Written by: admin on 01/14/13

Interesting issue that was just resolved at a client. We use Cisco WAPs (Cisco WAP321 model) for some SMB customers and it seems that they have an interesting quirk that will cause some serious issues on a network if they are plugged into an STP-enabled SmartSwitch. By default, the WAP is also STP-enabled and it causes BPDU packet flooding on the SmartSwitch, which, in turn, causes the SmartSwitch to disable the port that the WAP is plugged into. If you try to outsmart it by plugging it into an ASA firewall directly or a dumb switch behind the SmartSwitch, the port that the other device is plugged into on the SmartSwitch will detect the BPDU packet flooding and will disable THAT port. The only way to bring the ports back is to unplug the WAP and powercycle the SmartSwitch or to unplug the WAP and manually log into the SmartSwitch and take the port out of suspended mode.

In these Cisco WAPs, however, under WDS Bridge settings, there is an option to un-check “Spanning Tree Mode.” By un-checking this box, it takes the WAP out of STP mode and will allow it to talk to the SmartSwitch without an issue.

In addition to this, you can get this far and then not have any traffic at all, including DHCP broadcast traffic passing through the wireless. This is because, by default, SmartSwitches tag their ports for the default VLAN and it is considered a tagged port. Within the Cisco WAP, the default option under “LAN Settings” has an “enabled” check box for “Untagged VLAN”. This “enabled” box must be UN-CHECKED in order to pass traffic back and forth from the WAP to the network, including DHCP broadcasts.

Once these are done to the Cisco WAP, it will play nice with the SmartSwitch it is connected to.