2 Replies Latest reply on Feb 1, 2013 6:50 AM by net11

    vWLAN VLAN Problem

    net11 New Member

      I have setup a new VM with the 2.2.19 vWLAN software using all the steps given in the vWLAN v2.2.1 Upgrade Guide, but am having trouble getting the new software to see one of the VLANs under the locations setting.


      I have our network separated into 2 VLANS: VLAN 101 (10.1.x.x/16) and VLAN 11 (10.11.x.x/16). VLAN 101 is for our Active Directory computers and VLAN 11 is for public use. A BSAP-1800 is plugged into a trunk port on a layer 3 switch, tagged with VLANs 101 and 11. The PVID is set to VLAN 101, so the WAP receives a 10.1.x.x IP address. The new and old vWLAN VMs run on
      the same VMware ESXi host which also sits on VLAN 101 with a 10.1.x.x IP address.


      The location status screen tells me VLAN 11 is active, but VLAN 101 is inactive. Public devices receive a 10.11.x.x IP address, but the AD computers do not receive a 10.1.x.x IP address after passing RADIUS authentication, just a 169 IP address. Our DHCP is on the 10.1.x.x subnet.


      There is another location (vLoc-0- with a VLAN of 0) that appears as well. I delete this location since it is a duplicate of VLAN 101, but every time I reboot the WAP or apply a new configuration, it reappears, even though I have the WAP’s location set to VLAN 101. I know this happens when a WAP discovers a new subnet/VLAN, but my current vWLAN host and WAPs have been working with VLANs 101 and 11 and for almost 2 years with the same switch port configuration used by the vWLAN host and WAP.


      Does anyone have an idea as to why the vWLAN will not recognize VLAN 101?

        • Re: vWLAN VLAN Problem
          erik Employee

          Thanks, net11. It sounds like you have the VLANs configured properly on the switched network. So two things come to mind regarding what you are observing:


          1) Please be sure that the role that the "AD computers" authenticate into have an explicit allow statement for DHCP in the role policy - or something more encompassing. New in 2.2.1.x is the requirement to explicitly allow DHCP (or something more encompassing, like a rule that allows any traffic) in the role, whereas this was implicit in 2.1.


          2) The "vLoc" location is one that is automatically identified by the vWLAN by virtue of the fact that it is the native VLAN for at least one (and in your case, all) of the APs. As such, this "vLoc" location should be leveraged for the traffic flow in your role rather than defining a separate VLAN for VLAN ID 101. Allow that "vLoc" to reappear, as it should do every time an AP checks in, and then place traffic flow for the appropriate role into it.


          Please let me know if these suggestions help.