Controllerless Networks

Hi.

I'm trying to assign a tagged management VLAN to an AP using 

uplink-vlan 100

 

If the Instant AP connects to port that doesn't have this VLAN tagged on it, it reboots a few times and then starts to use the untagged VLAN.

 

Is there a way to prevent it from every using the untagged VLAN?

 

Thanks. 

It's very much not recommended to use tagged management VLANs. Use the native VLAN instead, which on the switch port can be configured on a specific vlan as trunk native VLAN or untagged VLAN.

 

In the case you really can't get away from using a tagged management VLAN, I would work closely together with Aruba Support if you have issues like these.

 

Or do others have different experiences?

Thank you for responding.

 

What is the reason that tagged VLANs are not recommend for the Management VLAN?

Not fully sure about all the backgrounds, but it may have to do with the added complexity, pre-provisioning needed, and the default setup is to use the untagged so that is what most of the people in the world are running. I'd only implement this if you can't configure your edge switches to have the management VLAN untagged.

 

Best-practice is to stay with the defaults unless you have a good reason to deviate from that.

 

What would be the reason to have your management tagged?

Dear Herman Robers.

all most I have the same issue, but in my case, I'm trying to use VLAN for IAP MGMT (NATIVE VLAN) and an IP address from a different subnet for Virtual controller IP (Allowed on the trunk).

I'm not able to access IAP through VIP, changed the Virtual controller IP settings under the system option, but the same result.

in brief i need to use VLAN for IAP mgmt and different VLAN for VIP.

------------------------------
mohammad al-alami
------------------------------

Original Message:
Sent: Sep 11, 2020 07:40 AM
From: Herman Robers
Subject: Assigned a tagged Management VLAN which blocks untagged access

It's very much not recommended to use tagged management VLANs. Use the native VLAN instead, which on the switch port can be configured on a specific vlan as trunk native VLAN or untagged VLAN.

 

In the case you really can't get away from using a tagged management VLAN, I would work closely together with Aruba Support if you have issues like these.

 

Or do others have different experiences?

The Virtual Controller IP needs to be in the same untagged (management) network as your APs.

Only wireless clients should be placed in tagged VLANs at the AP.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Jan 17, 2021 10:40 AM
From: mohammad al-alami
Subject: Assigned a tagged Management VLAN which blocks untagged access

Dear Herman Robers.

all most I have the same issue, but in my case, I'm trying to use VLAN for IAP MGMT (NATIVE VLAN) and an IP address from a different subnet for Virtual controller IP (Allowed on the trunk).

I'm not able to access IAP through VIP, changed the Virtual controller IP settings under the system option, but the same result.

in brief i need to use VLAN for IAP mgmt and different VLAN for VIP.

------------------------------
mohammad al-alami

Original Message:
Sent: Sep 11, 2020 07:40 AM
From: Herman Robers
Subject: Assigned a tagged Management VLAN which blocks untagged access

It's very much not recommended to use tagged management VLANs. Use the native VLAN instead, which on the switch port can be configured on a specific vlan as trunk native VLAN or untagged VLAN.

 

In the case you really can't get away from using a tagged management VLAN, I would work closely together with Aruba Support if you have issues like these.

 

Or do others have different experiences?