2

So we have been fighting this issue for well over a year. It's been so long that I am having to relearn the configuration today. Here's the situation. We're running several D-Link DAP-2590's with multiple SSID's. There is an employee VLAN (10) and a guest VLAN (20). The employee VLAN has access to the internal office stuff and is unrestricted. The guest is limited on what they can do, speed, time, etc. All of this is managed in another part of the network and works fine. So here is the real issue... The D-Link AP web interface is very confusing and it seems no one online knows how to use it, or has a solution to how to use it. The user manual is total crap. It basically explains how to configure VLANs in one short sentence "Check the radio buttons to configure VLANs".... yeah thanks.

Also, D-Links support is even worse than their manual. They are clueless. It's like talking to a bunch of freaking monkeys! I have been through all three tiers of support probably 5 times over the last year or so trying to figure this out. I can get the access point configured so the employee and guest network run properly but I cannot get the management VLAN to work. For the past year, the procedure has been to configure the AP and pray I didnt miss anything because as soon as you apply, you can plug it into the trunk link and it will work, but you loose management connectivity. This is obviously not acceptable. I'm not above admitting that this may be my issue (conceptual misunderstanding). Ok here is the ideal configuration. Tell me if you see an issue with this:

VLAN 1 = Default
VLAN 10 = Employee (This is also where we want to manage AP's from)
VLAN 20 = Guest
VLAN 99 = Management & Native for trunk links

On our managed switch I will create a trunk link that trunks VLANs 1,10,20,99 to the APs and the trunk link will have its native VLAN set to 99. Ideally, we want to be able to manage the AP over the Employee VLAN, but I included the management vlan (99) in case thats not possible. Yes I know typically you should always use a management vlan, but in this case, its just easier to manage it directly over the employee vlan.

Here is a link to all the screen shots.

http://host.atomiklan.com/FORUMS/DAP2590/index.html

Can someone make suggestions or show me what im doing wrong here.

Also if it helps, here is the manual. Page 33 - 36 is on VLAN configuration.

http://www.dlink.com/-/media/Business_Products/DAP/DAP%202590/Manual/DAP%202590_Manual_v120_EN_US.pdf

Atomiklan
  • 539
  • 7
  • 16
  • "VLAN 99 = Native (For trunk links" -- that doesn't quite make sense. "Native" and "VLAN" are opposites, Native implying untagged frames and VLAN implying tagged with a vlan number. – Chris S Jul 22 '13 at 00:18
  • Yes true, but in Cisco world it is noted as the "Native VLAN", but you are correct. The native VLAN is for untagged traffic across the trunk links. I updated my question above. – Atomiklan Jul 22 '13 at 23:43
  • I also had some typos in there. The management vlan was supposed to be vlan 99. Native vlan and default vlan is set to 1 like always. – Atomiklan Jul 22 '13 at 23:48
  • I retract that statement. I just confirmed in my CCNP books. Cisco recommends the native vlan for trunk links to be set to something other than default (1). Cisco typically uses VLAN 99 for management and in the same examples they set the native VLAN for trunk links to 99 as well. I knew I had remembered that from somewhere. – Atomiklan Jul 22 '13 at 23:57
  • On our Netgear ProSafe hardware, you have to configure the Management VLAN in the setup for the primary IP of the device. On some hardware, setting it to "0" allows management from any VLAN with and exposed IP on the VLAN. Otherwise, it will only let you control the device from the VLAN that 1) allows management 2) from a port/vlan routing interface exposed on the same VLAN. I've basically done the same thing as you mentioned above more than a few times only to have to wipe the hardware and reload. I'd bet somewhere in there you change it from VLAN 1 to VLAN 99 (and change the IP to match) – MikeAWood Jul 22 '13 at 23:57
  • 1
    If you've been fighting this for a year, I'm going to assume that some of that is sysadmin time, which is expensive. You should've sold the crappy APs on eBay, and bought Meraki, or something with a level of enterprise-support, and be done with it. – Tom O'Connor Jul 23 '13 at 00:22
  • 2
    We had crappy WiFi with problems. People complained all the time. I calculated how much it cost us to discuss the problems during one manager meeting, the next day I got a budget and ordered a system that's both professional and overkill. Not a single moment spent on WiFi since. – Chris S Jul 23 '13 at 02:32
  • Yeah Tom I agree, unfortunately not all clients can afford Meraki but require WiFi. – Atomiklan Jul 29 '13 at 08:02
  • Thank you Mike. I finally figured it out. Its a very weird configuration. It makes total sense now, but the steps are not obvious. The issue was linked to the PVID default settings tied to the "management" interface of the AP. Once that was changed as you pointed to, everything is now resolved. Thank you very much! – Atomiklan Jul 29 '13 at 08:04

1 Answers1

1

Thank you Mike. I finally figured it out. Its a very weird configuration. It makes total sense now, but the steps are not obvious. The issue was linked to the PVID default settings tied to the "management" interface of the AP. Once that was changed as you pointed to, everything is now resolved. Thank you very much!

Details for anyone who follows in my footsteps. Be sure to disable auto PVID configuration and set the "management" VLAN PVID to the VLAN ID you intend to use for management purposes. This includes just piggy backing management over another VLAN, for example the employee VLAN.

Atomiklan
  • 539
  • 7
  • 16