1

So I replaced my Cisco AP’s with Ubiquiti AP’s. I have 5 AP’s on 5 different switches. Each switch has multiple VLANs. The port of each is configured as follows:

interface GigabitEthernet5/21
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast

The native VLAN varies depending on the switch.

In each AP I have 2 SSID’s. One is hidden and has the native VLAN assigned. The other is public and has a different VLAN. I configured this in each device under Device>Configuration>WLANS>Actions.

The problem I am having is that I am only able to pick up the IP address of the native VLAN even when I connect to the other VLAN, I still an IP from the other VLAN.

WTF?

3 Spice ups
2

I have it set up much the same way except I use the native VLAN for provisioning the APs (e.g. they lease an IP address) and management of the Cloud Key only. All of our various SSIDs are using a non-native VLAN assignment that is specified for each SSID. I suggest you might want to consider trying it that way, e.g. don’t use the native VLAN on the trunk for client data on any SSID.

That has the advantage that the IP address of the APs (or the Cloud Key) aren’t necessarily reachable from the networks the clients are using (management IPs easily isolated with an ACL).

Your “problem” seems to me to be caused where you say “The native VLAN varies depending on the switch”, that’s just wrong, it should be configured the same on all switches.

1 Spice up
3

If your using the Native VLAN for the hidden network, that VLAN number can not change. You can’t use Native VLAN 10 on one switch and Native VLAN 5 on another and then assign the “hidden” network to Vlan 10 then expect it to work on the switch with native VLAN 5. Also what are you using for DHCP?

2 Spice ups
4

I am using a Microsoft DHCP server.

If the native VLAN is 5 then the hidden network is assigned VLAN 5. If it is 10 then the hidden is assigned 10.

5

So you are saying assign the AP an IP address in say VLAN 5. Make the native VLAN of the port VLAN 5 but assign the 2 SSID’s completely different VLANS, like 6 and 7?

1 Spice up
6

Yes, so every SSID would specify a VLAN. Your “problem” is that you can’t assign the native VLAN like you are trying to and you have inconsistency across switches. Doing it the way I suggest will force you to straighten it out and have it consistent everywhere.

1 Spice up
7

I have all my switches connected via OSPF. I can’t have the same VLAN on multiple switches using OSPF.

8

Oh, that didn;t work. I am still getting the IP of the native VLAN.

9

You shouldn’t need the native vlan setting.

Our Ubiquiti AP ports are configured as

switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,98-100 (not needed, but we limit our AP’s to only pass traffic for their required vlans.)
switchport mode trunk
spanning-tree portfast

With our setup, the AP itself gets an IP on VLan 1 (the default vlan). The AP’s then have 3 other SSID’s setup with different vlans for each, one on 98, another on 99, and one on 100.

The switch is then trunked back to our core switch (the default gateway) which has all of the vlans configured with helper addresses to the DHCP server.

What are you using as your core? Do you have vlans setup now for other things?

10

When I remove “switchport trunk native vlan” I loose communication with the AP.

I have a 4507 as the “core”. I have 14 3750’s connected with fiber. I am using OSPF to connect the switches to the 4507. The VLANs are configured on each switch. To my knowledge, using OSPF, you have to configure the VLAN on each switch. Am I wrong?

11

OSPF is a layer-3 routing protocol. VLANs are by their very nature layer-2. Nothing “requires” your VLANs to be configured in an inconsistent manner.

Yes, because they then are on VLAN 1 and you are not.

1 Spice up
12

Not sure what you mean by this exactly. What do you mean configured?