Clarification on VLANS native and management

Hi Joe,

(I guess I should have read all your postings before responding to any of them ... this is why it's best practice to post your followups using the same subject line.)

Anyway ... this is a misconfiguration. It is required that BVI1/bridge-group 1 on the AP be in the native VLAN. In the config below, there is no wired VLAN in bridge-group 1, so nobody on the wired side is going to be able to talk to this AP.

If you want for some reason to call your native VLAN "4" rather than "1" (although see my last posting for a reason why not), then you should configure your AP like this:

interface faste0.4 encaps dot1q 4 native bridge-group 1

Aaron

Hello Aaron,

Sorry about posting twice. So much to learn. Thanks for your help. I guess I am still confused a little regarding the Native Vlan on the access point and want to understand completely. I have researched this extensively but remain a bid cloudy on this. So the question I have is can I assign VLAN1 on the Access Point as native and have the switch port it is attached to as switchport trunk native vlan 4? or must the switch port be switchport trunk native vlan 1 if the Access point's native vlan is 1. A diagram follows; Is this diagram correct?

Thanks,

Joe

Cisco 871 Router

interface Fasteth0

switchport trunk native vlan4 switchport mode trunk

interface vlan2 (corporate users) ip address 192.168.10.1/24 interface vlan 3 (wireless guest access vlan) ip address 172.16.29.1/24 interface vlan4 (Trunk vlan) ip address 172.16.99.1/24)

Cisco 1231 AP (Connected to switch Fasteth0/23 port) interface Dot11Radio0.2 bridge-group 2 interface Dot11Radio0.3 bridge-group 3 interface Dot11Radio0.4 encaps dotQ 4 native bridge-group 1 interface Fasteth0.2 bridge-group 2 interface Fasteth0.3 bridge-group 3 interface Fasteth0.4 encaps dotQ 4 native bridge-group 1 interface BVI1 ip address 172.16.99.12/24

Hi Joe,

~ Sorry about posting twice. So much to learn. Thanks for your help. I ~ guess I am still confused a little regarding the Native Vlan on the ~ access point and want to understand completely.

No worries; I've spent plenty of time being confused on this point myself ...

~ I have researched this ~ extensively but remain a bid cloudy on this. So the question I have is ~ can I assign VLAN1 on the Access Point as native and have the switch ~ port it is attached to as switchport trunk native vlan 4? or must the ~ switch port be switchport trunk native vlan 1 if the Access point's ~ native vlan is 1.

OK, so here's the key:

If you are doing 802.1q trunking, then the VLAN IDs for each frame are carried in the frame header. If one side is sending out frames tagged VLAN 47 but the other side is not configured for VLAN 47, then those frames will go into the bit bucket. So VLAN n on one side of the trunk has to match up to VLAN n on the other side of the trunk.

BUT there is an exception: the "native" VLAN, meaning the UNTAGGED VLAN [*]. Since the native VLAN is untagged, then one side of the trunk can call the native VLAN 1 and the other side can call the native VLAN 4, and neither will be any the wiser ... the number assigned to to the NATIVE VLAN is only of local significance.

~ A diagram follows; Is this diagram correct?

Yes, I believe this is correct (but for one small issue[**]):

BVI1 on the AP is 172.16.99.12/24 bridge-group 1 on the AP bridges to FastE0.4 which is configured for "native VLAN4"

So the AP is in subnet 172.16.99/24 in the native VLAN.

The switch is configured with native VLAN "4" on both the trunk to the AP and the trunk to the 871.

The 871 is configured with native VLAN 4 and with 172.16.99.1/24 on interface VLAN4.

Therefore, I predict that 172.16.99.1 and 172.16.99.12 will be able to ping each other.

Cheers,

Aaron

Hello again Aaron,

F> Hi Joe,

Hello again Aaron,

F> Hi Joe,

Hello again Aaron,

F> Hi Joe,