Wireless Access

Hello Everyone!

I have an existing WLAN for our staff on VLAN 350 which is functioning. I am looking to create a new WLAN for guests on VLAN 399. Here is my progress so far:

- VLAN 399 created on all switches
- Guest WLAN created on controller via the master and mapped to VLAN 399 + set to broadcast on APs
- All VLANs added to trunks
- DHCP pool for both WLANs/VLANs are created on the SRX. They are fully functioning.

The new SSID (Guest) is being broadcasted on all APs. I am able to connect and authenticate to it but I have no internet access. I changed the link from our access switch to the Aruba controller from an access port to a trunk and added VLANs 350 and 399. Originally it functioned as intended, but then the link went down.

When the link went down, both WLANs stopped broadcasting. Then after a few minutes I was able to connect again through the Staff WLAN to the mobility master by switching the link on the access switch to the controller back to an access port on VLAN 350. An alert popped up on the Mobility Master saying that the Mobility Controller performed a configuration roll back. The interface from controller to access switch is still listed ad "trunk 350,399" but also as "access 350."

When I attempt to reconfigure the link back to a trunk the process repeats itself. All of the APs/ WLANs are set to tunnel traffic to the controller. Am I missing something here? Why does the entire wireless network go down when I changed that link to a trunk.

I've attached a diagram and appreciate anyone's help!

------------------------------
John High
------------------------------

Have you checked to make sure that your native VLAN matches on both sides? Also do you have spanning tree turned off on the controller port and controller system settings?



------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Dec 04, 2021 05:24 PM
From: John High
Subject: Confusion about VLANs (Access ports vs Trunks)

Hello Everyone!

I have an existing WLAN for our staff on VLAN 350 which is functioning. I am looking to create a new WLAN for guests on VLAN 399. Here is my progress so far:

- VLAN 399 created on all switches
- Guest WLAN created on controller via the master and mapped to VLAN 399 + set to broadcast on APs
- All VLANs added to trunks
- DHCP pool for both WLANs/VLANs are created on the SRX. They are fully functioning.

The new SSID (Guest) is being broadcasted on all APs. I am able to connect and authenticate to it but I have no internet access. I changed the link from our access switch to the Aruba controller from an access port to a trunk and added VLANs 350 and 399. Originally it functioned as intended, but then the link went down.

When the link went down, both WLANs stopped broadcasting. Then after a few minutes I was able to connect again through the Staff WLAN to the mobility master by switching the link on the access switch to the controller back to an access port on VLAN 350. An alert popped up on the Mobility Master saying that the Mobility Controller performed a configuration roll back. The interface from controller to access switch is still listed ad "trunk 350,399" but also as "access 350."

When I attempt to reconfigure the link back to a trunk the process repeats itself. All of the APs/ WLANs are set to tunnel traffic to the controller. Am I missing something here? Why does the entire wireless network go down when I changed that link to a trunk.

I've attached a diagram and appreciate anyone's help!

------------------------------
John High
------------------------------

I went back today and set both sides back to access which corrected the "config rollback mode" issues. Then I set the trunk back up on both sides and disabled RSTP (which I realized was never needed anyway.) It all worked again thankfully!

Running into another side issue however. I'm trying to switch my trunk from 1Gig copper to the 10Gig fiber port and the fiber port will not come up at all. It's configured the same on both sides and I only plug it in when I unplug the other trunk which rules out a switching loop as far as I can tell.

The cable and SFPs are operational and I'm using a Juniper SFP (which I can give more details about tomorrow.)

------------------------------
John High
------------------------------

Original Message:
Sent: Dec 07, 2021 03:17 PM
From: Dustin Burns
Subject: Confusion about VLANs (Access ports vs Trunks)

Have you checked to make sure that your native VLAN matches on both sides? Also do you have spanning tree turned off on the controller port and controller system settings?



------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Dec 04, 2021 05:24 PM
From: John High
Subject: Confusion about VLANs (Access ports vs Trunks)

Hello Everyone!

