Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP - 93, More than one master??

This thread has been viewed 1 times

  • 1.  IAP - 93, More than one master??

    Posted Jun 05, 2012 08:38 AM

    Hello there,, 

    Guys an important question please b pateint and read the brief.....

     

    i have this situation when i want to deploy 3 IAP-93 (Instant), and there is a dot1x policy on the ports, so we connected them to a trunk and gave them IPs from the native VLAN, and they want two with the same SSID, and the other with a different one and disabled join mode feature, and i configured them manually with the IPs and stuff,, so if i put the two they will broadcast, and the other will not, and if i turn off that two the other will work and broadcast. 

     

    So, i think there is a conflict that there are maybe two masters !! on the same VLAN.... please any thoughts ??? 

     

    or a solution ... 

     

    Monther Jaber



  • 2.  RE: IAP - 93, More than one master??

    Posted Jun 05, 2012 10:47 AM

    On the switch that you have connected the IAPs to, you will have to disallow the VLAN on the port for the other IAP network. You have the ports in trunk mode now.

     

    Shashi



  • 3.  RE: IAP - 93, More than one master??

    Posted Jun 05, 2012 10:57 AM

    Thanks a lot man.... 

    but do you mean to dissallow the native VLAN?? or the Network(SSID) VLAN?? 

    because they have the security policy on the ACS (Cisco) and they can give IPs for the IAPs from the management (Native VLAN). 

    they have it - the management VLAN (127) 

                           the user network (VLAN 70) - on 2 IAPs. 

                           another user network (VLAN 71) - on 1 IAP. 

     

    thanks again.



  • 4.  RE: IAP - 93, More than one master??

    Posted Jun 05, 2012 11:02 AM

    I think what Sassy is saying is that you need to separate the clusters by VLAN.  You can't have IAPs on the same VLAN in two different clusters (AFAIK - please correct me if I am mistaken).

     

    Put the two IAPs on VLAN 127 and the other IAP on VLAN 128 (for example).   The users can be on the same VLAN or not, but the management function needs to be split.



  • 5.  RE: IAP - 93, More than one master??

    Posted Jun 05, 2012 11:11 AM

    Thanks Olino.... 

    see.... 

    the problem is that because of the security policy of these guys ,,, they cannot put them on different VLANs .... so, i guess there is no solution per the given criteria to be on the same VLAN?? or work around?? 

     

    Monther



  • 6.  RE: IAP - 93, More than one master??

    Posted Jun 05, 2012 11:16 AM

    Correct, you can't have two different IAP networks on the same VLAN.

     

    Shashi



  • 7.  RE: IAP - 93, More than one master??

    Posted Jun 05, 2012 11:23 AM

    what i mean Shashi is ,, the networks are on different VLANs,, but the IAPs have a static IPs from the Native Management VLAN. and that's their policy,, they have a dot1x security on the ports(Access) or we have to use trunk ports from the switch,, because the IAP can not authenticate. 

    but when we run all IAPs a conflict occurs i think, the first one to broadcast will be normal,, and the other will freeze at the point that "master election" ,, so what i asked even if i disabled the (auto join mode). it still like conflict because maybe there is like two masters???? 

     

    appreciate you answers,, 

     

    Monther



  • 8.  RE: IAP - 93, More than one master??

    Posted Jun 05, 2012 11:31 AM

    Ah I see - so it was what I understood the first time around :)

     

    For example, IAP 1 is on VLAN 10 and IAP 2 is on VLAN 20. The ports on the switch that you have physically connected the IAPs to are trunk ports. Say IAP 1 is connected to gige 1/0 and IAP 2 is connected to gige 2/0.

     

    For example, from cisco documentation:

    "By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed on each trunk. However, you can remove VLANs from this inclusive list to prevent traffic from the specified VLANs from passing over the trunk. You can add any specific VLANs later that you may want the trunk to carry traffic for back to the list."

     

    For your setup, you can do something like the following (this is from memory, so please check proper documentation for the right commands):

     

    interface gig1/0

     switchport mode trunk

     switchport trunk native VLAN 10

     switch trunk allowed vlan all except 20

     

    This will prevent the IAPs from "hearing" each other and they will become masters in their own network.

     

    Let me know if this helps.

    Shashi



  • 9.  RE: IAP - 93, More than one master??

    Posted Jun 06, 2012 03:07 AM

    Thanks a lot Shashi......

    i will and update you. 

     

    Monther



  • 10.  RE: IAP - 93, More than one master??

    Posted Jun 07, 2012 08:19 AM

    ok.... Shashi .. 

    they don't have a VTP on the switches so nothing is passed by default,..... 

    so... as a conclusion i think in our situation they will conflict. 

    we have to move one of them to another VLAN. 

     

    appreciate your efforts guys... 

     

    Thanks

     

    Monther



  • 11.  RE: IAP - 93, More than one master??

    Posted Jun 07, 2012 10:21 AM

    I just found out that this has been fixed on Instant and may be available in the next release on the support site.

     

    I will find out the exact release and let you know.



  • 12.  RE: IAP - 93, More than one master??

    Posted Jun 07, 2012 10:48 AM

    Shashi,, 

    thanks man... i just saw the release notes of the 6.1.3 firmware. and it's there. 

     

    i think this is the solution,,

    will test it and get back to you...  

     

    Munz



  • 13.  RE: IAP - 93, More than one master??

    Posted Jun 07, 2012 11:08 AM

    Lady actually, but glad to have helped anyway :)

     

    S