Badcaps.net Forum
Go Back   Badcaps Forums > Troubleshooting Hardware & Devices and Electronics Theory > Troubleshooting & Designing Networks
Register FAQ Calendar Search Today's Posts Mark Forums Read

 
Thread Tools Display Modes
Old 02-01-2019, 04:25 PM   #1
Spork Schivago
Your Awesomeness
 
Join Date: Mar 2012
City & State: Corning, New York
My Country: United States of America
Line Voltage: 120VAC 60Hz
I'm a: Professional Tech
Posts: 4,617
Default Questions about VLANs and Cisco Hardware

Does anyone have any experience with Cisco hardware, specifically WLCs, Wireless APs, and VLANs?

I took the CCNA courses, but it was a very long time ago. We didn't go over wireless technologies in the course because back then, I believe wireless was fairly new in the business sector.

To start with, I'm having some trouble understanding VLANs. I realize on Cisco hardware at least that a VLAN ID is layer 2, a VLAN interface is layer 3. I am a bit confused with VLAN tagging though.

I have a setup like this:
Code:
Cisco Router
--------------
Interface GigabitEthernet 0/0/1 <-- access port, Public Static IPv4 address

Interface Wlan-GigabitEthernet0/1/8
 Description: Internal switch interface connecting to the embedded AP
 switchport trunk native vlan 999
 switchport trunk allowed vlan 10,20,40
 switchport mode trunk
end

VLAN ID 10
VLAN ID 20
VLAN ID 40

Interface VLAN 10 <-- Network Address 10.0.0.0 / 24, IP address 10.0.0.1
Interface VLAN 20 <-- Network Address 10.0.20.0 / 24, IP address 10.0.20.1
Interface VLAN 40 <-- Network Address 10.0.40.0 / 24, IP address 10.0.40.1

WLC
-----
Interface management <-- Untagged, IP address 10.0.0.2
Interface vlan_employees <-- Tagged VLAN 20, IP address 10.0.20.2
From the built-in WLC, I have trouble pinging the router. I read the management interface needs to be left untagged. But if it's left untagged, how does it work? The packet leaves the WLC, untagged, enters the WLan-GigabitEthernet 0/1/8 interface, and then gets tagged with VLAN 10? Or does the packet reach the GigabitEthernet 0/1/8 interface, sees that it doesn't belong to a VLAN, and the interface drop the packet?

My understanding about the native VLAN is if the packet coming into the interface is tagged with the same VLAN that is set as the native VLAN, the interface will remove the tag and forward the packet to it's destination, untagged. Is that correct?

Thanks!
__________________
-- Law of Expanding Memory: Applications Will Also Expand Until RAM Is Full
Spork Schivago is offline   Reply With Quote
Old 03-04-2019, 09:08 PM   #2
ant3202
Badcaps Veteran
 
ant3202's Avatar
 
Join Date: Jun 2006
City & State: Singapore
My Country: Singapore
Line Voltage: 230V 50Hz
I'm a: Knowledge Seeker
Posts: 212
Default Re: Questions about VLANs and Cisco Hardware

im not sure.... but had you tried encapsulation dot1q on the router interface?
ant3202 is offline   Reply With Quote
Old 03-12-2019, 12:18 PM   #3
Spork Schivago
Your Awesomeness
 
Join Date: Mar 2012
City & State: Corning, New York
My Country: United States of America
Line Voltage: 120VAC 60Hz
I'm a: Professional Tech
Posts: 4,617
Default Re: Questions about VLANs and Cisco Hardware

I have tried, but I do not think I have done it right. I need a better understanding of VLANs and how the packets look when traveling from various networks to other networks.

For example, what happens and what does it look like if a packet is coming interface 1 on a wireless LAN controller, with an IP of 10.0.0.3, untagged, passing through interface 1 on the router (just as an example) which has IP address of 10.0.0.2? What happens to the packet if it's untagged when it leaves the wireless LAN controller? What happens if on the router, it's a VLAN interface? What happens if it's tagged when it leaves the wireless LAN controller?

I see many tutorials that show how to setup the dot1q on the router's interface, but that command just isn't there for my router. It's a little bit different.
Spork Schivago is offline   Reply With Quote
Old 04-21-2019, 06:12 PM   #4
jpmvan
New Member
 
Join Date: Apr 2019
City & State: Vancouver, BC
My Country: Canada
I'm a: Knowledge Seeker
Posts: 1
Default Re: Questions about VLANs and Cisco Hardware

Quote:
Originally Posted by Spork Schivago View Post
Does anyone have any experience with Cisco hardware, specifically WLCs, Wireless APs, and VLANs?

I took the CCNA courses, but it was a very long time ago. We didn't go over wireless technologies in the course because back then, I believe wireless was fairly new in the business sector.

To start with, I'm having some trouble understanding VLANs. I realize on Cisco hardware at least that a VLAN ID is layer 2, a VLAN interface is layer 3. I am a bit confused with VLAN tagging though.

I have a setup like this:
Code:
Cisco Router
--------------
Interface GigabitEthernet 0/0/1 <-- access port, Public Static IPv4 address

Interface Wlan-GigabitEthernet0/1/8
 Description: Internal switch interface connecting to the embedded AP
 switchport trunk native vlan 999
 switchport trunk allowed vlan 10,20,40
 switchport mode trunk
end

VLAN ID 10
VLAN ID 20
VLAN ID 40

Interface VLAN 10 <-- Network Address 10.0.0.0 / 24, IP address 10.0.0.1
Interface VLAN 20 <-- Network Address 10.0.20.0 / 24, IP address 10.0.20.1
Interface VLAN 40 <-- Network Address 10.0.40.0 / 24, IP address 10.0.40.1

WLC
-----
Interface management <-- Untagged, IP address 10.0.0.2
Interface vlan_employees <-- Tagged VLAN 20, IP address 10.0.20.2
From the built-in WLC, I have trouble pinging the router. I read the management interface needs to be left untagged. But if it's left untagged, how does it work? The packet leaves the WLC, untagged, enters the WLan-GigabitEthernet 0/1/8 interface, and then gets tagged with VLAN 10? Or does the packet reach the GigabitEthernet 0/1/8 interface, sees that it doesn't belong to a VLAN, and the interface drop the packet?

