Problem Implementing Wifi SSID VLANs on EAP245 v3 and EAP 110 Outdoor V3/V1
Problem Implementing Wifi SSID VLANs on EAP245 v3 and EAP 110 Outdoor V3/V1
SHORT DESCRIPTION
==================
We have recently implemented a network of 51 EAP APs in our apartment basement of spread over 36 acres in Bangalore, INDIA. WE are in process of adding another 10-20 APs shortly and may expand to about 100 APs by 2020 end . Our backbone wired campus network consists of 31 Dllink 1200 series and 1 DGS-3120-24SC switches to which the TpLink EAPs and Internet Routers are connected. The network runs our IP CCTV network with 400+ Hikvision cameras on a dedicated Intranet VLAN.
One of the important features we wanted from Wifi Access was Wifi SSID - VLAN mapping with all SSIDs having Internet access, but this feature did not work as expected for us for the following APs
(1) EAP225 v3 (EU) - Latest Firmware
(2) EAP110 Outdoor V3 (EU) - Latest Firmware
(3) EAP110 Outdoor V1 - Latest firmware
All firmware are the latest avalable in the country and marked as upto date by the OC200 controllers. However when we disable Wifi VLANs everything works just great. However some other APs like EAP115 V2 (US) and consumer grade AP TL-WA901ND work fine.
DETAILED DESCRIPTION
=====================
The following topology indicates what is currently being used and working reliably 24x7. Basically APs are connected to one untagged Internet access VLAN port and no SSID-VLAN mapping is done
In this all APs (EAP225, EAP 110, EAP 115, WA-901ND) work fine. The DHCP server runs on load balalncing router. Clients get DHCP addresses from router and can access the internet.
However to integrate SSID-VLAN mapping, we modified the topology as below:
Here we convertted the AP port as tagged for all Wifi VLANs assuming that the AP will insert and strip of the VLAN tags based on traffic direction while teh switch will just trunk these packets to the router. What happened was very strange:
(1) First for the EAP115 V2 (US version) and TL-WA901ND the cionfiguration worked perfecetly. The inter-VLAN isolation was achieved while each VLAN had internet access.
(2) EAP 110 V3 and V1 did not work. fails to even get DHCP IP from router
(3) EAP 115 V3 behaved erratically:
(a) On latest firmware (EAP225(EU)_V3_2.6.0 Build 20190726) , the clients connecting to Wifi cannot even get DHCP address from Router
(b) On previous firmware (EAP225(EU)_V3_2.5.0 Build 20190404), that was shipped with equipment, IOS devices worked immediately, while Android and Windows 10 get DHCP address after long time (they stay in obtaining IP address for long time) and then work at slow internet speed onvce they get the IPs
At IP levels all devices are on private 10.0.0.0/8 subnet and no dedicated DHCP server per VLAN or seperate subnet per VLAN. All devices share the same DHCP pool.
Given the strange beahvior of differnet TP-Link AP models, where some models work beautifully and some don't, we are confused as to where the bugs are (which models) OR with our VLAN configuration. From our test observations and understanding, we think our VLAN Configuration of tagging/untagging is correct, but how to explain some models of APs working and some not. And differences of operations across firmwares. Anwways everything up for review.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Glad that it works now. Yes, pfSense is a well-suited firewall/router for such setups. Have nice holidays and a good new year!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 8137
Replies: 12
Voters 0
No one has voted for it yet.