Wireless Access

Hi,

just for my understanding. Is it possible to run a campus ap in bridge and tunneling mode at the same time?

We currently have caps with two ssids in bridge mode at our remote sites. So the uplink port is untagged with vlan 400 and tagged with vlan 401 and 402. Everything is working fine.

Now I have tried to add a tunneled ssid to our controller with vlan 610. This vlan only exists in our HQ.

The client can connect to the ssid and receives a IP address from our DHCP server. But now traffic flows back to the controller.

On the controller webgui I can see the connected client with the IP address but health status is unknown and no traffic is shown.

What could be the reason for this?

The bridge and tunnel are forwarding modes of a VAP, you can have multiple VAP's in an AP group with different forwarding modes. Is your User Role and ACL correct for the client in VLAN610 and is VLAN610 allowed/configured on your controller side?

I have just tested it in the HQ. I have configured an access point as cap and provisioned it here in the HQ. It broadcasts the same ssid as on site and I can connect to it, receive an IP address and can ping other devices.

VLAN 610 is configured on the controller side and for testing I have used authenticated for initial and default role.

What do you see in the datapath session for the clients traffic? Is the uplink port on the controller access or trunk?

The uplink on the controller is a trunk port. vlan 610 is included in this trunk.

I will go to a remote site on wednesday and have a my own equipement with me to do some tests. I will come back to this topic.