Cisco Switch VLAN configuration for Ruckus Wifi Network

  • 1
  • Question
  • Updated 1 year ago
Hi,

I'm struggling to have my Ruckus testing environment working how I would like and I'm looking for a working example configuration of a Cisco switch, that demonstrates how to implement a working wifi network, segregated with respective VLANs and Gateways.

My main issue is that when I connect to the Guest network (for instance) I get an IP address in the 10.5.130.0/24 subnet, however I cannot ping my default gateway (the SVI VLAN 130 on the switch 10.5.130.1).

My test network consists of the following:

1 x Zone Director 1100 (10.5.10.50/24) (Access VLAN 10)
1 x Ruckus 7900 AP (DHCP Assigned from Cisco Switch (10.5.10.53/24)
4 x SSIDs - "Management" (Access VLAN 10), "Guest" (Access VLAN 130), "Corporate" (Access VLAN 140), "Staging" (Access VLAN 160)
1 x Cisco 3750x (with L3 capabilities)

VLAN 10 Management - 10.5.10.0/24
VLAN 130 Guest Wifi - 10.5.130.0/24
VLAN 140 Corporate Wifi - 10.5.140.0/24
VLAN 160 Staging -10.6.6.0/24

The current switch config I have is:

ciscoswitch#show run int gi1/0/45
Building configuration...

Current configuration : 208 bytes
!
interface GigabitEthernet1/0/45
description ZD1000
switchport trunk encapsulation dot1q
switchport access vlan 10
switchport trunk allowed vlan 1,10,50,130,150,160
switchport mode trunk
spanning-tree portfast
end

ciscoswitch#show run int gi1/0/48
Building configuration...

Current configuration : 198 bytes
!
interface GigabitEthernet1/0/48
description Ruckus AP
switchport trunk encapsulation dot1q
switchport access vlan 10
switchport trunk allowed vlan 1,10,130,140,150,160
switchport mode trunk
spanning-tree portfast
end

(I've tinkered with "switchport trunk native vlan 10" on both ports above however this is disconnecting me as I've an SSH console session via the Wifi Management network)

SVI's on the switch are:

Vlan1 unassigned YES NVRAM up up
Vlan10 10.5.10.1 YES NVRAM up up
Vlan130 10.5.130.1 YES manual up up
Vlan140 10.5.140.1 YES NVRAM up up
Vlan150 10.5.150.1 YES NVRAM up up
Vlan160 10.6.6.1 YES manual up up

DHCP is configured on the switch as well (temporarily, will move to windows DHCP sever)

ip dhcp excluded-address 10.5.140.1 10.5.140.9
ip dhcp excluded-address 10.5.130.1 10.5.130.9
ip dhcp excluded-address 10.5.10.1 10.5.10.50
ip dhcp excluded-address 10.5.10.60 10.5.10.255
ip dhcp excluded-address 10.6.6.1 10.6.6.49
ip dhcp pool Corporate-Test
network 10.5.140.0 255.255.255.0
default-router 10.5.140.1
option 43 hex f104.0a05.0a32
dns-server 10.5.5.41 10.5.5.42
lease infinite
ip dhcp pool Guest-Test
network 10.5.130.0 255.255.255.0
default-router 10.5.130.1
option 43 hex f104.0a05.0a32
lease infinite
ip dhcp pool Management-Test
network 10.5.10.0 255.255.255.0
default-router 10.5.10.1
option 43 hex f104.0a05.0a32
lease infinite
ip dhcp pool Staging-Test
network 10.6.6.0 255.255.255.0
default-router 10.6.6.1
dns-server 10.5.5.41 10.5.5.42
option 43 hex f104.0a05.0a32
lease infinite

My fundamental understanding of how this all ties together is lacking. I don't understand if the Zone Director is responsible for switching any traffic, or if it's purely for management.

Any help greatly appreciated.

Many Thanks

Steve
Photo of Steve

Steve

  • 4 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Bill Burns

Bill Burns, AlphaDog

  • 203 Posts
  • 38 Reply Likes
Steve:

FYI: your "int Gi1/0/45" config specifies "switchport access vlan 10" but that has no effect when you're in trunking mode. ("switchport mode trunk")
If this config is working for you, you've probably configured your ZD1100 to work on VLAN10.

An alternative would be to set "switchport trunk native vlan 10" on that port and leave the ZD1100's VLAN unconfigured.

In order to allow the ZD1100 (or another DHCP server) to assign management VLAN IP addresses to your APs, you should use the "switchport trunk native vlan 10" config on "int Gi1/0/48" as well.

If the ZD1100 (and the APs) are not using/supporting/providing tunneling, then the ZD1100 does not require a trunked port. An access port would do.
Configuring it with a trunk port will allow you to tunnel traffic back to a particular VLAN in the future.
While I don't recommend using the tunnel feature, it's a good idea to use a trunked switch port for your ZD just in case you need to tunnel in the future.
Photo of Bill Burns

Bill Burns, AlphaDog

  • 203 Posts
  • 38 Reply Likes
Here's an article about the native vlan feature
http://rednectar.net/2012/03/11/the-a...

(Don't go overboard with the title, native vlans (and trunks) should only be deployed where they're needed)
Photo of Johnny Depp

Johnny Depp

  • 1 Post
  • 0 Reply Likes
Is it possible with this config to keep the default on the vlan 600 side even though the BVI is addressed on vlan 1?

Reason I ask is that vlan 600 (172.16.11.0/24) is on a guest network with a guest DSL internet connection. We want all wireless users to use that egress. However we still want to be able to manage the AP on the vlan 1 side (192.168.3.0/24) with no wireless on vlan 1.
Pass4Sure 220-902
Photo of Bill Burns

Bill Burns, AlphaDog

  • 203 Posts
  • 38 Reply Likes
I generally recommend that your WiFi management VLAN not be vlan 1.
I would recommend picking some other WiFi management VLAN for that purpose and making it the native VLAN on trunk ports that are connected to your APs.

Additionally, I would recommend connecting your ZoneDirectorto the management VLAN. (either "Trunkport native vlan" style or "switchport access vlan" style)

When you create the WLAN + SSID for your guest WiFi users, you should specify the "Guest/DSL/internet" VLAN (600 in this case) that you want to be used with that WLAN.