VLAN Tagging Meraki AP

Question

I've listed the equipment I have installed on my network. Everything is operational, with the exception of the VLAN tagging for Meraki APs. I've Tagged VLAN 10 and 15 for these devices and VLAN 10 as PVID. The issue I'm having is when I configure the SSIDs tagging on the proper VLANs (10 & 15), the clients can't retrieve IP addresses from DHCP Server (ASA). See attached diagram.

Cisco ASA Firewall
- Internet
- Routing
- Network DHCP Server

Netgear GS728TP
- VLANs (5,10,15,20, 50)

Meraki APs
- Access to 2 VLANs (10 & 15)

In the Cisco realm, the proper command looks like this

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport trunk allowed vlan 2,5,10,15
switchport mode trunk

How best to achieve this task on Netgear switches?

Thank you in advance

schumaku · Accepted Answer

The problem&nbsp;here seems to be the understanding&nbsp;of configuring the ASA resp. the Meraki AP with it's definition of the "native VLAN".&nbsp;The Netgear switches&nbsp;are - except of the PVID part - pretty clear and translate the VLAN basics well.&nbsp;ashy516&nbsp;wrote:How best to achieve this task on Netgear switches?To start with, get a plan, write down what you need, remove things not required, and learn the language&nbsp;and slng of the three products are talking... Oh and to start you need to understand that it's not "tagging" what makes up a VLAN. On the network itself, it's all about VLAN, and for a trunk defining which VANs are tagged, and which one (one!) is untagged. Hint: Meraki&nbsp;and sometimes Cisco does designate this as "native VLAN".&nbsp;&nbsp;&nbsp;ashy516&nbsp;wrote:I've Tagged VLAN 10 and 15 for these devices and VLAN 10 as PVID.This does already sound wrong. At the same time, it's the only "special" part the Netgear Smart Managed switches have the PVID does designate the VLAN where incoming untagged frames will be assigned to. If VlAN 10 needs to be untagged, configure VLAN 10 [U]ntagged and PVID 10.&nbsp;ashy516&nbsp;wrote:Cisco ASA Firewall&nbsp;- Internet- Routing- Network DHCP ServerThe ASA port and the switch port must be defined the same - all VLANs tagged, except if there is the intention to keep one untagged (as done on the Meraki).&nbsp;ashy516&nbsp;wrote:Netgear GS728TP- VLANs (5,10,15,20, 50)Meraki APs- Access to 2 VLANs (10 &amp; 15)...&nbsp;switchport trunk allowed vlan 2,5,10,15Somehow, there seems to be a mess with the VLAN (e.g. 2 vs. 20). And if you need only 10 and 15 on the Meraki, what are 2, 5 for?&nbsp;ashy516&nbsp;wrote:Meraki APs- Access to 2 VLANs (10 &amp; 15)...switchport trunk encapsulation dot1q&nbsp;switchport trunk native vlan 10&nbsp;switchport trunk allowed vlan 2,5,10,15&nbsp;switchport mode trunkNetgear switch port to connect to the Meraki AP configured as a trunk:&nbsp;VLAN 1 [ ]&nbsp; ...empty, not participating (essential!)VLAN 10 [U]ntagged&nbsp; &nbsp;...you set it as native(!)PVID 10 ...as explained above, untagged frames to VLAN 10.VLAN 20 [T]agged&nbsp;VLAN xx [ ] ...empty, not participating, xx applies to&nbsp;all other VLANs like 2,5,20,50 (just picked all you listed)&nbsp;&nbsp;A similar config for the ASA port (or a LAG) ... essential is that you have the same on the ASA and on the switch side.&nbsp;Ensure you have always only ONE VLAN as [U]ntagged and the same PVID set on a port in a 802.1q environment.No rocket science as I said. No magic config, dependencies, complex CLI, ... just basic VLAN networking.&nbsp;Enjoy,-Kurt

Forum Discussion

VLAN Tagging Meraki AP

2 Replies

Related Content

GS305E Trunking tagged and untagged vlans

VLAN tagging - 802.1q?

WAN VLAN Tagging for Fiber ONT

AX1800 VLAN Tagging not working

WAN vlan tagging

NETGEAR Academy

ProSupport for Business