Access Point & Switch Tagging Problem

[SFSRJSTW]

Hi all. I have an 8600 (v3.7.15) going out to various edge switches. I have port based VLans on my network. Normal wired traffic works just fine, however, I am having problem with wireless traffic, and it's only been since we implemented VLan tagging on the network.

The IP address for the access point is in a management vlan (1) while all wireless traffic is in a separate wireless vlan (13). Usually, there is no problem at all but occassionally, we are noticing outages where the end user is able to pull a valid IP address but that is it. All settings are correct, but they are not able to ping or browse anywhere on the network/internet. When checking affected laptops they will be send traffic but not receive. The edge switches have been Baystack 450’s & 470’s, ERS 2500’s, and BPS’s using Cisco 1200/1220/1240 and 3Com 8670 access points all running the latest firmware. The DHCP pool has been shifted and recreated, all devices have been restarted, and the vlan has been deleted and recreated on both the 8600 as well as edge switches. Typical edge switch port configuration would be AP switch port in VLan 1 and 13, default VLanID of 1, port set as a trunk port, filter ungregistered frames checked, discard untagged frames not checked.

If anyone has any ideas or thoughts I'd love to hear them. I'm starting to bang my head on the desk about this one.

 

[DaddyOfThree]

Hi SFSRJSTW!

As I'm sure you already know your going to need to roll up your sleeves on this problem. The problem you describe could be caused by quite a few different things. I'm assuming the Access Points are "fat" and not Access Ports meaning you don't have a wireless LAN switch or controller somewhere but are instead using a traditional think Access Point (every Access Point getting it's own IP address and holding its own configuration).

Let me just ask (or warn you) have you checked our Spanning-Tree configuration? Are you running Spanning-Tree throughout your entire network? Are you just running it on your edge switches? You should check when the problem occurs that Spanning-Tree is not in the blocking state on any ports.

If Spanning-Tree is not your problem you'll need to focus on the Layer 2 switching (the FDB table).

When the problem happens next time get the MAC address of a laptop that's not working properly. Start a constant ping to some server or other device in your core network. Look for that MAC address on the edge switch. You should confirm that the FDB table entry appears on the port associated with the correct Access Point. Then move back to your core ERS8600 and look for that same MAC address again. You should confirm that the FDB table entry appears on the port associated with the uplinks to the your edge switch and in the correct VLAN. Once you've confirmed that everything looks good with the Layer 2 networking make sure to check the Layer 3 and confirm that the ERS8600 ARP table has the proper IP/MAC address entry in the ARP table.

You could also try pinging devices that are on the same Layer 2 network as the laptop or other device while the problem is occuring, like the default gateway or another wireless device.

Good Luck!