cancel
Showing results for 
Search instead for 
Did you mean: 

Port/VLAN best Practice

matthew_kopishk
New Contributor

Hi Everyone,

I have a SZ-100 setup with a single port group setup.  We have 46 APs currently and are expecting to add 30 more at another location on campus.

Currently, the primary wireless LAN lives on the same VLAN as the APs and the SZ-100 (the vendor that installed the equipment set it up this way).  I would like to break it up so the APs and the SZ-100 live on our "management vlan" and then have the primary WLAN live on its own.

I know out of the box we could have gone with a two-port group, is it worth going through the hassle of resetting everything and going this route, or stick with the current single port group and just adjust the SZ-100 & APs IP addresses and vlans accordingly?

I'm leaning towards the latter but I figured it was worth asking before I proceeded.

Thanks,

Matt

1 ACCEPTED SOLUTION

albert_pierson
Contributor III

Hi Matt,

The second port on the SZ-100 is to allow tunneling client traffic from AP's through the SZ and not directly out the AP local network.

If you wish for client traffic to be put into a different VLAN you need to change the VLAN configured in the Wireless LAN (WLAN)/SSID configuration:

Under advanced options you will see the Access VLAN configuration.  By default it is 1 which actually is the default VLAN of the AP and traffic is sent out the AP untagged and thus into the AP management VLAN.

By changing this VLAN to any other value you will be tagging the client traffic connected to that SSID/WLAN  when it leaves the AP.

If you are using local bridging on the AP that means you need to configure the switch port where the AP connects to accept and carry that VLAN ID as tagged.

You will also need to create a VLAN router interface for that VLAN and configure DHCP services on that VLAN in the Router or using DHCP relay to an external DHCP.

If you are tunneling the client traffic from the AP it will go from the AP to the SZ100 and egress the SZ100 port tagged.  The SZ100 port (second port if you enable it) would then need to carry that VLAN as tagged and connect to a VLAN router interface with DHCP services.

I hope this answers your question,

Thanks for selecting Commscope/Ruckus products

Albert Pierson

Principle Support Engineer

View solution in original post

9 REPLIES 9

diego_garcia_de
Contributor III

do you need to tunnel back to smartzone? otherwise just create  / change the vlan of the WLAN, set it us "local breakout" (no tunneling) and handoff to the switch directly. 

If you're not using tunneling, the smartzone doesnt even need any reachability to the traffic vlans.

albert_pierson
Contributor III

Hi Matt,

The second port on the SZ-100 is to allow tunneling client traffic from AP's through the SZ and not directly out the AP local network.

If you wish for client traffic to be put into a different VLAN you need to change the VLAN configured in the Wireless LAN (WLAN)/SSID configuration:

Under advanced options you will see the Access VLAN configuration.  By default it is 1 which actually is the default VLAN of the AP and traffic is sent out the AP untagged and thus into the AP management VLAN.

By changing this VLAN to any other value you will be tagging the client traffic connected to that SSID/WLAN  when it leaves the AP.

If you are using local bridging on the AP that means you need to configure the switch port where the AP connects to accept and carry that VLAN ID as tagged.

You will also need to create a VLAN router interface for that VLAN and configure DHCP services on that VLAN in the Router or using DHCP relay to an external DHCP.

If you are tunneling the client traffic from the AP it will go from the AP to the SZ100 and egress the SZ100 port tagged.  The SZ100 port (second port if you enable it) would then need to carry that VLAN as tagged and connect to a VLAN router interface with DHCP services.

I hope this answers your question,

Thanks for selecting Commscope/Ruckus products

Albert Pierson

Principle Support Engineer

I'm not tunning, thank you for clarifying that.

Right now the primary client VLAN is Untagged so both my SZ-100 and the primary WLAN are set to 1.  My plan is to change the untagged vlan to my management vlan so the SZ-100 will stay on vlan 1 but my WLAN will have to be updated with the proper (now tagged) vlan.

I think it's going to be a pretty simple swap other than me needing to tell the APs that the SZ-100 has a new address.  I did see a script I could run that would do most of that heavy lifting for me.

if at all possible, I would try to avoid re-IP'ing the SZ

can you move the customer vlan instead?