I have an existing WLAN for our staff on VLAN 350 which is functioning. I am looking to create a new WLAN for guests on VLAN 399. Here is my progress so far:

- VLAN 399 created on all switches
- Guest WLAN created on controller via the master and mapped to VLAN 399 + set to broadcast on APs
- All VLANs added to trunks
- DHCP pool for both WLANs/VLANs are created on the SRX. They are fully functioning.

The new SSID (Guest) is being broadcasted on all APs. I am able to connect and authenticate to it but I have no internet access. I changed the link from our access switch to the Aruba controller from an access port to a trunk and added VLANs 350 and 399. Originally it functioned as intended, but then the link went down.

When the link went down, both WLANs stopped broadcasting. Then after a few minutes I was able to connect again through the Staff WLAN to the mobility master by switching the link on the access switch to the controller back to an access port on VLAN 350. An alert popped up on the Mobility Master saying that the Mobility Controller performed a configuration roll back. The interface from controller to access switch is still listed ad "trunk 350,399" but also as "access 350."

When I attempt to reconfigure the link back to a trunk the process repeats itself. All of the APs/ WLANs are set to tunnel traffic to the controller. Am I missing something here? Why does the entire wireless network go down when I changed that link to a trunk.

I've attached a diagram and appreciate anyone's help!

------------------------------
John High
------------------------------

What model Controller are you working with. The combo ports are 10Mb/100Mb/1Gb, you will have to use the SFP+ ports further to the right.

------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Dec 07, 2021 09:56 PM
From: John High
Subject: Confusion about VLANs (Access ports vs Trunks)

I went back today and set both sides back to access which corrected the "config rollback mode" issues. Then I set the trunk back up on both sides and disabled RSTP (which I realized was never needed anyway.) It all worked again thankfully!

Running into another side issue however. I'm trying to switch my trunk from 1Gig copper to the 10Gig fiber port and the fiber port will not come up at all. It's configured the same on both sides and I only plug it in when I unplug the other trunk which rules out a switching loop as far as I can tell.

The cable and SFPs are operational and I'm using a Juniper SFP (which I can give more details about tomorrow.)

------------------------------
John High

Original Message:
Sent: Dec 07, 2021 03:17 PM
From: Dustin Burns
Subject: Confusion about VLANs (Access ports vs Trunks)

Have you checked to make sure that your native VLAN matches on both sides? Also do you have spanning tree turned off on the controller port and controller system settings?



------------------------------
Dustin Burns
Lead Mobility Engineer @WEI

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Dec 04, 2021 05:24 PM
From: John High
Subject: Confusion about VLANs (Access ports vs Trunks)

Hello Everyone!

I have an existing WLAN for our staff on VLAN 350 which is functioning. I am looking to create a new WLAN for guests on VLAN 399. Here is my progress so far:

- VLAN 399 created on all switches
- Guest WLAN created on controller via the master and mapped to VLAN 399 + set to broadcast on APs
- All VLANs added to trunks
- DHCP pool for both WLANs/VLANs are created on the SRX. They are fully functioning.

The new SSID (Guest) is being broadcasted on all APs. I am able to connect and authenticate to it but I have no internet access. I changed the link from our access switch to the Aruba controller from an access port to a trunk and added VLANs 350 and 399. Originally it functioned as intended, but then the link went down.

When the link went down, both WLANs stopped broadcasting. Then after a few minutes I was able to connect again through the Staff WLAN to the mobility master by switching the link on the access switch to the controller back to an access port on VLAN 350. An alert popped up on the Mobility Master saying that the Mobility Controller performed a configuration roll back. The interface from controller to access switch is still listed ad "trunk 350,399" but also as "access 350."

When I attempt to reconfigure the link back to a trunk the process repeats itself. All of the APs/ WLANs are set to tunnel traffic to the controller. Am I missing something here? Why does the entire wireless network go down when I changed that link to a trunk.

I've attached a diagram and appreciate anyone's help!

------------------------------
John High
------------------------------