1 / 59

Extended VLAN

Extended VLAN. Extended VLAN. This example shows how to configure local bridging and tunneled bridging on the same WLAN (SSID) The following slide shows the network setup that we ultimately want to configure here in this example:. Controller. Uplink 1. VLAN 1 Untagged. VLAN 30 Untagged.

thane-snow
Download Presentation

Extended VLAN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Extended VLAN

  2. Extended VLAN • This example shows how to configure local bridging and tunneled bridging on the same WLAN (SSID) • The following slide shows the network setup that we ultimately want to configure here in this example:

  3. Controller Uplink 1 VLAN 1 Untagged VLAN 30 Untagged VLAN 50 Untagged DHCP Server 30.30.30.0 DHCP Server 50.50.50.0 Int 1 Switch Int 3 Int 4 Int 2 VLAN 1 Untagged VLAN 30 Tagged VLAN50 Tagged GE1 Access Point Captive_Portal_VLAN30 Corp_VLAN 50

  4. Switch (ICX) Configuration Current configuration: ! ver 07.3.00T7f1 ! stack unit 1 module 1 icx6610-48p-poe-port-management-module module 2 icx6610-qsfp-10-port-160g-module module 3 icx6610-8-port-10g-dual-mode-module stack-trunk 1/2/1 to 1/2/2 stack-trunk 1/2/6 to 1/2/7 ! ! vlan 1 name DEFAULT-VLAN by port ! vlan 30 by port tagged ethe 1/1/2 untagged ethe 1/1/3 ! vlan 50 by port tagged ethe 1/1/2 untagged ethe 1/1/4 ! ! interface ethernet 1/1/2 dual-mode tag-profile enable ! ! end

  5. Extended VLAN • Let’s first look at the red laptop: • If you trace a path between the red laptop and the red DHCP server, you will see that the path simply goes through VLAN 30 • As long as you simply configure the WLAN for local bridging, then the red laptop will get an IP address from the red DHCP server

  6. Extended VLAN • Next, let’s look at the purple laptop: • If you trace a path between the purple laptop and the purple DHCP server, you will see that there is no direct path to VLAN 50. • You would need to tunnel the traffic between the access point and controller through VLAN 1 in order to create a path to VLAN 50 • To do this, you simply configure the WLAN for tunneled bridging

  7. Extended VLAN • But what if you needed to do both local bridging and tunneled bridging on the same WLAN at the same time? • Solution: You need to configureExtended VLAN

  8. Extended VLAN • The rest of this slide deck shows a simple example to demonstrate an Extended VLAN setup to show you where to enter the Extended VLAN configuration

  9. Extended VLAN • First, configure a switch like this: • NOTE: You don’t have to use the exact same interfaces (or even the same VLAN ID for that matter) that I’ve used above • But for this example, I will use a switch that’s configured like the one in the diagram above VLAN 1 Untagged VLAN50 Tagged VLAN 30 Untagged VLAN 50 Untagged Int 1 Switch Int 3 Int 4 Int 2 VLAN 1 Untagged VLAN 30 Tagged

  10. Extended VLAN • Next, connect the DHCP servers • Note: You do not have to the exact same DHCP servers that I’m using in the above diagram • The purpose of the DHCP servers is to quickly and easily determine that my wireless clients are connected to the correct VLAN and that I can successfully forward to that VLAN • But please feel free to you other methods, if you want, to determine that your setup is running correctly VLAN 1 Untagged VLAN50 Tagged VLAN 30 Untagged VLAN 50 Untagged DHCP Server 30.30.30.0 DHCP Server 50.50.50.0 Int 1 Switch Int 3 Int 4 Int 2 VLAN 1 Untagged VLAN 30 Tagged

  11. Extended VLAN • Next, connect the Controller to the Switch • In this example, I connect a factory default RFS4000 Controller interface Uplink 1 to the Switch interface 1 Controller Uplink 1 VLAN 1 Untagged VLAN50 Tagged VLAN 30 Untagged VLAN 50 Untagged DHCP Server 30.30.30.0 DHCP Server 50.50.50.0 Int 1 Switch Int 3 Int 4 Int 2 VLAN 1 Untagged VLAN 30 Tagged

  12. Extended VLAN • In this example, I am going to start with a controller in factory default configuration and configure: • A Virtual Interface VLAN 1 with a static IP address of 192.168.0.1/24 (actually, I don’t need to do anything to configure this … it’s already there in the factory default configuration) • And I’m going to configure Uplink 1 in Trunk mode with VLAN 1 as the untagged Native VLAN and add VLAN 50 as an allowed (tagged) VLAN

  13. Extended VLAN • Next, create a WLAN that has 802.1x EAP with WPA2 CCMP and dynamic VLAN assignment

  14. Extended VLAN • Next, configure the GE1 interface for the AP for Trunked with untagged Native VLAN 1 and tagged VLAN 30

  15. Extended VLAN • Next, connect a DHCP server to VLAN 30 on the switch • Use the controller’s onboard RADIUS server to configure a server that has username/password assigned to VLAN 30 • Test the setup with a wireless client • Associate client to the WLAN testssid • Enter username/password • Check DHCP address

  16. Extended VLAN • Next, connect a DHCP server to VLAN 50 on the controller • For convenience, I will simply create a DHCP server on the controller’s virtual interface VLAN 50 • And then, create another username/password on the controller’s onboard RADIUS server that assigns the user to VLAN 50 • Then associate a wireless device and authenticate user the username/password for the user assigned to VLAN 50 and it will fail to get an IP address • Now we create our Extended VLAN for VLAN 50

More Related