Cisco Cisco Aironet 350 Wireless Bridge 技術マニュアル
The failure to limit allowed VLANs on the trunk to those defined on the wireless device
If VLANs 1, 10, 20, 30 and 40 are defined on the switch, but only VLANs 1, 10 and 30 are defined on
the wireless equipment, you must remove the others from the trunk switchport.
the wireless equipment, you must remove the others from the trunk switchport.
•
Misuse of the designation of infrastructure SSID
When you install access points, only assign the infrastructure SSID when you use an SSID on:
workgroup bridge devices
♦
repeater access points
♦
non−root bridges
♦
It is a misconfiguration to designate the infrastructure SSID for an SSID with only wireless laptop
computers for clients, and causes unpredictable results.
computers for clients, and causes unpredictable results.
In bridge installations, you can only have one infrastructure SSID. The infrastructure SSID must be
the SSID that correlates to the Native VLAN.
the SSID that correlates to the Native VLAN.
•
Misuse or incorrect design of guest mode SSID designation
When you define multiple SSIDs/VLANs on Cisco Aironet wireless equipment, one (1) SSID can be
assigned as guest mode SSID with the SSID broadcast in 802.11 radio beacons. The other SSIDs are
not broadcast. The client devices must indicate which SSID to connect.
assigned as guest mode SSID with the SSID broadcast in 802.11 radio beacons. The other SSIDs are
not broadcast. The client devices must indicate which SSID to connect.
•
Failure to recognize that multiple VLANs and SSIDs indicate multiple OSI Model Layer 3 subnets
Deprecated versions of Cisco Aironet software permit binding multiple SSIDs to one VLAN. Current
versions do not.
versions do not.
•
OSI Model Layer 3 routing failures or incorrect designs
Each SSID and its linked VLAN must have a routing device and some source to address clients, for
example a DHCP server or the scope on a DHCP server.
example a DHCP server or the scope on a DHCP server.
•
Misunderstand or incorrectly configure Native VLAN
The routers and switches that make up the physical infrastructure of a network are managed in a
different method than the client PCs that attach to that physical infrastructure. The VLAN these router
and switch interfaces are members of is called the Native VLAN (by default, VLAN 1). Client PCs
are members of a different VLAN, just as IP telephones are members of yet another VLAN. The
administrative interface of the access point or bridge (interface BVI1) are considered and numbered a
part of the Native VLAN regardless of what VLANs or SSIDs pass through that wireless device.
different method than the client PCs that attach to that physical infrastructure. The VLAN these router
and switch interfaces are members of is called the Native VLAN (by default, VLAN 1). Client PCs
are members of a different VLAN, just as IP telephones are members of yet another VLAN. The
administrative interface of the access point or bridge (interface BVI1) are considered and numbered a
part of the Native VLAN regardless of what VLANs or SSIDs pass through that wireless device.
•
Significance of Native VLAN
When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the
"native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally
received untagged. Therefore, when an AP is connected to the switchport, the native VLAN configured on the
AP must match the native VLAN configured on the switchport.
"native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally
received untagged. Therefore, when an AP is connected to the switchport, the native VLAN configured on the
AP must match the native VLAN configured on the switchport.
Note: If there is a mismatch in the native VLANs, the frames are dropped.
This scenario is better explained with an example. If the native VLAN on the switchport is configured as
VLAN 12 and on the AP, the native VLAN is configured as VLAN 1, then when the AP sends a frame on its
native VLAN to the switch, the switch considers the frame as belonging to VLAN 12 since the frames from
the native VLAN of the AP are untagged. This causes confusion in the network and results in connectivity
problems. The same happens when the switchport forwards a frame from its native VLAN to the AP.
VLAN 12 and on the AP, the native VLAN is configured as VLAN 1, then when the AP sends a frame on its
native VLAN to the switch, the switch considers the frame as belonging to VLAN 12 since the frames from
the native VLAN of the AP are untagged. This causes confusion in the network and results in connectivity
problems. The same happens when the switchport forwards a frame from its native VLAN to the AP.