• September 21, 2020, 01:09:10 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: WLAN to VLAN tunneling issue  (Read 7063 times)

0 Members and 1 Guest are viewing this topic.

Offline geovane

  • Rookie
  • **
  • Posts: 8
WLAN to VLAN tunneling issue
« on: September 23, 2015, 03:16:11 PM »
Hi,
We have 2 RFS7000 controllers in cluster and many AP6522.
We have a central site and RF domain, where is the datacenter and internet link. We also have many others remote sites and RF-domains linked by MPLS links with datacenter.
In the Wlan topology, we have 3 VLANs/Subnets: 01 (corporative LAN), 26 -Employees BYOD, 28 -GUEST).
Vlans 26 and 28 are managed by PFSense UTM/GW/Firewall open source solution. There is no contact between corporative LAN and others networks.
In central site all 6522 aps data traffic is  bridged to respective VLANs.
In remote sites, data traffic is tunneled by MINT tunnel to controllers placed in datacenter into same VLANs 26 and 28. Lan traffic is bridged to VLAN 01.
Despite this setting is working for my, Zebra support team says that is not a valid configuration because this recommendation:

"1.13 Wireless LANs

Important: When mapping VLANs to Wireless LANs make sure that same VLAN is not configured for a tunneled and locally bridged WLAN. This is not a valid configuration. A VLANís bridging mode can either be tunnel or locally bridged but not both." Wing 5.x Best Practices/Recomendations V 5.7-2

Has someone faced problem with similar config?

Thanks,

Geovane



Offline McNulty

  • Sr. Member
  • ****
  • Posts: 217
Re: WLAN to VLAN tunneling issue
« Reply #1 on: September 29, 2015, 12:13:48 AM »
How is the tunneling done from remote branch? Via a different WLAN with same SSID and 'tunnel' selected?

If so, you could change this to 'local' bridging (actually just use the same WLAN from central site), and utilize Bridge VLANs to tunnel this back to RFS7000

Offline geovane

  • Rookie
  • **
  • Posts: 8
Re: WLAN to VLAN tunneling issue
« Reply #2 on: September 29, 2015, 11:32:23 AM »
How is the tunneling done from remote branch? Via a different WLAN with same SSID and 'tunnel' selected?

If so, you could change this to 'local' bridging (actually just use the same WLAN from central site), and utilize Bridge VLANs to tunnel this back to RFS7000

Hi McNulty,

Thanks for the post.

"How is the tunneling done from remote branch? Via a different WLAN with same SSID and 'tunnel' selected?"

Exactly! As the example:

Remote branch:
Wlan "MP-Internet-Tunnel" SSID: "MP-Internet" Bridging Mode: "Tunnel" VLAN ID: "26"

Central site:
Wlan "MP-Internet" SSID: "MP-Internet" Bridging Mode: "Local" VLAN ID: "26"

From VLAN 26, in the central site, the BYOD traffic goes to internet by the PFSense GW.

I don't understand what is the technical issue with this configuration.


"If so, you could change this to 'local' bridging (actually just use the same WLAN from central site), and utilize Bridge VLANs to tunnel this back to RFS7000"

I don't know how do that work, because in the remote branch I dont have local VLAN 26 configured on switches and my MPLS link has not layer 2 tunneling service. So, I was using the "tunnel bridging mode" to do the job.

Thanks
« Last Edit: September 29, 2015, 12:17:40 PM by geovane »

Offline McNulty

  • Sr. Member
  • ****
  • Posts: 217
Re: WLAN to VLAN tunneling issue
« Reply #3 on: September 30, 2015, 12:10:57 AM »
Bridge VLAN means you don't need it to exist on the remote branch LAN. WiNG OS will tunnel this for you over MiNT. Bridge VLANs can be a little tricky to understand but after you have set one up you will see it is quite easy.

Offline geovane

  • Rookie
  • **
  • Posts: 8
Re: WLAN to VLAN tunneling issue
« Reply #4 on: September 30, 2015, 02:17:54 PM »
Bridge VLAN means you don't need it to exist on the remote branch LAN. WiNG OS will tunnel this for you over MiNT. Bridge VLANs can be a little tricky to understand but after you have set one up you will see it is quite easy.

Hi McNulty,

Thanks for the answer.

The tunneling concept is clear, but the Wing implementation seems a little confuse. I was researching today about "bridge VLAN" in the Wing 5 documentation. I not found a clear "how to". If you know a documentation, I will appreciate the recommendation.

Looking the Wing 5 System Reference Guide, I guess is necessary to configure a "Bridge Vlan 26" at remote branch access points profiles. This will be the remote gate of tunnel, maybe created by RF Domain Manager for the site.

My question is if is necessary to create the same "Bridge VLAN 26" at RFS7000 controller profile or the other side of tunnel will be automatically the "local VLAN 26" configured on "ge1" ethernet trunk port.

Thanks a lot

Offline McNulty

  • Sr. Member
  • ****
  • Posts: 217
Re: WLAN to VLAN tunneling issue
« Reply #5 on: October 01, 2015, 12:42:56 AM »
Yes you require the Bridge VLAN on both devices.

Offline geovane

  • Rookie
  • **
  • Posts: 8
Re: WLAN to VLAN tunneling issue
« Reply #6 on: October 23, 2015, 02:49:04 PM »
Yes you require the Bridge VLAN on both devices.


Hi McNulty,

I would like to do more one question:
What is exactly the technical difference between the tunnel established by a "bridge VLAN" (Device, Network, Bridge VLAN, menu config) and the "Bridging Mode: Tunnel" one (Wlan, Basic Config, menu).

Thanks.