ZoneDirector: Tagging Management VLAN doesn't work

  • 1
  • Question
  • Updated 4 years ago
When I tag the management VLAN (let's say I use the VLAN ID 2220) I cannot see any AP on the controller. I have followed the instructions on the user guide. Last time I was working with a Cisco 2960, I had to shutdown the ports, change the native VLAN of those ports and after that I managed to see the APs. Why I have to do all this process, suposedly the only requirement is to allow the VLAN ID on the trunk port.
Photo of German Jaramillo

German Jaramillo

  • 4 Posts
  • 1 Reply Like

Posted 4 years ago

  • 1
Photo of Jeff Roback

Jeff Roback

  • 25 Posts
  • 8 Reply Likes
I find it much easier to not tag the management vlan and just leave it as VLAN 1 (ie untagged) from the Ruckus AP perspective. Then set up the ports on the switch so that the ap ports are configured to have the ruckus AP vlan as the default vlan and pass all the SSID vlans as tagged.

If you have DHCP set up on the mgmt vlan, with a DNS entry to the zone director, you can take a new AP out of the box and it will boot up immediately and register with the zone director.
Photo of Bill Burns

Bill Burns, AlphaDog

  • 203 Posts
  • 38 Reply Likes
I prefer to not use VLAN1 for any user traffic, and keep it reserved for cisco management functions.

For DHCP to work on an AP "out of the box" (before it has gotten any configurations from a zonedirector or elsewhere) it has to receive untagged packets.

There are 2 ways to do this:
1) configure the switch port as an access port in whatever VLAN you want the AP to have it's management IP/subnet.
This is usually *not* the way you want to do it.

2) configure the switch port as a trunk port w/ a native VLAN set to the VLAN you want to use for AP management addresses.

Packets from the native VLAN arrive at the AP untagged, so DHCP will work, and a plain vanilla (unconfigured) AP will be "happy" out-of-the-box. If there's a zonedirector on the same subnet, it will be able to join.

By default, the native VLAN is 1, so this agrees w/ Jeff's comment, except that I don't think your WIFI should be forced to use VLAN1. (who knows what it might be used for already in your environment)
Photo of Bill Burns

Bill Burns, AlphaDog

  • 203 Posts
  • 38 Reply Likes
Oh, yes. Technically, you can configure an AP to work w/ a tagged VLAN.
(Then the port only needs to be trunked, and include the management VLAN)
This will *technically* meet the requirement you mentioned.

Unfortunately, it means having to put the appropriate VLAN configuration onto your AP before connecting it to that trunk port.

In general, I find doing up-front config changes on the switch to be easier.
It's also less work if I have to do a factory reset on the AP, or swap it out w/ a new one.