[Ques] Mobile Port

[dadadum]

Hi, Im quite new to omniswitch and have to set up 2 VLANS on the Same port.

Port 1/13 = Firewall and DHCP for VLAN 7 and 8 and the default (1)
Port 1/23 = Accesspoint with 2 SSIDS depending on the SSID = VLAN 7 or 8
Port 1/24 = Accesspoint with 2 SSIDS depending on the SSID = VLAN 7 or 8

So naturaly i set all involved ports to mobile ports and created an ip based rule for each vlan.
When WLAN clients sign on, port 1/23 and 1/24 start switching between vlans 7 and 8 (according to the webmanagement)

But port 1/13 remains on VLAN 1 and clients therefore have no connection to the router.


Here my terminal output:

Code: Select all

-> write terminal
! Stack Manager :
! Chassis :
system name vxTarget
system timezone CET
! Configuration:
! VLAN :
vlan 1 enable name "VLAN 1"
vlan 1 mobile-tag enable
vlan 7 1x1 stp disable flat stp disable name "VLAN 7"
vlan 7 mobile-tag enable
vlan 8 1x1 stp disable flat stp disable name "VLAN 8"
vlan 8 mobile-tag enable
vlan 8 port default 1/22
vlan port mobile 1/13 bpdu ignore enable
vlan port mobile 1/23 bpdu ignore enable
vlan port mobile 1/24 bpdu ignore enable
vlan 1 ip 10.10.10.0 255.255.255.0
vlan 7 ip 10.10.50.0 255.255.255.0
vlan 8 ip 10.10.60.0 255.255.255.0
! VLAN SL:
! IP :
ip service all
ip interface "VLAN_1" ifindex 2
ip interface "vlan_1" address 10.10.10.80 mask 255.255.255.0 vlan 1 ifindex 3
! IPX :
! IPMS :
ip multicast status enable
ip multicast querying enable
ip multicast spoofing enable
ip multicast zapping enable
ip multicast proxying enable
ip multicast querier-forwarding enable
ip multicast flood-unknown enable
ip multicast helper-address 10.10.10.13
ip multicast vlan 2 status disable
ip multicast vlan 2 querying disable
ip multicast vlan 2 spoofing disable
ip multicast vlan 2 zapping disable
ip multicast vlan 2 version 2
ip multicast vlan 2 robustness 2
ip multicast vlan 2 query-interval 125
ip multicast vlan 2 query-response-interval 100
ip multicast vlan 2 last-member-query-interval 10
ip multicast vlan 2 router-timeout 90
ip multicast vlan 2 source-timeout 30
ip multicast vlan 2 proxying disable
ip multicast vlan 2 unsolicited-report-interval 10
ip multicast vlan 2 querier-forwarding disable
! AAA :
aaa authentication default "local"
aaa authentication console "local"
aaa authentication http "local"
! PARTM :
! AVLAN :
avlan 1 auth-ip 10.10.11.175
! 802.1x :
! QOS :
! Policy manager :
! Session manager :
! SNMP :
! RIP :
! OSPF :
! BFD-STD :
! ISIS :
! IPv6 :
! IPSec :
! IP multicast :
ip static-route 0.0.0.0/0 gateway 10.10.10.1 metric 65534
! RIPng :
! OSPF3 :
! BGP :
! Health monitor :
! Interface :
! Udld :
! Link Aggregate :
! Port Mapping :
! VLAN AGG:
! 802.1Q :
! Spanning tree :
bridge mode 1x1
! Bridging :
! Bridging :
! Port mirroring :
! UDP Relay :
ip helper per-vlan only
ip helper forward delay 0
ip helper maximum hops 5
ip helper pxe-support enable
ip helper agent-information policy replace
! Server load balance :
! System service :
swlog console level info
debug fscollect enable
! SSH :
! Web :
! AMAP :
! LLDP :
! Lan  Power :
! NTP :
! RDP :
! VLAN STACKING:
! Ethernet-OAM :
! EFM-OAM :
! ERP :
! SAA :
! DHCP Server :

Im pretty lost and thankfull for any sort of explaination or hint.
thx
dadadum

[cedric1]

hello

Rules are applied to traffic incoming or ingressing interface.
Traffic going to your firewall is outgoing traffic, so there is no mobile rule trying to apply something.

Make I design of flow it will be lcear for you.

Cedric

[jlettinck]

Hi Dadadum,

I am not sure if I understand your setup. What kind of wlan system are you using? Is it a system where the accesspoint gives out vlan tags at the ethernet port?
If so then the ethernet port of the switch just needs to be qtagged.

vlan 7 802.1q 1/23
vlan 8 802.1q 1/23
vlan 7 802.1q 1/24
vlan 8 802.1q 1/24

Your router would be set to vlan tagging on its port as well including the untagged traffic.
The same rules as above would apply.

If you are using an OmniAccess wlan system from Alcatel-Lucent, then the accesspoints will make a tunnel to the controller where the vlan tagging is done on the ethernet ports of the controller connected to the central switch.

Would you be able to present us with more details regarding the equipment you are using?
- Type of wlan system
- Little drawing of your setup?

Best regards,
Jeroen