[NEBULA] NAP102 & VLANs - Is this possible?

Options
Peppino
Peppino Posts: 138  Ally Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Nebula
After 5-7 hours of continuous struggling with different methods I am close to give up. The worse way of handling VLANs ever in APs I have seen so far.

I have a network with 10 switches that each have 3 VLANs: 400, 500, and 600 but no VLAN 1. 400 carries SSID and 600 is for management.
I understood that one needs to login to NAP102s GUI and set the management to 600 tagged, but I have no confirmation whatsoever what's gonna happen, and if I plug it into a trunk port, nothing happens, tha APs keep flashing green and yellow, even the SSID is set to VLAN 400...

For some reason two out of four started to work, then they stopped the SSID set to vlan 400. I know that there is a setting under ports, to allow certain VLANs to pass, yet the user guide says nothing about how to deal with them.

Is there a guide that I could use, or I am supposed to return these boxes to the distributor?

Comments

  • Zyxel_Barney
    Zyxel_Barney Posts: 84  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2018
    Options
    Hello @Peppino

    I am terribly sorry that you had to spend 5-7 hours trying to shift the NAP's management VLAN!
    The trick to successfully changing the NAP's management VLAN is that BOTH original and new management settings MUST be able to provide the NAP with Internet access. 

    First thing we need to clarify some details about your topology. 

    - Are you using a full set of Nebula products (Nebula AP, Switch, Gateway)? If so, you can provide us with administrator privilege for your Site so we can better analyze the issue?

    - Which NAP model are you using?

    - If the switch port connected to your NAP is using trunk mode, what is its native VLAN?

    - If your NAP uses dynamic IP address (DHCP), Which among your 3 VLANs have DHCP service enabled?

    We have a guide available for configuring a non-default management VLAN here. However, this guide is designed for creating a network from scratch and not for integrating the Nebula devices into an existing one. But hopefully it can bring you some additional insight.

    Regards,
    Barney Gregorio
  • Peppino
    Peppino Posts: 138  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options
    Hi Barney,

    Good to see there are such experienced pros that I know, here on this forum. :-)
    I understand I have to configure them by having the relevant switch ports set to native VLAN1, and then the management vlan configuration will be acknowledged.
    I will revisit this topic today afternoon, and will let you know the outcome.

    I am using a Nebula gateway and Nebula APs, but not Nebula switch for this project, as the switching infrastructure is in place as I mentioned, and only the APs need to be replaced.
    I am using a bunch of NAP102s and a NAP353.
    The switch ports in question have VLANs 400, 500, and 600 set all tagged, no native VLAN available, but for the MGMT VLAN change I have used a "transition" port, which in turn did not have VLAN600 set.

    All VLANs have DHCP, so it will not be a big deal to change this minor VLAN setting.
    The guide is useful, I wish I saw that before....
    I will try to set it up based on your suggestions, and if there would be any issue, I will let you know and disclose the Nebula admin details for this organization.

    Thanks a lot for your extensive reply,
    Levente
  • Zyxel_Barney
    Zyxel_Barney Posts: 84  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hello Levente,

    The fact that your NAP was able to reach Nebula CC in the first place tells me that your switch must have an untagged layer of communication. If it has no native VLAN concept, then I assume it's using a routed port (similar to a LAN interface).

    May I know the method behind this "transition" port? Is this similar to Cisco's encapsulating 802.1Q (VLAN) into a router port?

    And finally, one scenario you need to consider is, say, you successfully changed the NAP's management from VLAN 1 to 600, but for some reason or another disabled VLAN 600 on your switch, you cannot recover the NAP's management by re-configuring the NAP's management VLAN back to VLAN 1 via Nebula CC. This is because Nebula CC can no longer reach your NAP!

    Your option is either to backtrack by re-enabling VLAN 600 on the switch, or factory resetting the NAP by pressing and holding down its built-in reset button to revert  the NAP's initial management configurations back to VLAN1.

    Regards,
    Barney Gregorio
  • Peppino
    Peppino Posts: 138  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options
    Hi Barney,

    I succeeded with the configuration based on your guidelines. Thank you very much for clearing the misunderstandings I had with these.
    By transition ports I meant, that I had VLAN1 ports where the APs were initially plugged in, then after changing the management vlan I replugged them into a port that was assigned vlan 400 and 600.
    Now I understand these should have had a native 'vlan 1', and than everything went smoothly.

    I suggest including these instructions (eventually along the guide you disclosed) into the official manual, as an integrator would only have these tools only available.

    Again many thanks for the efficient help, it was really good to talk to you again. Take care!

    Levente

Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

    EnglishTiếng ViệtРусскийไทย中文(台灣)