Wired Intelligent Edge

Hi all,

see VLAN overview below:

http://img854.imageshack.us/img854/3919/h1m1.png

This is an example of a setup today, which works.

However we are planning to remove all of the wifi devices and replace them by Netgear Access Points, which support multiple SSIDs and can handle 2 or more VLANs. (internal wifi devices aren't listed on the overview)

Current setup: 6 interal wifi access points and 2 guest wifi access point.

We're going to place 4 powerfull netgear access point, which will broadcoast both the internal wifi and the guest wifi.

The Netgear access points however, only have 1 LAN port.

This means that we have to put 2 VLANs on 1 port.

I've read multiple articles about this, but I can't figure it out.

Articles:

http://community.spiceworks.com/topic/245757-tag-untag-ports-on-hp-switches

http://panenka.sk/cisco-procurve-vlan-ports/

http://h30499.www3.hp.com/t5/ProCurve-ProVision-Based/How-to-assign-a-port-to-two-different-Vlans-voice-and-data/td-p/5687709#.Umfd2xBG0gU

The problem is that the VLANs need to be separated.

VLAN12 is the vlan used for the public guest wifi. (10.10.10.0)

VLAN 1 is the internal LAN and internal wifi. (10.0.0.0)

Is it this simple that I only have to change the 10.0.0.137 switch from:

port 6 to outlet 5.22 untagged vlan12 - access

to:

port 6 to outlet 5.22 tagged 12, untagged 1 - trunk?

These are the settings between switches 10.0.0.246 and 10.0.0.243 (2 VLANs over 1 port)

If you need any more info, let me know.

I hope the problem is clearified.

Thanks in advance

Each port on the switch can have exactly one untagged VLAN and multiple

tagged VLANs.  On Procurve switches, the ports *must* have one untagged VLAN.

Yes it is about as simple as you describe: figure out whether the AP needs to send

one of the VLANs untagged.  If it does, do a "vlan <vid>" then "untagged <port>"

for that VLAN.  For the rest of the VLANs do a "vlan <vid>" then "tagged <port>"

If the AP has no untagged VLAN, it is probably best to go into VLAN 1, the default

vlan, and put the port in there as untagged.  However, it looks like you are planning to use

VLAN1 for production traffic.  First, consider possibly not doing that.  The only thing it really

should be used for in multi-vlan networks is CST spanning tree or if you are feeling lazy,

switch management traffic.  If you need to use VLAN1 and the AP wants all its vlans

tagged, you will have to pick another, different, vlan to work as the untagged VLAN for

that port.

Remember to also do a "tagged <port>" for all the uplinks to other switches

that must carry this VLAN, but not if the VLAN in question is the untagged VLAN

for the uplink.  Make sure all your inter-switch links have matching untagged

and tagged VLAN settings on ports that are connected to each other.

Hi,

I've did the setup and guess what: It's working.

However, the guest wifi is only working on the first (of 4) router I've configured.

When I connect to the guest wifi on an other router, i get an ip adress, but no internet connection.

Also can't ping the gateway.

When I connect to the first router I've configured, I can ping the gateway and have internet access.

All settings on the switches and ports are the same... :s

Can this be caused by settings I used on the router/ap?

We used netgear WNDAP360, but I don't think those devices support DHCP forwarding.
So I've set up the guest wifi per router, and gave them all their own DHCP ranges:


AP 1: 10.10.10.10 -> 10.10.10.39 (this is the one where everything is working)

AP 2 10.10.10.40 -> 10.10.10. 69

AP 3 10.10.10.70 -> 10.10.10.99

AP 4 10.10.10.100 -> 10.10.10.129

Normally you sdhould use DHCP forwarding, but since the netgear does not support this, I've set it up like this.
Quick & dirty, but should work, no?

BTW: the netgear supports multiple SSID's, and each SSID/wifi network can be separated using VLANID's, so that's cool!

Anyone?

I've called with Netgear, they confirmed that the above configuration should work, since the netgear ap doenst support DHCP forwarding.

So the problem has to be in the VLAN config.

AP 1 is working, I can ping the gateway: 10.10.10.254

When I connect to AP 2, 3 or 4, I get an IP, but have no internet access.

I also can't ping the gateway...

I've spent hours looking at the configs but can't find a defference...

This is the full overview of the current config:

URL for full pic:

http://img191.imageshack.us/img191/9578/uz84.png

The working access point is the 'NGReceptie' - 10.0.0.237.

So the interal wifi network is fine, it's the Public which is only working on the 10.0.0.237...

All switches and access points have the same config...

I can't see the issue...

Thanks in advance

I would only add that when you want to run tagged LANs to an edge port, you have to figure out how to get the device at the other end to accept them. So you need to assign the guest Wifi to tagged on VLAN 12 on the APs at some point; once you have that part figured, setting up the Procurves should be relatively easy.