Page 1 of 1

Virtual AP and VLAN

Posted: Thu Feb 26, 2015 5:39 am
by azurtem
Hi

I set up four RB912 and a central RB2011 (which is the default gateway, connected to the Internet)
On each router I setup a virtual AP in order to have two SSIDs per router WifiA and WifiB
I created two VLANs, Vlan10 and Vlan11 - on interface ether1 for the RB912, and on localbridge for RB2011
I created two bridges, BriA for (WifiA + Vlan10), and BriB for (WifiB + Vlan11)
I assigned an IP address to each bridge (localbridge for the RB2011 LAN, BriA and BriB)

Access to and through WifiA works great

With WifiB however access to and through doesn't work (no pinging whatsoever) between the RB912s or between the RB912s and the RB2011

After reviewing the various parameters I came across the bridge STP setting
On BriA, this was set to none, while on BriB and Localbridge it was set to RSTP

I consequently set BriB's STP setting to none and traffic began to flow unhindered.
I'm not sure how that setting came to be altered for BriA, but all seems to be well now

Any thoughts ?

thanks
yann

Re: Virtual AP and VLAN

Posted: Thu Feb 26, 2015 7:20 am
by ZeroByte
It definitely sounds like you did it correctly for what you're doing.
So the APs are connected with Ethernet and not Wireless / WDS, right?

Things to look for:
Forwarding states on the interfaces when STP is enabled.
Identity and location of root bridge (should be the 2011 - adjust priorities if needed, lower number = higher priority)
I would say sniff packets on the physical ethernet interfaces to make sure the dot1Q tags are right, but if disabling STP makes everything work like it should, then it likely isn't a problem there.

Also interesting: If you're trying to enforce client isolation, you can use split horizon on the bridge on the 2011 to keep clients from AP1 seeing clients on the other 3 APs. (set all 4 vlan subinterfaces and virtualAP on the bridge to the same horizon number)

Re: Virtual AP and VLAN

Posted: Thu Feb 26, 2015 9:29 am
by azurtem
It definitely sounds like you did it correctly for what you're doing.
So the APs are connected with Ethernet and not Wireless / WDS, right?

Things to look for:
Forwarding states on the interfaces when STP is enabled.
Identity and location of root bridge (should be the 2011 - adjust priorities if needed, lower number = higher priority)
I would say sniff packets on the physical ethernet interfaces to make sure the dot1Q tags are right, but if disabling STP makes everything work like it should, then it likely isn't a problem there.

Also interesting: If you're trying to enforce client isolation, you can use split horizon on the bridge on the 2011 to keep clients from AP1 seeing clients on the other 3 APs. (set all 4 vlan subinterfaces and virtualAP on the bridge to the same horizon number)
Thanks ZeroByte
Yes, all APs are linked using Ethernet cabling
I hadn't looked at that aspect yet, client isolation, but will do, thanks

yann

Re: Virtual AP and VLAN

Posted: Thu Feb 26, 2015 2:58 pm
by ZeroByte
Thanks ZeroByte
Yes, all APs are linked using Ethernet cabling
I hadn't looked at that aspect yet, client isolation, but will do, thanks

yann
Client isolation is definitely an optional thing - but good in a "public WiFi" scenario. Of course, the first thing your users will want to do is set up printers on the WLAN and Chromecast.... :?