Different VLANs for each H510 AP on data ports

  • 1
  • Question
  • Updated 1 month ago
  • Answered
Is it this scenario possible?
We will be deploying around 300+ units of H510 APs for each room on a hotel but the requirement is that each room has its own VLAN on the data ports which is for the AP. 
I presume that the ssid will be the same but the data ports will be different for each of the room. 300+ APs = 300+ VLANs

We will be using a Cisco 3650 switch and a ZoneDirector 3000..
Photo of Noel Saldaña

Noel Saldaña

  • 21 Posts
  • 1 Reply Like

Posted 1 month ago

  • 1
Photo of Shantha Swaroopa Moorthy

Shantha Swaroopa Moorthy

  • 14 Posts
  • 4 Reply Likes
possible...

you have to have the uplink as a trunk port and untag the  the desired VLANs for the Wired ports and the broadcasted SSID
Photo of Noel Saldaña

Noel Saldaña

  • 21 Posts
  • 1 Reply Like
On my typical configurations I untag the VLAN for the AP management and then tag VLANs for the SSIDs.
How can I set it on the ZoneDirector or on the switch that whenever someone tries to plug thru the wire it has a different VLAN and also applies to other rooms? 
Photo of Shantha Swaroopa Moorthy

Shantha Swaroopa Moorthy

  • 14 Posts
  • 4 Reply Likes
I use to use the below config.... where VLan 2 will be the WLAN VLAN and VLan 10 will be the mgmt VLAN and 113 will be the VLAN for the Wired port from the AP

interface GigabitEthernet1/0/2
 description Room No 133
 port link-type trunk
 port trunk permit vlan 1 to 2 10 113
 port trunk pvid vlan 113
 poe enable
Photo of Noel Saldaña

Noel Saldaña

  • 21 Posts
  • 1 Reply Like
Meaning to say that the native vlan here is VLAN 113 right?
How can the Ruckus AP when inserted on a switchport sees or acquire an IP address if the port is untagged to a VLAN intended for guest wired port? Does the AP automatically joins the ZD controller for this configuration?
Photo of Shantha Swaroopa Moorthy

Shantha Swaroopa Moorthy

  • 14 Posts
  • 4 Reply Likes
Yes , the AP joins automatically to the controller.... this was a working scenario in one of my deployments, i used a ZF 7025 in my case, infact all the ports on the Access point can be on different vlans and can get dhcp.. I used a internet gateway as the DHCP server which used to provide the DHCP for both users and Access points
(Edited)
Photo of Noel Saldaña

Noel Saldaña

  • 21 Posts
  • 1 Reply Like
OK thanks, I'll try this scenario once available. I'll give a feedback once done.
Photo of Dionis

Dionis, AlphaDog

  • 77 Posts
  • 44 Reply Likes
Before you deploy the config you are trying to implement, be sure the VLAN you want or are required to have unique is the AP VLAN and not the client VLAN.  The Data VLAN is not referring to the AP as that is the AP management space.  The data VLAN is the one used for the clients traffic, which is the data you are transporting.

With that said, typical auto discovery of a ZD occurs when the AP and the ZD are on the same IP space, same VLAN as this is a discovery taking place on Layer 2, not 3.  Putting the APs on different VLAN each means that they will need to route to get to the ZD.  So, be aware of that.

If what you are looking for is to have each AP on a separate VLAN, then the config you have been discussing here applies. That is, setting the port as a trunk with native VLAN being the VLAN used for the AP management and the other VLANs being the one used for the client data (the SSID).

If what you are looking for is to actually have the data VLAN being unique for each room (which is typically the case since the customer wants the room to have local area connections and normally the AP management is not accessible by the customer, hence same VLAN for all should be just fine), then you need to make sure that the native VLAN is the same for all APs and the data VLAN that is being used on the SSID is the one trunked for each AP at each room.  May be helpful to make sure the SSID identifies the room as well.  


So on a Cisco switch, this config looks like this for both, all that changes is which VLAN you trunk if the data VLAN is different for each room.  If it is for each AP, then the native VLAN changes, not the trunked VLAN, in the case below, VLAN 100 is the AP management while 200 is the client data:

interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 100
 switchport mode trunk allowed vlan 100, 200

interface GigabitEthernet0/2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 100
 switchport mode trunk allowed vlan 100, 201


Keep in mind, this is very basic config, I would normally also use port protection and other security features to prevent misuse of the management network.  On the AP secondary ports, also tagged the VLAN used for the client data as access there, so that if clients connect to the AP directly on the wire, they are treated as a wireless client.

Hope this helps, good luck!