Showing results for 
Search instead for 
Did you mean: 

VLAN and Subnet Configuration on ZD1100 and 5 x 7900 APs

New Contributor II

I'm aiming to setup a working test environment consisting of 1 x ZD1100 and 5

x Zone Flex 7900 APs and 1 x Cisco 3750x L3 switch to power the APs and do the routing:

I want to separate traffic using 4 VLANs and 4 Subnets:

VLAN 10 Management
VLAN 130 Guest WiFi
VLAN 140 Production WiFi
VLAN 160 Staging WiFi

I've SVIs setup on the Cisco 3750x:
VLAN 10:
VLAN 130:
VLAN 140:
VLAN 160:

For the time being I'll use the Cisco 3750x for DHCP configured with 3 pools
for VLAN 130,140,160. (Eventually I'll move these scopes to an external DHCP

I want to assign the ZD and APs with management IP addressing in the .10

subnet i.e.:


At the moment I've the APs and ZD1100 connected to the Cisco 3750x switch via

6 open trunks (Native VLAN 1) respectfully.


interface GigabitEthernet1/0/1
description AP01 Testing
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast

As I'm well aware I'm missing some fundamental information on how the ZD and APs communicate.

My questions are:

What VLANs and subnets do I configure on the ZD1100 and APs ? (I only see an option to configure the ZD as an Access VLAN)

And how do I configure these on ZD1100 and which interfaces do I configure (i.e. management or system or both)?

Thanks in advance for any help received.

New Contributor III

Just create one access port for ZD 1100 in VLAN 10. give to ZD ip address from that VLAN.

then do following : create 5 trunk ports with native VLAN 10. and also will be good if you create one more pool for VLAN 10 for access points. after connect access point to that ports they will connect to ZD automatically.

New Contributor II
Thanks very much. I did as you said and it's working well. Thanks for your help.

Esteemed Contributor II
Having Cisco TAC experience too, let me provide the example DHCP scope, with
option 43 to give APs your ZD's address, and my recommendation on
how to prune the ZD/AP switch port trunks to only allow the necessary VLANs.
This will save CPU overhead on ZD/APs. In DHCP, you should exclude your
def-gw IP and any dedicated server/host IPs (like the ZD).

ip dhcp excluded-address
ip dhcp pool ap-pool
dns-server a.b.c.d (optional)
option 43 ascii ""
option 43 hex F1040A050A32

interface GigabitEthernet1/0/1
description AP01 Testing
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1, 10, 130, 140, 160
switchport access vlan 10
spanning-tree portfast
no ip address


Second question about ZD and AP communication, I see you may have
created an access port in VLAN 10. The above switch port example specifies
vlan 10 as the 'access' VLAN. A PC connected to a port configured like this
should pull DHCP from VLAN 10.

If you use tagged VLAN 10 (not untagged VLAN 1) for your ZD and APs,
you also need to specify this VLAN 10 under ZD WebUI Configure/System,
ZD's Device IP Settings, and the Access VLAN.

Likewise, on Configure/Access Points, Access Point Policies, the Management
VLAN should also have the VLAN-ID = 10.

These two fields tell the ZD and APs to tag their LWAPP communication packets
with VLAN 10. I hope this is helpful.

New Contributor II
Thanks Michael for the additional advice re: VLAN pruning and configuring VLAN 10 on ZD and APs.