Controllerless Networks

Hi,

Currently I have issues configuring 4 IAP-215 for 4 seperate rooms.
The WLAN requirements include a internal WLAN and a guest WLAN where guest traffic is isolated.

Firstly, below is the existing network.
Do note that the VLAN is defined per room.

3750X Port 1 -> SG100 [VLAN 31 | 10.30.1.0 /24 (255.255.255.0)]
3750X Port 2 -> SG100 [VLAN 32 | 10.30.2.0 /24 (255.255.255.0)]
3750X Port 3 -> SG100 [VLAN 33 | 10.30.3.0 /24 (255.255.255.0)]
3750X Port 4 -> SG100 [VLAN 34 | 10.30.4.0 /24 (255.255.255.0)]

3750X: Cisco Catalyst 3750X
SG100: Cisco Small Business SG 100 series unmanaged switch

Each IAP has been configured a static IP to each room (10.30.x.33) and uplink management VLAN as 34 and virtual controller IP is set to 10.30.4.32.

The issue encountered is that the IAPs are unable to contact the virtual controller.

How should I go about the configuration and allow the IAPs to be managed by the virtual controller?

I do have 2 alternatives which I would like to avoid mainly due to it requiring re-wiring:

Alternative 1:
Connect IAPs in the following:
3750X Port 5-8 -> IAP-215 [VLAN 35 | 10.30.5.0 /24 (255.255.255.0)] for "internal" WLAN
Define [VLAN 65 | 192.168.65.0 /24 (255.255.255.0)] for guest VLAN on the 3750X and assign it to the guest WLAN on the virtual controller

Alternative 2:
Wait for June release of AOS which includes Mesh point / portal.
Master uplink IAP connected to SG100 in either rooms and the other IAPs (mesh point) to be connected through mesh portal.
Define [VLAN 65 | 192.168.65.0 /24 (255.255.255.0)] for guest VLAN on the 3750X and assign it to the guest WLAN on the virtual controller

Thank you

You should make VLAN 34 the untagged VLAN on those ports so that the APs can just come up on that VLAN.  That would be referred to as VLAN 1 on the IAPs.  They should come up and see each other easily, in that situation.

Hi Collin,

If I understand correctly, in summary:
Configure on the 3750X VLAN 34 untagged to port 4.
IAP configure management uplink to VLAN 34
No changes to be set on the virtual controller VLAN.

Thank you

So, I don't know where you are in the configuration. If you had all 4 ports on the juniper with vlan 34 untagged, all the IAPs new out the box would see each other and the IP address they would get would be considered vlan 1 on the IAPs. You would still have the other vlan on all of the trunks. Any reason you are dedicating a single /24 to each ap?

Hi Colin,

 

Maybe I should have mentioned this earlier:

 

• Each /24 subnet in VLANs 31 - 34 is for user data access in each room (there are 4 rooms)
• Downstream from the Cisco 3750X where the VLANs are configured, there is a Cisco small business SG100 series switch in each room which is physicaly connected to ports 1 to 4 on the Cisco 3750X via Cat 5e
• From the SG100, all ports (except 1) is patched to the user's desk port for LAN access via Cat 5e.
• Each IAP-215 is connected to the SG100 in each room
• Thus, phycially, you will see as follows: 3750X -> SG100 -> IAP-215 / user's PC via cat 5e

 

Thank you

Do you plan to have the same SSID in every room?

Can a user in one room see the SSID in another room or roam?

The answer to those two questions will determine how this is designed.

Hi Colin,

 

The plan is to have 2 SSIDs:

 

• Internal SSID for employees
• Guest SSID for visitors guest where traffic is isolated
• Both SSIDs to be broadcasted across all IAPs and user's are expected to roam.

 

Thank you

If users have a different subnet depending on what room they are in, would it be possible to roam?

Hi Colin,

 

Here's the topology:

 

Note that the red cables are fibre cables.

Each VLAN from VLAN 31 - 34 corresponds per room.

IAPs are intended to connected to the unmanaged SG100 switches in each room.

Of course as originally mentioned, if this is not possible, the idea would be to wire the IAPs in each room directly to the Cisco 3750X.