airMAX - Guide to Configure VLANs
This article includes several different variations of how to configure management VLANs, please see the table of contents below to navigate.
- Steps to Configure Management VLAN in Bridge Mode
- Steps to Configure Management VLAN in Router Mode
- How to Pass Management Traffic as Tagged and Access VLAN as Untagged
- How to Pass VLAN Traffic as Tagged and Management Traffic as Untagged
Before you begin, please keep the following in mind:
- Both airMAX radios need to have WDS enabled and should be on the latest firmware.
- This article is applicable to both M and AC airMAX devices (except the Router Mode section, which applies to AC devices only).
- VLANs passing through the AP radio do not need to be configured on the AP, only on the device that is tagging/untagging.
- Due to changes in the wireless driver, it is a requirement that WLAN0 is a member of a bridge. This applies to airMAX AC only
Steps to Configure Management VLAN in Bridge Mode
Simple Mode Configuration
In this example, VLAN10 is being used for management.
1. Navigate to the Network tab on the radio’s web interface.
2. Switch the Configuration Mode to Simple (default mode).
3. Click on Management VLAN and add the VLAN tag (VLAN10 in this example).
4. This will automatically create a new bridge interface, add VLAN 10 to WLAN0 + LAN0, and set the new bridge interface as the Management Interface.
5. Confirm Management IP Address configuration
6. Save Changes
The radio should now be manageable via VLAN10, assuming it is configured on this port.
Advanced Mode Configuration
In this example, VLAN10 is being used for management.
1. Navigate to the Network tab on the radio’s web interface.
2. Switch the Configuration Mode to Advanced.
3. Under VLAN Network click “Add” and add VLAN ID 10 on interface WLAN0. Repeat for LAN0.
It may be desirable to exclude LAN0 if this is a Customer facing ethernet port (CPE/Station) and you do not want to expose your Management Interface.
4. Navigate to the Bridge Network section towards the bottom. A new bridge was automatically created when VLAN10 was added.
5. Click on the pencil icon next to the newly created bridge (BRIDGE_10 in this example) and confirm that the correct ports are listed under Selected Ports.
AP Example
Station Example
Note: It may be desirable to disable management access on the Customer side (Station LAN0). In order to do this, switch to Advanced configuration mode and remove (in this example) LAN0.10 from Bridge1.
Steps to Configure Management VLAN in Router Mode
Requirements:
- Only applicable to airMAX AC devices on current firmware. Not applicable to M devices.
- Due to changes in the wireless driver, it is a requirement that WLAN0 is a member of a bridge.
- It is highly recommended that this configuration is set up in a test environment before it is attempted on the production network.
1. Navigate to the Network tab on the radio’s web interface.
2. Switch the Configuration Mode to Advanced.
3. Under VLAN Network click “Add” and add VLAN ID 10 on interface WLAN0. Note that VLAN10 is being used for management in this example. Make sure this is enabled and a comment is added for easy identification.
4. Navigate to Management Network Settings and select the new VLAN interface WLAN0.10 and insert the IP and Netmask.
5. At this point, the device should be reachable via VLAN 10. Save the changes to verify the device is reachable at the new IP address. If the device is unreachable, double check the router and switch configuration.
6. Now that the device can be reached on the management VLAN, it is time to disable Management access on the other interfaces. Do so by enabling Block Management Access under WAN Network Settings and LAN Network Settings.
How to Pass Management Traffic as Tagged and Access VLAN as Untagged on Station LAN
Station LAN
At this point we assume the Station has already been configured as a management VLAN ( #3 or #4 depending on Network mode)
- Navigate to the Network tab, switch from Configuration Mode to Advanced.
- Under VLAN Network, add the VLAN you want to untag. For this example, the VLAN we are using is 107. Since it is coming in tagged over the wireless interface, we want to add VLAN 107 under WLAN0 and hit Add.
- For M devices, under the Bridge Network section, we want to remove WLAN0 from Bridge0 and add WLAN0.107. For AC Device, create a new bridge (bridge1) and add WLAN0.107 and LAN0, leaving WLAN0 in the default bridge0.
- Click Change at the bottom and then Apply.
Wireless
In this example, we will be managing the radio via LAN0.100 as in the previous example discussed in the Station LAN section above.
- Create VLAN Network LAN0.107
- Remove LAN0 from BRIDGE0
- Add LAN0.107 to BRIDGE0
This will untag LAN0.107 to WLAN0. Here is an example untagging:
How to Pass VLAN Traffic as Tagged and Management as Untagged
This section demonstrates how to pass management traffic as "untagged" and leave VLAN traffic "tagged", or more simply, pass traffic transparently through the airMAX radio.
The setup is pretty straightforward. Since the VLANs on the radio do not require untagging and the management ports are untagged, a VLAN aware switch will be needed on both sides.
Go to Network tab to make these configurations, use the screenshots below as examples. Click on either airMAX M or airMAX AC image to see it in large. Note that no changes have been made to the default bridge setup and no VLAN interfaces have been created, despite passing VLAN-tagged traffic.
airMAX M | airMAX AC |