VLAN issues on Balance Two/AP One AX - InControl2

Jason_Hille · August 4, 2022, 3:18pm

On the InControl dashboard: Org->Site->Network Settings->VLAN Networks
I have configured the following:
Untagged LAN - I am assuming this is VLAN 1 as all of the networking equipment I’ve ever dealt with has VLAN ID 1 as the default untagged VLAN. I cannot create a subnet in InControl and seems as though I can only create the subnet in the Balance Two interface only.
Guest - VLAN 25 with DHCP enabled using subnet 172.16.32.0/24. This is created and manageable through InControl.
Voice - VLAN 100 with DHCP enabled using subnet 10.10.32.0/24. This is created and manageable through InControl.

I have the following configuration on Balance Two Web GUI (because it can’t be done through InConrtol?)
LAN->Network Settings->Untagged LAN
Manually configured Subnet with DHCP enabled
Other VLANs received subnet and DHCP settings from InControl (weird).

LAN->Port Settings
Port 1 (Untagged LAN) - Set as Access Port usind Untagged LAN (presumably VLAN 1).
Port 2 (VLAN 25) - Set as Access Port using Guest (VLAN 25).
Port 3 (VLAN 100) - Set as Access Port using Voice (VLAN 100).

I also use a Cisco SG250-50PP Managed switch with all Layer 2 ports configured. Each port on Balance 2 has an Access Port configured on the switch as uplinks (ie. port 1 on Balance Two to port 50 on Cisco Switch; both Access Ports. I don’t know what VLAN Untagged LAN uses, but my switch is using the standard VLAN 1 as native). Port 2 on Balance Two to port 49 on Cisco Switch; both Access Ports (VLAN 25). And finally, Port 3 on Balance Two to Port 48 on Cisco Switch; both Access Ports (VLAN 100). It is worth noting that my Cisco Switch is reporting a VLAN mismatch on Port 50 which is the uplink for the Untagged LAN (presumably VLAN 1)

There are 2 problems I am seeing with this setup. First, I have a PepWave AP One AX which is also configured to be controlled from InControl. Group-wide SSID settings are configured. The switchport that the AP connects to on the Cisco Switch is configured as Trunk Port VLAN 1 Untagged | VLAN 25 Tagged. I am expecting the AP to get a DHCP address from the Untagged LAN and then also bridge to the wireless broadcast each of the VLANs on their respected SSID. One SSID is configured with Untagged LAN (again, presumably VLAN 1) and another SSID is configured with Tagged VLAN 25 (Guest). I would expect the SSIDs to give clients DHCP from those respective VLANs, but clients connected to either do not appear to be able to connect to Balance Two to get DHCP.

I have, however, configured the switchport that the AP is plugged into to be Trunk Port VLAN 25 Untagged | VLAN 1 Tagged and cliets connecting to the SSID configured with Untagged LAN (preseumably VLAN 1) are ble to get DHCP, but not the SSID configured as Guest.

I’m at a real loss as to how this Untagged LAN works. Incedentally, I have a very similar setup at another location with no issues. The only difference is I’m using a Cisco SG350 series switch instead of a SG250 series. I don’t seem to have this issue.

ckirch · August 4, 2022, 4:10pm

Hi,

I can confirm that untagged LAN@Peplink is the same as VLAN1@Cisco and others.
I used the same configuration with a B One and a Cisco SG 350.
Please change Port 1 to „Trunk“ for your B TWO and similarly for your Cisco Switch, as Access is not correct (untagged LAN relays all tagged and untagged packages). Regards, Chris

Jason_Hille · August 4, 2022, 10:07pm

I’m waiting on feedback on whether the configurations you’ve suggested are the fix for WiFi clients not getting DHCP. However, the AP doesn’t appear to be bouncing unexplicably as it was before the changes.

So, just to throw this back up … I’ve updated the swtichport uplink on SG250 to Trunk with only VLAN 1 as active (and Native) and all other VLANs are inactive. I also set the uplink port (port 1) on B Two to Trunk VLAN Any.

Now … here’s another question:

What if I want to not use Untagged LAN at all and create VLANs 1, 25, & 100 with their respective subnets and link those to their respective B Two ports (1, 2, & 3)? Would that not also function based on my original networking topology that I laid out for my switchgear?

Jason_Hille · August 5, 2022, 10:23pm

So … I answered my own question but setting up a lab environment and using an SG350, Balance Two, and AP One AX. I was able to forego using Untagged LAN and create VLAN 1, 25, 50, and 100 subnets on the B Two. I can then create Access ports and use those VLANs for each LAN port on B Two and uplink to Access Ports on my SG350. Then other ports on the SG350 can use VLAN 1 Untagged and other VLANs as tagged … namely the AP One AX which only uses VLAN 1 Untagged and 25 Untagged.

Basically, I was able to do what I normally do in a typical networking topology my company configures for other customers.

This is handy information to know before hand. The Untagged LAN that’s pre-configured on these things is very … not needed!