GWN7630 - Vlan tagging issues FW 1.0.15.20

Good afternoon,

I have opened a ticket on this but thought I would ask here as well. I have a client that I have just replaced their Cisco AP infrastructure with GWN7630. There are 6 AP all serving up the same SSIDs.

I have replicated the Vlan IDs and the SSIDs from their Cisco deployment.

VLANS:

default = 1 (the APS are on this )

Staff = 2
guest=3
students =4

when a client connect to any of the SSIDs they get the proper IP address from the windows DHCP Server. so I know that the Tags and routing is working ( and it should as it has not been changed )

but when the user starts to work on the wireless their traffic gets blocked by the firewall when it arrives with no Vlan Tag on the traffic. I have done a packet capture at the firewall and data is showing on the default LAN without a Tag. since some of the traffic arrives with tags ( to get the initial IP address it had to ) then it stops working. it would suggest that it is either not being applied at the AP on a consistent basis or it’s being dripped at the switch. since it was working with the Cisco APs I don;t think that is the issue.

Definitely sounds like the vlan tag is not honoured after the ip has been offered for the vlan tag.

I am just testing on my 7600 and 7610 using the same firmware to see if i can duplicate the issue.

Okay, my situation is a little different… same result though and I suspect the following is true:

The VLan tagging has to be honoured at the device level…ergo the AP’s are only VLan pass through mode and not maintaining it.

Scott,

Thank you for your input…

The APs are the ones originating the Vlan and setting the tag. they would be expected to pass that Vlan Tag along with all traffic that is sent down the network cable… The Device (laptop) has no awareness of any tagging - only an IP Address.

I was expecting the wifi to follow :
router with default ip range and dhcp offered - eg

Default
router / gateway. = 192.168.1.1
router dhcp = 192.168.1.2-192.168.1.254

vlan 100
router / gateway = 192.168.2.1
router dhcp = 192.168.2.2-192.168.2.254

wifi 7610 master
ethernet = dhcp
ssid1 = untagged traffic - 192.168.1.0/24 passed through
ssid2 = vlan100 - tagged traffic - 192.168.2.0/24 expected - no ip passed from router to ssid

added ssid2 = dhcp server
192.168.2.3 - 192.168.2.254
gateway - 192.168.2.1 (router vlan100 ip)
ssid2 static ip - 192.168.2.2

ip then offered to device connecting to ssid2

router cant find 192.168.2.2-254 devices

ssid2 device no internet - ssid2 not routing traffic over to 192.168.2.1

EDIT

Forgot to verify the switch and then I was able to receive an ip address as requested with IP pingable from router and vice versa with internet connectivity through.

Scott,

What switches are you using? and where is your DHCP Server? is it the APs, rotuer, or a server based DHCP?

have you configured your Switch ports to carry the tagged VLANs as well as the Untagged traffic for the Default Vlan?

I use Mikrotik routers for that resource. So it provides the VLan taggiung as necessary… I have mid range managed switch for it but that I hadnt thought was coming into play - good point though ill address it and see - my late night early morning testing was not facilitated by alchohol which might be the issue for clarity

Okay I did go into the switch today and added the other vlan to which everything is gaining access to the internet and seperated as it should be.

Perhaps check your configuration of the WiFi units maybe there is an error… My router --> switch --> wifi AP’s all are supporting the Vlan.

I have had my test units one voice the other a laptop using the seperated vlan with no issue noted yet…

Hi kmb

Were you able to get a resolution ?

I am having a similar issue. Only SSIDs that has a vlan id enabled are facing an issue where the traffic gets blocked.

Using GWN7615 on 1.0.15.18

if you want you can try the fw beta 1.0.19.9

Upgraded the WAPs on 1.0.19.9 aswell. same issue experienced on the new FW version.

Update on the Environment:
Router - Cisco ASA
Switches - Ubiquiti EdgeSwitches

We tried a different switch and were not able to re create the issue. So i think this is more of an issue between GWN7615 and Ubiquiti switches.

There´s no problem with GWN76xx access points and VLANs. Double check your switch configuration, i.e. check the tagging on your switches and/or the router. Export your configuration and post the switchport configuration, here.

@krisb is right. VLANs work. Check switch configuration.

Hello Everyone. Thanks for the reply

Switch configuration is good. The SSIDs are getting the correct IP from the respective vlans.
Internet works aswell but it’s crawling. You will have to refresh a page several times to load.

We had ruckus WAPs that worked perfectly fine before the swap. So I am pretty sure the switch is fine.

@damiano70 - a ticket was created. Help desk did confirm a possible issue with ubnt switches and the WAPs I am yet to get a resolution from them

ok I have gotten a chance to get back to do some additional testing. The Vlan tag is arriving at the HP Switch on a port that is configured for both tagged and untagged traffic it is then going to the up-link port to the firewall again the up-link port is configured to handle both tagged and untagged traffic. it is a this point that the tags are some times missing. So in my case it appears that the issue is an older HP 8 port POE switch that is mishandling the traffic. I have tested with a Dell N2024P switch and we do not see the error any further. Although I did not test, I am working on the assumption that the switch just could not handle the additional traffic after the upgrade to the GWN APs. the switch was almost 18 years old.

Retirement and purchase time impending…

When a brand name isnt really that important… ive used the Netgear smart managed poe switches for deployments purely and simply because they work…

Do a google for Netgear Standalone Smart Managed Pro Switch - should take you to the right place then pick a model and see what it costs against your budget.

I have been using a JGS524PE Netgear switch for a few years without issue and it caters for VLan tagged traffic very well - no issues noted ruinning powering 2 x GS 7600 series WiFi units and VLan traffic passes without issue.

We use:

RB3011UiAS Mikrotik router - VLan tagged accross nics on the bridges with DHCP running for each VLan Bridge
Netgear JGS524PE POE Switch for connectivity and some of our areas required dumb POE switches - still passes traffic accordingly.
Grandstream GDS7600 - WiFi - Slave - one are of the premises - uptime 21 days - rebooted POE switch feeding that area.
Grandstream GDS7610 - WiFi - Master - other area of the premises - uptime since last reboot 197 days
Grandstream - UCM 6202 - PBX
Grandstream - GDS3710 - Door Phone
Grandstream GXP2130/2140/WP810/DP750 - mix of handsets
Grandstream HT814 - FXS gateway
and a myriad of other equipment untagged and Vlan tagged with QOS

With the right devices and network backbone - Grandstream products will work correctly and do what they are meant to do.

GWN7610

i knew i should have put my glasses on

Switch replaced and after a short while Packet Captures are continuing to show a loss of Tags on about 1% or packets sent from the Client. Went back to my test network and I tested here - and saw the same issue - the only change from when I did my testing earlier - was I was using an older version of the AP and that was no longer available so I had to unpack a new unit - performed the FW upgrade and tested - got the same issue - tried again with an Aruba AP and no tagging issue. Started to look at reverting the FM a few generations and noticed that a Beta Version was released on 11/23 and one of the things that seems to have been fixed - dropped VLAN Tags … AMAZING! Downloaded and upgraded my Test unit - running traffic for the last hour and not one tag missing. I will continue to run overnight.