Intervlan Setup

  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hi All,

Having problem with setup of our Ruckus.

* Zd in connected via access port with access vlan 401, our network has multiple vlan in different offices around the site.
in these switches the AP's are plug into a trunk port with trunk allowed vlan 401 now this switch is connected to yet another switch going to the switch where the ZD is connected, they are connected via trunk with 401 as main ruckus trunk and (411,199) as additional trunk later on, trunk allowed.
we had experienced macflapping with this setup especially when AP's are meshing
so we turned meshing of.

Everything got connected despite flapping issue.
Now on the zd under the system it says it's still on vlan 1 so i changed it to vlan 401 now i can't access the zd.

Q1: should i just reset the zd and restore the old backup.

Q2: Can we setup Ruckus wherein the Access Points will be connected to access port and the ZD on a trunk , while the trunk between the switches
will only allow one Main vlan not needing to manually add additional vlan on the trunks when needed.

Sorry for my english.

Does anybody experienced this before.
Hope to hear from anybody.

Thanks.
Photo of Bobby Gonzales

Bobby Gonzales

  • 9 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2183 Posts
  • 301 Reply Likes
By default, Ruckus ZD/APs consider VLAN 1 to be untagged.

Setting the ZD's Access VLAN under Configure System page to 401, tells the ZD
to expect incoming traffic to be tagged with VLAN 401. You can connect a PC to
an Access VLAN 401 switch port, and should be able to communicate with the ZD.

Your ZD switch port apparently has VLAN 401 configured as native/untagged, if
you were able to communicate when ZD access VLAN was 1. The ZD switch
port can be a trunk with VLAN 401 from all remote offices back to it. If the other
two VLANs 411/199 are for clients to use, you can tunnel WLAN traffic back to
the ZoneDirector from your remote site APs.

Does this help?
Photo of Bobby Gonzales

Bobby Gonzales

  • 9 Posts
  • 0 Reply Likes
Thank you for your reply Michael appreciate it.

Hope anyone will also see this config.

ZD Device Ip Settings:
ACCESS VLAN* 1 note: when i changed this to 401 i cannot access ZD anymore even when i plug to access port 401. i was only able to contact
zd again when i change its port to trunk. now i will be reverting the ACCESS VLAN 1 again and the config1 as below.

gi0/1: switchport mode trunk
description TRUNKto_SWITCH_B
switchport trunk allowed vlan 401,411,199 along with other non ruckus vlan

gi0/2: switchport mode access
description RUCKUS_ZD
switchhport access vlan 401

switch_B:
gi0/1 switchport mode trunk
description TRUNKfrom_Switch_A
switchport trunk allowed vlan 401,411,199

gi0/2 switchport mode trunk
description RUCKUS_AP1
switchport trunk allowed vlan 401,411
gi0/3 switchport mode trunk
description RUCKUS_AP2
switchport trunk allowed vlan 401,199
__________________________________________________

CONFIG 2: where in we think that the ZD will just add/push any additional vlan
we want to deploy on different AP's, thru the vlan 401 trunk between
switch A and B

SWITCH_A
gi0/1: switchport mode trunk
description TRUNKTo_SWITCH_B
switchport trunk allowed vlan 401

gi0/2: switchport mode trunk
description RUCKUS_ZD
switchhport trunk allowed vlan 401

switchB:

gi0/1 switchport mode trunk
description TRUNKfrom_SwitchA
switchport trunk allowed vlan 401

gi0/2 switchport mode access
description RUCKUS_AP1
switchport mode access vlan 401

Thanks....apology for long question.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2183 Posts
  • 301 Reply Likes
Hello Bobby,

The question of which config to use, depends on whether you want to use Local
Switching (drop client packets at the AP switch port, right onto the network there),
or Tunnel your client WLANs back to the ZoneDirector. In any case, because your
VLAN 401 is the "management VLAN", you need to include VLAN 401 to the ZD
and APs. Then the question about local switching or turnneled, will decide where
you also need the 199 and 411 VLANs.

In Config 1, the ZD can live on an Access VLAN 401 switch port. With no other
switch config, the traffic would be tagged with the VLAN ID, so you would set the
Access VLAN = 401 under Configure/System parameters. You would have to be
on a tagged Access VLAN 401 switch port to talk to the ZD though.

If you included a statement "switchport native vlan 401" on the ZD's switch port,
that means VLAN 401 traffic will be untagged, and you would match with VLAN = 1
under your Configure/System ZD page. This is most recommended.

