Thread Info
  • Locked Locked
  • Replies 3 replies
  • Subscribers 13 subscribers
  • Views 4731 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I set VLAN id on APX530 access points when using cloud managed APs?

WRS

We are moving from UTM managed access points to cloud managed. In my current config in UTM managed, i'm able to set a VLan tag for the access points, and bridge to various vlans for different SSIDs. Then I configure the connections back to my cisco switch as trunks with all the needed vlans. This is necessary for the APs to get a DHCP address in it's tagged VLan, and allows clients to receive addresses from their own VLan dhcp scope. This works great and is how I want the cloud managed APs to work but I can't find any way on the access points to designate a VLan tag. Yet I see the ability to bridge to a VLan in the wireless networks. Can I set a VLan tag on the access points? if not, how do I use multiple VLans on my SSIDs?



This thread was automatically locked due to age.
Parents

  • Central Wireless needs a untagged ID for the APX. So basically you need an interface without tagging and with tagged interfaces. 

    Then the APX will communicate via Central on the untagged interface, but can also per SSID tag traffic like on UTM.

     

    It is simply a "limitation" different approach to the old issue with VLAN Management AP. In UTM, you had to have a untagged interface to give the AP the configuration, that he knows the VLAN. Afterwards the AP reboots with the known configuration. 

    UTM Online Help: 

    Note – To introduce the usage of VLAN for your access points in your network, take the following steps: Connect the AP to Sophos UTM using standard LAN for at least a minute. This is necessary for the AP to get its configuration. Connecting it via VLAN from the beginning, the AP would not know of being in a VLAN and therefore would not be able to connect to Sophos UTM to get its configuration. When the AP is displayed, enable VLAN tagging and enter the VLAN ID. Then connect the AP to its intended VLAN, e.g., a switch.

     

     

    In Central, this is resolved by giving the APX the possibility to work in Untagged networks and VLAN Networks at the same time. 

    __________________________________________________________________________________________________________________

  • in reply to LuCar Toni

    Thanks for your reply. Can you advise regarding configuring the ports on my cisco switches? In the past I have configured the Cisco ports that my AP55C APs connect to as trunks so all vlans will be allowed. If I needed 2 SSIDs on separated VLans for example, I check the Vlan Tagging box on the AP, and give it a VLan Id. That way it would get an Address via DHCP from the scope of the VLan. I also set up 2 more DHCP scopes so each SSID would get it's address from it's own VLan range. That was very simple. Is there a whitepaper, or KB article that discusses cisco port configuration for this?

    Thanks

Reply
  • in reply to LuCar Toni

    Thanks for your reply. Can you advise regarding configuring the ports on my cisco switches? In the past I have configured the Cisco ports that my AP55C APs connect to as trunks so all vlans will be allowed. If I needed 2 SSIDs on separated VLans for example, I check the Vlan Tagging box on the AP, and give it a VLan Id. That way it would get an Address via DHCP from the scope of the VLan. I also set up 2 more DHCP scopes so each SSID would get it's address from it's own VLan range. That was very simple. Is there a whitepaper, or KB article that discusses cisco port configuration for this?

    Thanks

Children
  • in reply to WRS

    Actually I just figured it out. On the Cisco port I configure the VLAN I need the AP to communication as native on that port. That allows untagged traffic on that VLan. Then I allow that VLan, and the other 2 vlans on the trunk. Now just the two SSID vlans are tagged, and the AP isn't. Works like a charm. Thanks for your response!

Unfiltered HTML