Common VLAN Configuration Error Cases and Handling Suggestions
APs Cannot Go Online After a Management VLAN Is Configured
Fault Symptom
The management VLAN is incorrectly configured, causing APs' failures to go online.
Procedure
By default, management packets of APs are untagged, and the access switch directly connected to the APs tags VLAN IDs on the management packets. After the management-vlan vlan-id command is executed, the management and control packets sent from APs to the AC contain the management VLAN tag. You can use this command based on the networking. This configuration takes effect only after an AP is restarted.
Error-prone configuration: A management VLAN is incorrectly configured, causing disconnection of intermediate networks.
- Check whether the management VLAN is configured and whether the AP restart reason can be found in the log (Reboot for AP management VLAN change).
WLAN/3/AP_NORMAL_TO_FAULT(l)[5415014]:AP changed from normal to fault. (MAC=[d0.d0.4b.ac.f7.e0 (hex)], ApID=18, Sysname=XXX-2-AP-x, Reason=Reboot for AP management VLAN change)?
- Check whether access switches can learn the MAC address of the AP.
- Create the VLAN on the access switches and add the VLAN to the allowed list on the specified interfaces, so that the switches can learn the MAC address of the AP.
Suggestion:
- Modify the management VLAN and add the VLAN to the allowed list on the AC and access switches. In this manner, APs can communicate with the AP through the modified management VLAN.
- Configure VLAN mapping on the access switches to replace the original management VLAN with the correct VLAN.
- Delete the management VLAN configured on the AC.
- Create the correct management VLAN and configure VLAN mapping on the interface of the access switch. (If multiple interfaces are involved, run the interface range command and then configure the VLAN and VLAN mapping.)
# interface GigabitEthernet0/0/1 qinq vlan-translation enable port vlan-mapping vlan 400 map-vlan 1100
The Network Is Disconnected After STAs Roam at Layer 3
Fault Symptom
The network is disconnected after STAs roam at Layer 3.
Procedure
- Check the service VLAN configuration on the AC.
Error-prone configuration: Service VLANs are not created or not added to the allowed list, causing network disconnection after STAs roam at Layer 3.
Suggestion: Create the service VLANs and add them to the allowed list on the AC and intermediate switches.
All STAs Associated with an AP Cannot Obtain IP Addresses Automatically in DHCP Mode
Fault Symptom
All STAs associated with an AP cannot obtain IP addresses automatically in DHCP mode.
Procedure
- Check whether the undo dhcp trust port command is configured.
Error-prone configuration: The undo dhcp trust port command is configured in the AP wired port profile, causing STAs' failures to obtain IP addresses.
[AC6605-wlan-view] wired-port-profile name p1 [AC6605-wlan-wired-port-p1] undo dhcp trust port
Suggestion: Configure the dhcp trust port command.
- Check whether VLANs are created and added to the allowed list on intermediate networks.
- Direct forwarding
- Check whether service VLANs are created on the AC and intermediate devices.
- Check whether VLANs are in the allowed list of the AC and intermediate devices.
- Tunnel forwarding
Check whether service VLANs are created and added to the allowed list on the AC.
Error-prone configuration: Service VLANs are not created or not added to the allowed list on the AC, causing disconnection of intermediate networks.
Suggestion: Create service VLANs and add them to the allowed list on the AC.
- Direct forwarding
Authentication Fails When the AC Does Not Have a Dynamic VLAN Created
Fault Symptom
A dynamic VLAN is created on the authentication server, but the same VLAN is not created on the AC. As a result, authentication fails.
Procedure
- Check whether the dynamic VLAN is created on the AC.
Error-prone configuration: The AC does not have a dynamic VLAN created.
Suggestion: Create the corresponding VLAN on the AC.