Wifi – Ruckus wireless AP and Dell PowerConnect configuration problems

dell-powerconnectnetworkingvlanwifi

We are working on trying to get some Ruckus Access Points to work correctly on our network. Currently our network is as follows:

VLAN 10 – Servers
VLAN 11 – Computers/DHCP
VLAN 12 – Voice
VLAN 13 – Guest
We use Dell PowerConnect 6248P switches for our switches.

Port settings are as follows:
ZoneDirector 1100 is plugged into this port. Should be accessing the server VLAN and then allowing all other traffic.

interface ethernet 1/g2
classofservice trust ip-dscp
description 'Ruckus ZoneDirector 1100'
switchport mode general
switchport general pvid 10
switchport general allowed vlan add 10
switchport general allowed vlan add 11-13 tagged
exit

Access point is plugged into this port. The port has to be on VLAN 11 in order to get DHCP.

interface ethernet 1/g16
classofservice trust ip-dscp
description 'Ruckus – IT'
switchport mode general
switchport general pvid 11
switchport general allowed vlan add 10-12
switchport general allowed vlan add 13 tagged
exit

If we tag the traffic from the SSID as VLAN 11 data fails. If we leave the SSID tagged as 1 the data flows correctly.

Are there problems with passing tagged traffic to untagged ports? We are looking to see what we can do to get the SSID tagged as 11 instead of 1.

Any suggestions?

Best Answer

This appears to be behaving as expected.

Your access point (unless configured otherwise) is talking to the controller / network with untagged frames (traffic that isn't associated with any particular VLAN). In this case, it's talking on VLAN 11 (the configured PVID on it's port).

As the traffic from the AP is getting pushed onto VLAN 11 (and will be tagged with this VLAN when it egresses the switch), devices on that VLAN will be able to receive it, but only if their port is either untagged on VLAN 11 (has a PVID of 11) or is carrying tagged traffic for VLAN 11 and the client is configured to look for tagged traffic.

The controller is on a port that is configured to carry tagged traffic for VLAN 11, so will drr traffic from the VLAN. If the two are talking as you report, it suggests the controller has an interface which is associated with VLAN 11 and listens to the tagged traffic arriving on that port.

The reason it breaks when you switch port g16 to be tagged for VLAN 11 is that the access point isn't tagging it's traffic, so the switch won't egress it to a specific VLAN.

Related Solutions

Switch – Configure LAG group for specific ports on Dell PowerConnect 5424 switches

You certainly don't show any mac-learning across either side of the LAG, which indicates to me that there is something more basic wrong.

Start by ensuring that your ethernet interfaces participating in the LAG are up on both sides
Ensure that you have the same LAG configuration on both sides (easiest is usually auto). Then ensure that LACP has brought the LAG virtual interface up
Ensure your vlan trunking parameters are the same on both sides
Ensure that spanning-tree is not blocking the LAG due to another redundant link between the switches. If there is a redundant link, shut that down too.

Failing that, remove the LAG configuration from both sides and shutdown all but one ethernet link between the switches. Try to get connectivity working like that. Once you have this working, add the LAG configuration and duplicate the config that worked on the single ethernet link into the LAG ports.

Cisco – Configuring trunk interface in Cisco 3750 switch to allow multiple Vlans connected with Ubuntu servers having a single NIC (sub-interfaced)

Absolutely you can. You're looking for 802.1q tagging, which is the underpinning of multiple VLANs on a switch.

Configure your server-facing ports like this...

interface GigabitEthernet0/1
 ! tell the switch to encapsulate frames with dot1q on this trunk port
 switchport trunk encapsulation dot1q
 ! make this a trunk port unconditionally
 switchport mode trunk
 ! allow VLANs 220, 221, and 223 to be sent on this port
 switchport trunk allowed vlan 220,221,223
 ! send vlan 221 frames untagged
 ! you could omit this command, but you'll need to move your eth0 config to a subinterface as well
 switchport trunk native vlan 221
 ! this is an end-device, and doesn't need to be treated like a switch for spanning-tree
 spanning-tree portfast trunk
 ! remove the (ignored) access vlan setting, as this is now a trunk
 no switchport access vlan

On your Ubuntu server you'll need to configure the subinterfaces to be associated to each appropriate VLAN. This can be done manually like this ...

# create a new subinterface tied to dot1q vlan 221
ip link add link eth0 name eth0.221 type vlan id 221
# change the MTU to allow for the inserted dot1q tag (4 bytes)
ifconfig eth0 mtu 1504
# bring the new interface up
ifconfig eth0.221 up

Now you can associate the correct IP address to new interface eth0.221, along with the appropriate default gateway and subnet mask.

If this doesn't work for you, please include a pastebin link to your switch config as well as the output of "ip -d link show" on your Ubuntu server.

Hope this helps!

Best Answer

Related Solutions

Switch – Configure LAG group for specific ports on Dell PowerConnect 5424 switches

Cisco – Configuring trunk interface in Cisco 3750 switch to allow multiple Vlans connected with Ubuntu servers having a single NIC (sub-interfaced)

Related Topic