Access or Trunk Port? that is the question

You will need to check your config but most likely you are tunneling all wireless client traffic to the dc. In that case the access points themselves could be on an access port. 

Sean Rynearson
Aruba Employee

Re: Access or Trunk Port? that is the question

If you care at all about WIDS / detecting rogue APs you should set the interface to trunk and native VLAN to the VLAN you want the APs to pass traffic on. It's important for the APs to recieve the broadcast traffic on the other VLANs particularly the wired VLAN in the same coverage areas where someone may potentially plug in a rogue AP. Also ensure STP is disabled on AP ports.

Cheers!
Marcus Wehmeyer
Occasional Contributor I

Re: Access or Trunk Port? that is the question

Good point, all Internet content filtering is done at the dc on the FW there.  There is no internet at the remote sites, so servers either.  But there is local printing.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: