A network problem caused by default vlan case

The network is that three AccessPoint devices connect to switch in ports GE0/0/18, GE0/0/19 and GE1/0/19, and configure different VLANs, then connect these devices to firewall who will send through his own DHCP server IP address to APs. But when the customer connects a computer in any VLAN1 ports membership, the device receives an IP from DHCP server and this shouldn't happen.

Network topology:

None

Check the customer’s switch configuration, I find that all the interfaces which customer used have been configured as hybrid type and allow the VLANs which he wants, as following:

interface GigabitEthernet0/0/20
port link-type hybrid
port hybrid tagged vlan 22 to 24 52 to 54
port hybrid untagged vlan 21
 
interface GigabitEthernet1/0/20
port link-type hybrid
port hybrid tagged vlan 22 to 24 52 to 54
port hybrid untagged vlan 21

As the above configuration, these interfaces still allow the VLAN 1, because vlan 1 is the default vlan for all of interfaces, if you want to the interface doesn’t allow VLAN 1, you should delete it from vlan 1. The commands like below:

interface GigabitEthernet0/0/20
port link-type hybrid
undo port hybrid vlan 1    //Need to add this command under interface
port hybrid tagged vlan 22 to 24 52 to 54
port hybrid untagged vlan 21
 
interface GigabitEthernet1/0/20
port link-type hybrid
undo port hybrid vlan 1
port hybrid tagged vlan 22 to 24 52 to 54
port hybrid untagged vlan 21

After do the above change, the problem is resolved.

According to the following problem information,Seems like there are some wrong configuration on the swicth devices.

For the switch network, please pay attention to the default VLAN 1. For all interfaces, because it is default VALN, and there is no command under the interface, sometimes, it is possible to forget it.