Similarly on the Configure/Access Points page, Access Point Policies section,
Management VLAN would be set to VLAN ID = 401 if the switch port configuration
does not include a "switchport native VLAN 401" statement. Otherwise if it did say
so, you could leave the VLAN ID field blank, with 'Keep APs setting' checked.

That takes care of VLAN 401, now for VLAN 119 and 411, which I assume are
for client WLANs, your Config 1 AP switch ports gi0/2 and gi0/3 should both look
like gi0/1, with VLANs 401,199,411 all trunked to the AP, and your WLANs need
to be configured to use Local Switching.

Or alternately, if you use WLAN Advanced Options, and specify that your client
traffic gets tunneled back to the ZD, you only need to trunk VLANs 199/411 to the
ZD. If say, you want to tunnel one client WLAN traffic back to the ZD (advised for
VoIP), and let the other VLAN be switched at the AP, you would put those VLANs
on the ZD and AP switch ports, respectively.

Let me provide the example configs, with untagged VLAN 401, and tagged
client VLANs 199, 411, for switch to switch trunk ports, and your ZD/AP ports.

-------------------------------------------

Example 1: Client local switching

gi0/1: switchport mode trunk
description TRUNK to_SWITCH_B
switchport trunk allowed vlan 401,411,199 along with other non ruckus vlan

gi0/2: switchport mode access
description RUCKUS_ZD
switchport access vlan 401
switchport native vlan 401

switch_B:
gi0/1 switchport mode trunk
description TRUNK from_Switch_A
switchport trunk allowed vlan 401,411,199

gi0/2 switchport mode trunk
description RUCKUS_AP1
switchport trunk allowed vlan 401,411,199
switchport native vlan 401

gi0/3 switchport mode trunk
description RUCKUS_AP2
switchport trunk allowed vlan 401,411,199
switchport native vlan 401

--------------------------------------------

Example 2: All Client traffic tunneled to ZD

gi0/1: switchport mode trunk
description TRUNK to_SWITCH_B
switchport trunk allowed vlan 401,411,199 along with other non ruckus vlan

gi0/2: switchport mode trunk
description RUCKUS_ZD
switchport trunk allowed vlan 401,411,199
switchport native vlan 401

switch_B:
gi0/1 switchport mode trunk
description TRUNK from_Switch_A
switchport trunk allowed vlan 401,411,199

gi0/2 switchport mode access
description RUCKUS_AP1
switchport access vlan 401
switchport native vlan 401

gi0/3 switchport mode access
description RUCKUS_AP2
switchport access vlan 401
switchport native vlan 401

--------------------------------------------

Example 3: VLAN 199 client traffic tunneled to ZD

gi0/1: switchport mode trunk
description TRUNK to_SWITCH_B
switchport trunk allowed vlan 401,411,199 along with other non ruckus vlan

gi0/2: switchport mode trunk
description RUCKUS_ZD
switchport trunk allowed vlan 401,199
switchport native vlan 401

switch_B:
gi0/1 switchport mode trunk
description TRUNK from_Switch_A
switchport trunk allowed vlan 401,411,199

gi0/2 switchport mode trunk
description RUCKUS_AP1
switchport trunk allowed vlan 401,411
switchport native vlan 401

gi0/3 switchport mode trunk
description RUCKUS_AP2
switchport trunk allowed vlan 401,411
switchport native vlan 401
Photo of Bobby Gonzales

Bobby Gonzales

  • 9 Posts
  • 0 Reply Likes
Hi Michael,

You are really good! Thanks for helping me on this.

May i ask again please.

If i could just skip the native Vlan 401 included in the samples you have given. As we are using say native Vlan 5 in our network, I'm thinking that if I include the 401 as native on the port, then this frame would be untagged and hence cause unnecessary traffic or broadcast?

Regards,
Bobby
Photo of Bobby Gonzales

Bobby Gonzales

  • 9 Posts
  • 0 Reply Likes
Michael,

Would this be posible
?
Photo of Michael Brado

Michael Brado, Official Rep

  • 2183 Posts
  • 301 Reply Likes
Whether you specify the VLAN used by ZD/APs as "native" will determine if traffic is tagged or not. If you have untagged VLANs, you specify VLAN 1 on the ZD system
access VLAN, and AP Policies Mgt VLAN. If you tag the VLAN (401 or 5), then you
need to match that VLAN ID under Configure/System and AP Policies VLANs.
Photo of Bobby Gonzales

Bobby Gonzales

  • 9 Posts
  • 0 Reply Likes
Thanks Michael,

We'll review the suggestions you made and inform you in case we have a problem.

Regards,
bobby