Security

Hi,

 

Is it possible to have two vlans created on IAP?

 

My needs:

 

1. IAP is already connected to switch on vlan 500 ( 172.31.0.xx)

2. i need to see if is possible to have a managment IP on vlan 200 , so that i can manage.

 

The point is to avoid that clients do not manage the virtual controller.

 

Thanks in advanced

 

 

Is it possible to have two vlans created on IAP?

 

YEP. (AND EVEN MORE :) )

 

IAP by default working as native VLAN is the mangment vlan. and the rest of the VLANS (the tagged ones) are for clients/other services.

 

simple, What you should do?

config the port of the switch that connected to the IAP's as trunk (Native vlan 200 untagged = mangment and VC group of all your AP'S , other vlans - for example VLAN 500 = tagged. )

after you configure your switch port as needed - dont forget to reboot the IAP , in order for the units to use the new native vlan (200 untagged) you just configured.

Than configure the SSID to use VLAN 500

ssid is working on vlan 500, but i need to change the ip address of the IAP to Managment vlan.

 

This is done on the ap? Put static IP ? or change Virtual controller IP?

 

Regards

If you have dhcp on that VLAN continue to let the APs get dhcp leases, but change the VC address to be the new static address you'd like to use for management.

I don t have dhcp on mgmt vlan. So i set ap to static, don't know what is vc controller ip address or for what its used for

the IAP VC address is the shared IP of all IAPs in a cluster with which you end up at the IAP that is currently the virtual controller.

 

it will also be the IP used in radius communication if your turn on radius proxy.