cancel
Showing results for 
Search instead for 
Did you mean: 

Different VLANs for each H510 AP on data ports

noel_saldana
New Contributor III
Is it this scenario possible?
We will be deploying around 300+ units of H510 APs for each room on a hotel but the requirement is that each room has its own VLAN on the data ports which is for the AP. 
I presume that the ssid will be the same but the data ports will be different for each of the room. 300+ APs = 300+ VLANs

We will be using a Cisco 3650 switch and a ZoneDirector 3000..
7 REPLIES 7

shantha_swaroop
New Contributor III
Yes , the AP joins automatically to the controller.... this was a working scenario in one of my deployments, i used a ZF 7025 in my case, infact all the ports on the Access point can be on different vlans and can get dhcp.. I used a internet gateway as the DHCP server which used to provide the DHCP for both users and Access points

noel_saldana
New Contributor III
OK thanks, I'll try this scenario once available. I'll give a feedback once done.

dionis_taveras
Contributor II
Before you deploy the config you are trying to implement, be sure the VLAN you want or are required to have unique is the AP VLAN and not the client VLAN.  The Data VLAN is not referring to the AP as that is the AP management space.  The data VLAN is the one used for the clients traffic, which is the data you are transporting.

With that said, typical auto discovery of a ZD occurs when the AP and the ZD are on the same IP space, same VLAN as this is a discovery taking place on Layer 2, not 3.  Putting the APs on different VLAN each means that they will need to route to get to the ZD.  So, be aware of that.

If what you are looking for is to have each AP on a separate VLAN, then the config you have been discussing here applies. That is, setting the port as a trunk with native VLAN being the VLAN used for the AP management and the other VLANs being the one used for the client data (the SSID).

If what you are looking for is to actually have the data VLAN being unique for each room (which is typically the case since the customer wants the room to have local area connections and normally the AP management is not accessible by the customer, hence same VLAN for all should be just fine), then you need to make sure that the native VLAN is the same for all APs and the data VLAN that is being used on the SSID is the one trunked for each AP at each room.  May be helpful to make sure the SSID identifies the room as well.  


So on a Cisco switch, this config looks like this for both, all that changes is which VLAN you trunk if the data VLAN is different for each room.  If it is for each AP, then the native VLAN changes, not the trunked VLAN, in the case below, VLAN 100 is the AP management while 200 is the client data:

interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 100
 switchport mode trunk allowed vlan 100, 200

interface GigabitEthernet0/2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 100
 switchport mode trunk allowed vlan 100, 201


Keep in mind, this is very basic config, I would normally also use port protection and other security features to prevent misuse of the management network.  On the AP secondary ports, also tagged the VLAN used for the client data as access there, so that if clients connect to the AP directly on the wire, they are treated as a wireless client.

Hope this helps, good luck!