Wireless Access

AOS 8.10.0.3 - 10x7240XM cluster. MC and standby MC

Our customers (departments and colleges) often have a need to use the wired ports on H-APs. Our generic config for that is that enet0 stays as the default wired-port-profile and we configure ports 1-4 for whatever we want the edge VLAN to be. That seems to work and I've never really questioned it. The customer configures their switchports for the APs to have the AP mgt VLAN untagged and whichever other VLAN they want to pass as tagged.

But we now have a customer who wants the edge VLAN to be VLAN 1, ie their data VLAN is VLAN 1 (yes, I know! But it's not something we have control over). This doesn't work with our standard config. It _does_ work if I set the uplink VLAN in the provisioning profile to be the AP mgt VLAN (so that the customer needs to configure the switchports to have the AP mgt VLAN tagged and VLAN 1 untagged). That's fine but ideally we don't want to have non-standard (non-standard for us at least) config in this way.

So I reverted to our original config and tried creating a new wired-port-profile (switchport mode trunk) to put on enet0 thinking that that would let me set VLAN 1 tagged (I set a random VLAN (3999) as the native VLAN). So on that profile I allowed 1,3999 and the native VLAN is set to 3999. The idea being that this would be applied to the AP uplink (enet0) and then the customer could have the AP mgt VLAN untagged and VLAN 1 tagged on their AP switchports. But this doesn't work. I'm not even sure that configuring enet0 in this way is doing what I think it is?

Does anyone have any suggestions?

At the moment our options seem to be for us to use the non-standard config (use the provisioning profile to set the uplink VLAN to be the AP VLAN and then the customer tags the AP VLAN on the switchport and untags VLAN 1. Or the customer uses a different VLAN from VLAN 1 (obviously they should probably do this but as I say we aren't in a position to make demands of them).

Just to be clear about this, the desired config is:

AP ports (enet1 and 2) - VLAN 1 untagged
Customer LAN AP switchports - VLAN 1 tagged, AP mgt VLAN untagged
Original Message:
Sent: Sep 29, 2022 05:34 AM
From: Guy Goodrick
Subject: Wired ports on AP-505H fun

AOS 8.10.0.3 - 10x7240XM cluster. MC and standby MC

Our customers (departments and colleges) often have a need to use the wired ports on H-APs. Our generic config for that is that enet0 stays as the default wired-port-profile and we configure ports 1-4 for whatever we want the edge VLAN to be. That seems to work and I've never really questioned it. The customer configures their switchports for the APs to have the AP mgt VLAN untagged and whichever other VLAN they want to pass as tagged.

But we now have a customer who wants the edge VLAN to be VLAN 1, ie their data VLAN is VLAN 1 (yes, I know! But it's not something we have control over). This doesn't work with our standard config. It _does_ work if I set the uplink VLAN in the provisioning profile to be the AP mgt VLAN (so that the customer needs to configure the switchports to have the AP mgt VLAN tagged and VLAN 1 untagged). That's fine but ideally we don't want to have non-standard (non-standard for us at least) config in this way.

So I reverted to our original config and tried creating a new wired-port-profile (switchport mode trunk) to put on enet0 thinking that that would let me set VLAN 1 tagged (I set a random VLAN (3999) as the native VLAN). So on that profile I allowed 1,3999 and the native VLAN is set to 3999. The idea being that this would be applied to the AP uplink (enet0) and then the customer could have the AP mgt VLAN untagged and VLAN 1 tagged on their AP switchports. But this doesn't work. I'm not even sure that configuring enet0 in this way is doing what I think it is?

Does anyone have any suggestions?

At the moment our options seem to be for us to use the non-standard config (use the provisioning profile to set the uplink VLAN to be the AP VLAN and then the customer tags the AP VLAN on the switchport and untags VLAN 1. Or the customer uses a different VLAN from VLAN 1 (obviously they should probably do this but as I say we aren't in a position to make demands of them).

That is a strange combination indeed, and because VLAN1 seems to have some specific attributes, like the untagged VLAN, and you seem to run the ports in bridged instead of tunneled mode, this may be unsupported if it doesn't work. You may try to contact Aruba support to find out if this is a  supported configuration or not.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Sep 29, 2022 06:42 AM
From: Guy Goodrick
Subject: Wired ports on AP-505H fun

Just to be clear about this, the desired config is:

AP ports (enet1 and 2) - VLAN 1 untagged
Customer LAN AP switchports - VLAN 1 tagged, AP mgt VLAN untagged
Original Message:
Sent: Sep 29, 2022 05:34 AM
From: Guy Goodrick
Subject: Wired ports on AP-505H fun

AOS 8.10.0.3 - 10x7240XM cluster. MC and standby MC

Our customers (departments and colleges) often have a need to use the wired ports on H-APs. Our generic config for that is that enet0 stays as the default wired-port-profile and we configure ports 1-4 for whatever we want the edge VLAN to be. That seems to work and I've never really questioned it. The customer configures their switchports for the APs to have the AP mgt VLAN untagged and whichever other VLAN they want to pass as tagged.

But we now have a customer who wants the edge VLAN to be VLAN 1, ie their data VLAN is VLAN 1 (yes, I know! But it's not something we have control over). This doesn't work with our standard config. It _does_ work if I set the uplink VLAN in the provisioning profile to be the AP mgt VLAN (so that the customer needs to configure the switchports to have the AP mgt VLAN tagged and VLAN 1 untagged). That's fine but ideally we don't want to have non-standard (non-standard for us at least) config in this way.

So I reverted to our original config and tried creating a new wired-port-profile (switchport mode trunk) to put on enet0 thinking that that would let me set VLAN 1 tagged (I set a random VLAN (3999) as the native VLAN). So on that profile I allowed 1,3999 and the native VLAN is set to 3999. The idea being that this would be applied to the AP uplink (enet0) and then the customer could have the AP mgt VLAN untagged and VLAN 1 tagged on their AP switchports. But this doesn't work. I'm not even sure that configuring enet0 in this way is doing what I think it is?

Does anyone have any suggestions?

At the moment our options seem to be for us to use the non-standard config (use the provisioning profile to set the uplink VLAN to be the AP VLAN and then the customer tags the AP VLAN on the switchport and untags VLAN 1. Or the customer uses a different VLAN from VLAN 1 (obviously they should probably do this but as I say we aren't in a position to make demands of them).