My understanding about the native VLAN is if the packet coming into the interface is tagged with the same VLAN that is set as the native VLAN, the interface will remove the tag and forward the packet to it's destination, untagged. Is that correct?

Thanks!
You should set the WLC to tagged, VLAN 10 and then 10.0.0.1 and 10.0.0.2 should be able to ping each other.

From the WLC command line:
config interfacevlan management 10
jpmvan is offline   Reply With Quote
Old 05-10-2019, 03:56 PM   #5
Retro-Hipster
Tinkerer
 
Retro-Hipster's Avatar
 
Join Date: Apr 2019
City & State: Salt Lake City
My Country: United States
Line Voltage: 120VAC 60Hz
I'm a: Hobbyist Tech
Posts: 125
Default Re: Questions about VLANs and Cisco Hardware

So, when you mark an interface as untagged as a member of a vlan, it means that the vlan tags themselve (headers that say, "this data is for vlan 25!") won't be passed by that interface but that the port will just act like any normal switch port. It would just be a switch port on that vlan. So say you have management on vlan 30 and you set interface 0/0/1 as untagged on vlan 30, then it would make port 0/0/1 only pass data for vlan 10 and would strip all the vlan tags from being passed. The vlan tag encasulates the data, so when it is stripped you are left with the 'normal' network data observed by computers most of the time. This is not the same thing as a port having no membership to a vlan.

Take this example below.

Company X has two switches for two floors in their building. They want the phones to be on a separate vlan from the data. They do not want the devices that are getting plugged into the network to have to read vlan tags and place themselves on a specific vlan. Instead, they just want it to look like two completely separate network. (There should be no vlan Tags presented to the devices, just the data.)

vlan 10 = Data Network.
vlan 20 = Phone Network.
vlan 30 = managment

Both switches and and be will be configured like this.
Ports -- vlan -- tagged/untagged/neither -- Notes
0 -- 10,20 -- tagged -- This is a trunk port. It is tagged because it needs to pass the vlan data AND the tags to the next switch so the switches can keep things separate.
1 -- 10 -- untagged -- This port is a part of vlan 10 but doesn't pass any tags, just the data on vlan 10.
2 -- 10 -- untagged -- This is like port 1. Devices on this port and port 1 can talk fine, like the other vlans don't exist. It can also talk to things on the other switch that are on vlan 10.
3 -- 20 -- untagged -- This port is like port 2, except that it only sees the data on vlan 20 instead of 10. It doesn't see any tags.
4 -- 20 -- untagged -- This port is just like port 3.
5 -- 30 -- untagged -- This port is the only port on the switch that is a member of vlan 30. The management interface has been assigned to this vlan and, as such, no other interfaces have access to this management interface. Since the Trunk Port doesn't have vlan 30 tagged, it won't pass this vlan over to the other switch. Each switch would need to be plugged into individually to access the management network.

This can be useful in more high-security installations or in small installations where there are only a few switches. There is no reason why you can't have "vlan 30" tagged at the trunk ports so that you can manage all your switches from a single switch port. The important thing is just keeping management interfaces away from the normal user network.

I hope that explains the difference between tagged and untagged. A note is that, a machine that is on a port that has been tagged on a vlan may look pretty much like one with an untagged port. That is only because the vlan tag is getting discarded though. The tag is actually getting sent to the machine, but the machine isn't doing anything with it unless it is told to use it. It is generally cleaner to mark things like workstations as Untagged on their designated network so that they don't have to deal with tags for no reason. Some devices don't like dealing with tags. If a machine is getting a tag, it kind of should have a reason for it, such as with esxi hosts where you want to tag multiple vlans for use on that host. Ports tagged on multiple vlans should have that machines nic configured to handle the vlans/act as two distinct networks.
__________________


“Men always seem to think about their
past before they die, as though they were
frantically searching for proof that they
truly lived.”
– Jet (Cowboy Bebop) -

Last edited by Retro-Hipster; 05-10-2019 at 04:03 PM..
Retro-Hipster is offline   Reply With Quote
Old 05-22-2019, 12:46 PM   #6
Retro-Hipster
Tinkerer
 
Retro-Hipster's Avatar
 
Join Date: Apr 2019
City & State: Salt Lake City
My Country: United States
Line Voltage: 120VAC 60Hz
I'm a: Hobbyist Tech
Posts: 125
Default Re: Questions about VLANs and Cisco Hardware

[QUOTE]... as untagged on vlan 30, then it would make port 0/0/1 only pass data for vlan 10 and would strip all the vlan tags from being passed[\QUOTE]

AH! I'm sorry, I meant to say "vlan 30" in both cases there. I wrote the first part, then came up with the example after. Then, when I went back to change vlan 10 to vlan 30 so that it matched all the examples, I forgot to fix that sentence. ^^;;
Retro-Hipster is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Badcaps.net Technical Forums © 2003 - 2019
Powered by vBulletin ®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
All times are GMT -6. The time now is 06:48 AM.
Did you find this forum helpful?