CommScope RUCKUS Community Forums

kevin_chaney · ‎01-13-2020

We have a client with two locations. The Zonedirector and
many APs are at the main location, about 23 APs are at the secondary location. Currently, there is a dedicated ethernet circuit between the two sites. We are changing the connection to two separate internet connections with an SDWAN connecting them. Currently, the ZD and the APs are on the same VLAN (VLAN 1). We have to put the secondary site devices on VLANs that do not duplicate the VLANs at the primary site due to the connection type. Now, we are trying to figure out the correct configuration to get the secondary site APs to be on the separate VLAN (VLAN 200) and still work with the ZD at the main site. We have cisco switches at both locations (currently all APs are plugged into trunk ports) and meraki firewalls will be providing the new SDWAN connection. But as of right now (even with the still flat network) I cannot even get the secondary sight APs to communicate with the Zone Director when I move them to a new VLAN. We have tried numerous different settings in the AP policies and on the cisco switch ports.

albert_pierson · ‎01-13-2020

Hi Kevin,

If AP's are on a different IP subnet then the Zone Director then you need to provide some way for the AP's to discover the Zone Director.

The Discovery mechanisms are:

AP's on the same IP subnet discover the Zone Director and join automatically.
You can configure the local DHCP server to provide the Zone Director IP using DHCP option 43
You can configure a local DNS to respond to zonedirector.local.lan with the ZD IP. local.lan will be the domain provided by DHCP
Manually configure each AP via AP CLI/SSH with the command: set director ip
Depending on version, the AP GUI has a discovery option where you can configure the ZD IP into the AP.

All AP's initiate communication to the ZD's so AP's can work behind NAT, but you must be able to ping the ZD from the AP. The AP control protocol is lwapp which uses ports 12223 and port 12222. You also need port 21 (FTP) open to permit the AP to be upgraded from the ZD. Https (443) and Http (80) may be needed if you have guest services or captive portal configured.

Hope this helps,

Cheers

Albert

kevin_chaney · ‎01-13-2020

Thank you for the reply, do I also need to change the untag ID to 200 in the model specific control port settings?

albert_pierson · ‎01-13-2020

The untagged ID in the AP Model Specific configuration is only for the internal untagged/native VLAN used in the AP. By default (like most switches) this is VLAN 1. Since this VLAN is not sent (as it is untagged/native) it does not need to be changed unless you need to use VLAN 1 as tagged externally. It does not need to match the native/untagged vlan on the Switch port.

It is always best to leave AP management as untagged and set the switch port native/untagged vlan if you wish to carry AP management in the switches on a specific VLAN. If you tag the AP management vlan you will have issues with factory defaulted AP's which by default send traffic untagged, requiring manually configuring each AP before connecting or changing the Port settings to untagged then back to tagged after AP connects and gets configured. Using the ZD settings to configure AP management VLAN is also a problem in a multi-site location where the AP management VLAN may be different. Keep it simple and let your network manage the AP management VLAN's

victor_cenac · ‎01-13-2020

Correct! I have this exact problem! At first deployment, tagged VLAN 10 was chosen for management and now we are boxed in! Can't reset AP in the field (not easily), because if falls off the network. We have to make special arrangements to re-provision.

CommScope RUCKUS Community Forums

ZD3050 configuration for the controller and some (not all) APs on separate VLANs