Switching user traffic via VLAN
This approach is used in small networks where deploying VLAN does not cause difficulties.
In this case, traffic can either pass through the controller or be processed locally, depending on the switching settings.
In the provided example, traffic will be forwarded centrally through the controller.
The article covers a simple diagram:
Configuring switch
MES2324P#configure MES2324P(config)#interface GigabitEthernet 1/0/3 MES2324P(config-if)#switchport mode trunk MES2324P(config-if)#switchport trunk allowed vlan add 115 MES2324P(config-if)#switchport trunk native vlan 110 MES2324P(config-if)#exit
#go to configuration mode #go to interface configuration to which the access point is connected #specify the port mode, in our case — trunk #set 115 — VLAN for transmitting user traffic, which will then be routed (or switched) according to the network topology. #set 110 — VLAN for access point management
MES2324P(config)#interface GigabitEthernet 1/0/5 MES2324P(config-if)# switchport mode trunk MES2324P(config-if)#switchport trunk allowed vlan add 110,115 MES2324P(config-if)#exit
#go to interface configuration to which the access point is connected #specify the port mode, in our case — trunk #set 115 — VLAN for transmitting user traffic, which will then be routed on the WLC (or on intermediate equipment between MES and WLC) and 110 — VLAN for access point management
Configuring WLC
Configuring physical interface
wlc-30(config)# interface gigabitethernet 1/0/1 wlc-30(config-if-gi)# switchport mode trunk wlc-30(config-if-gi)# switchport trunk allowed vlan add 115,110 wlc-30(config-if)#exit
#go to interface configuration to which the access point is connected #specify the port mode, in our case — trunk #set 115 — VLAN for transmitting user traffic and 110 — VLAN for access point management
VLAN termination in bridge
wlc(config)# bridge 10 wlc(config)# description MNGT_AP wlc(config-bridge)# vlan 110 wlc(config-bridge)# no spanning-tree wlc(config-bridge)# ip address 192.168.1.1/24 wlc(config-bridge)# ip firewall disable wlc(config-bridge)# enable wlc(config-bridge)# exit
#create a bridge named "10" #for easier reading and navigation through the configuration, add a short description of the interface #VLAN ID 110 — VLAN number for transmitting management traffic #disable the STP protocol #specify the IP address of the management subnet #disable the firewall #enable the bridge
wlc(config)# bridge 15 wlc(config)# description USERS wlc(config-bridge)# vlan 115 wlc(config-bridge)# no spanning-tree wlc(config-bridge)# ip address 192.168.2.1/24 wlc(config-bridge)# ip firewall disable wlc(config-bridge)# enable wlc(config-bridge)# exit
#create a bridge named "15" #for easier reading and navigation through the configuration, add a short description of the interface #VLAN ID 115 — VLAN number for transmitting traffic from users #disable the STP protocol #specify the network IP address for users #disable the firewall #enable the bridge
By default, the factory configuration assumes the use of tunnels. However, since this article describes switching with VLAN, the following settings must be removed:
1. In the DHCP server settings, suboption 12 is not used. This suboption is applied to indicate to the AP that SoftGRE tunneling must be used, as well as to define the tunnel address on the controller side.
wlc-30# configure wlc-30(config)# ip dhcp-server pool ap-pool wlc-30(config-dhcp-server)# vendor-specific wlc-30(config-dhcp-server-vendor-specific)# no suboption 12
2. In the ap-location settings, the mode tunnel is not specified, and there is no need to configure tunnel softgre or softgre-controller.
wlc-30(config)# wlc wlc-30(config-wlc)# ap-location default-location wlc-30(config-wlc-ap-location)# no mode tunnel
wlc-30(config)# no tunnel softgre 1 wlc-30(config)# no softgre-controller
All changes made to the configuration must be saved in the non-volatile memory of the device.
wlc-30# commit
Configuration has been successfully applied and saved to flash. Commit timer started, changes will be reverted in 600 seconds. #changes are saved and the timer is started
wlc-30# confirm
Configuration has been confirmed. Commit timer canceled. #changes are confirmed and applied
Local switching
Local switching — is a VAP mode for Eltex access points. It works only in a diagram with GRE tunneling and allows client traffic from a separate SSID to be released into a VLAN directly from the access point, without a tunnel. It is not used in a diagram without GRE.
With such a configuration, client traffic from some SSIDs will be sent in a SoftGRE tunnel to the controller, while traffic from other SSIDs (configured in Local Switching mode) will be processed locally: depending on the switching settings.
This mode is used when it is necessary to improve fault tolerance for critical SSIDs without using controller redundancy. If the controller becomes unavailable, clients will continue to operate. When using external DHCP and RADIUS servers, it also remains possible to connect new clients.
Configuring switch
MES2324P#configure MES2324P(config)#interface GigabitEthernet 1/0/3 MES2324P(config-if)#switchport mode trunk MES2324P(config-if)#switchport trunk allowed vlan add 115 MES2324P(config-if)#switchport trunk native vlan 110
#go to interface configuration to which the access point is connected #specify the port mode, in our case — trunk #set 115 — VLAN for transmitting user traffic, which will then be routed (or switched) according to the network topology. #set 110 — VLAN for access point management
On some devices, the configuration will be different, for example, on MES2424x series switches:
MES2424P(config-if)#switchport mode general MES2424P(config-if)#switchport general allowed vlan add 115 tagged MES2424P(config-if)#switchport general allowed vlan add 110 untagged MES2424P(config-if)#switchport general pvid 110
Configuring WLC
Configuring physical interface
wlc-30(config)# interface gigabitethernet 1/0/1 wlc-30(config-if-gi)# switchport mode trunk wlc-30(config-if-gi)# switchport trunk allowed vlan add 110 MES2324P(config-if)#exit
#switch to the interface configuration towards MES #specify the port mode, in our case — trunk #set 110 — VLAN for access point management
Configuring bridge
wlc(config)# bridge 10 wlc(config)# description MNGT_AP wlc(config-bridge)# vlan 110 wlc(config-bridge)# no spanning-tree wlc(config-bridge)# ip address 192.168.1.1/24 wlc(config-bridge)# ip firewall disable wlc(config-bridge)# enable wlc(config-bridge)# exit
#create a bridge named "10" #for easier reading and navigation through the configuration, add a short description of the interface #VLAN ID 110 — VLAN number for transmitting management traffic #disable the STP protocol #specify the IP address of the management subnet #disable the firewall #enable the bridge
It is necessary to specify the tunneling mode in the ap-location settings:
This is required only when configuring “from scratch,” since in factory-config this setting is already present.
wlc-30(config-wlc-ap-location)# mode tunnel
Detailed description of configuration with SoftGRE: Configuring SoftGRE tunnels (large office network diagram).
In the SSID-profile settings, for SSIDs that must release traffic locally, you need to specify the corresponding mode and client VLAN:
wlc-30(config-wlc-ssid-profile)# local-switching wlc-30(config-wlc-ssid-profile)# vlan 115
Using the Local Switching command, you can apply a scenario where traffic is released locally into a VLAN for a specific SSID, even if tunneling is enabled for the entire location.
All changes made to the configuration must be saved in the non-volatile memory of the device.
wlc-30# commit
Configuration has been successfully applied and saved to flash. Commit timer started, changes will be reverted in 600 seconds. #changes are saved and the timer is started
wlc-30# confirm
Configuration has been confirmed. Commit timer canceled. #changes are confirmed and applied