1️⃣ Purpose
This document provides a structured troubleshooting and resolution procedure for incidents caused by VLAN trunk misconfiguration in environments using Pronto Networks routers and access points.
This scenario typically applies to restaurant and retail deployments where:
ISP Router → Pronto Router → Managed Switch → POS / Wi-Fi VLANs
No dedicated firewall appliance is present
VLAN segmentation is configured on the Pronto router and/or managed switch
A trunk misconfiguration can block inter-VLAN routing or internet access even when IP addressing appears correct.
This is a Layer 2 VLAN tagging issue, not a DNS or ISP failure.
Environment: ISP Router → Pronto Router → Managed Switch → POS / Wi-Fi VLANs
2️⃣ Scope
This SOP applies to:
POS VLAN
Guest Wi-Fi VLAN
Management VLAN (usually Native Vlan for device management plane traffic)
Switch uplink trunk ports
Pronto Router LAN trunk port
Pronto AP uplink (if VLAN tagging enabled)
Assumptions:
VLANs are defined on the Pronto Router
Managed switch carries multiple VLANs
Pronto APs broadcast SSIDs mapped to VLAN IDs
3️⃣ Background – VLAN Trunk in Pronto Architecture
In a typical Pronto deployment:
The Pronto Router LAN port operates as a VLAN trunk
The Managed Switch uplink must also be trunk mode
Pronto AP uplink should be trunk port and must allow required VLANs tagging
SSIDs are mapped to VLAN IDs inside Pronto controller
Important Concepts
Access Port → Carries one VLAN only
Trunk Port (802.1Q) → Carries multiple VLANs using tagging
If VLAN is not allowed on trunk → traffic is dropped
Native Vlan, if mismatched on trunk port untagged traffic (usually management plane traffic of downstream devices) would be impacted.
4️⃣ Normal Network Design (Pronto Example)
Example shows a typical Restaurant design and deployment Setup:
POS Devices → Access Port VLAN 20
Guest Wi-Fi (Pronto AP) → VLAN 30
Management → VLAN 1
Switch Uplink → Trunk/ Hybrid (Tagged vlan 20, 30) and Native vlan 1
Pronto Router LAN → Trunk (Tagged vlan 20, 30) and Native vlan 1
Pronto Router performs:
VLAN gateway assignment
DHCP per VLAN
NAT to ISP
If trunk does not allow VLAN 20 tagging at any of site of uplinks → POS fails, wireless clients do not get IP address
If Native Vlan is mismatched, downstream devices (AP, Switch) will not be able to associate to management vlan and remains offline but would be able to pass the client (tagged vlan) traffic.
5️⃣ Problem Description
A VLAN trunk misconfiguration occurs when:
Required VLAN not allowed on trunk
Pronto router port set as access instead of trunk
AP uplink port missing VLAN
Native VLAN mismatch
SSID mapped to wrong VLAN ID
6️⃣ Typical Symptoms
Staff Reports
POS not connecting to payment server.
Guest Wi-Fi connects but no internet.
Only management vlan works.
Endpoint works but pronto devices remain offline.
Technical Indicators
Device receives incorrect IP (e.g., 192.168.20.x instead of 192.168.10.x)
Cannot ping VLAN gateway
Other VLANs working normally
Only one SSID affected
7️⃣ Business Impact
If POS Vlan affected:
Card transactions fail
Orders cannot sync between POS and printer or display if they are in different vlan
Revenue disruption
If Guest Vlan affected:
Poor customer experience
Negative reviews
If Management Vlan is affected
NOC visibility
False alert and incident
Performance and health degradation
8️⃣ Common Root Causes in Pronto Environments
VLAN created in Pronto but not allowed on switch trunk
Switch trunk allows only default VLAN
AP uplink configured as access port
SSID mapped to incorrect VLAN ID in controller
Router VLAN interface missing DHCP scope
Native Vlan mismatched
Vlan is not created on Switch but available on Router
9️⃣ Detailed Troubleshooting Procedure
🔎 Step 1 – Identify Affected VLAN
Determine which VLAN is failing:
Example:
POS VLAN → 20
Guest VLAN → 30
Management Vlan → 1
On device (Windows POS):
ipconfig /all
Verify:
IP range matches VLAN
Default gateway matches expected gateway
Example: 192.168.20.1
No IP on POS (APIPA range is allocated)
If IP is wrong → DHCP or access port issue.
If no IP → Could be Port, Vlan, DHCP scope issue
🔎 Step 2 – Verify Access Port on Switch
Check switch port where device connects:
Ensure:
Mode: Access
VLAN: Correct (e.g., 20 for POS)
If AP port:
Must be trunk if multiple SSIDs use VLAN tagging and Native vlan should be same as Router
Common mistake:
AP connected to access VLAN 1 → Guest VLAN traffic blocked.
🔎 Step 3 – Verify Switch Uplink Trunk
Identify uplink between:
Managed Switch → Pronto Router
Check:
Mode: Trunk
Allowed VLAN list includes required VLANs and Native vlan is matched on both side.
Example Incorrect:
Allowed VLANs: 30
POS VLAN = 20 ❌ or Native VLAN is 20
Correct:
Allowed VLANs: 20, 30
Native Vlan: 1
🔎 Step 4 – Verify Pronto Router VLAN Configuration
Login to Pronto Router dashboard.
Check:
VLAN 20 exists
Gateway IP assigned (e.g., 192.168.20.1)
DHCP enabled
LAN port configured as trunk
If VLAN created but LAN port not trunk → traffic dropped.
🔎 Step 5 – Validate SSID to VLAN Mapping
Inside Pronto Wi-Fi configuration:
Check SSID → VLAN ID mapping
Example:
Guest SSID → VLAN 30
If mistakenly mapped to VLAN 300 → clients will not get any IP address
Correct VLAN ID to match switch and router.
Step 6 – Validate DHCP pool is enabled on all configured Vlans
🔟 Resolution Scenarios
Scenario A – VLAN Missing on Trunk
Add VLAN to trunk allowed list.
Scenario B – VLAN Not Created in Pronto Router
Create VLAN interface:
VLAN ID: 20
Gateway: 192.168.20.1
Enable DHCP
Scenario C – Native Vlan Mismatched
Check Native vlan on Router, Switch and AP uplinks and ensure they are same.
Scenario C– DHCP scope not enabled on Vlan
Check and validate all vlans are having DHCP pool enabled on Router
11 Validation After Fix
Confirm:
✔ Device pings VLAN gateway
✔ Device reaches Pronto router
✔ Device reaches internet
✔ POS transaction successful
✔ Guest Wi-Fi loads websites
Monitor for 10–15 minutes.
