Wondering if anyone has seen this before. I have ether2 of my hAP ac lite plugged into gi7 on my Cisco SG220. All the other ports on the hAP ac lite are unplugged.
My switchport config (Cisco SG220) looks like this:
interface gi7
switchport trunk native vlan 100
switchport trunk allowed vlan add 1-4094
switchport default-vlan tagged
spanning-tree portfast
no back-pressure
description "hAP AC Lite"
My hAP ac lite config looks like this:
/interface bridge
add admin-mac=64:D1:54:87:52:8E auto-mac=no comment=defconf name=bridge
/interface bridge port
add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether1
/interface bridge vlan
add bridge=bridge tagged=bridge vlan-ids=10
add bridge=bridge tagged=bridge vlan-ids=90
add bridge=bridge tagged=bridge,ether2 untagged=ether1,ether3,ether4,ether5 vlan-ids=100
add bridge=bridge tagged=bridge vlan-ids=102
add bridge=bridge untagged=bridge,ether2 vlan-ids=1
/interface vlan
add interface=bridge name=Vlan10 vlan-id=10
add interface=bridge name=Vlan90 vlan-id=90
add interface=bridge name=Vlan100 vlan-id=100
add interface=bridge loop-protect=on name=vlan1 vlan-id=1
add interface=bridge name=vlan102 vlan-id=102
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl certificate=my.crt_0 disabled=no
/ip address
add address=192.168.75.53/24 interface=Vlan100 network=192.168.75.0
add address=192.168.102.10/27 comment="CapsMan Traffic Only" interface=vlan102 network=192.168.102.0
I’d like to set the sg220 switchport back to native vlan tagged, however if I do that the routerboard (vlan 100 ip) is still pingable but services don’t work (ssh/ssl)
Anyone have ideas?
Am I doing something obviously wrong?