cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5047
Views
0
Helpful
5
Replies

VLAN - Access mode vs Trunk mode

mikeh
Level 1
Level 1

We are trying to configure an Aironet 1200 with multiple VLANs without much luck. At this point, I am stuck trying to get the VLANs working on our Catalyst 4006 Sup3 switch.

The FAS0 on the AP is connected to Gi4/23 on the 4006. When I configure port 4/23 for "trunk", traffic does not pass. When I configure the same port for "access VLAN 55", it works just fine. This is not what I'm reading in the "Using VLANs with Cisco Aironet Wireless Equipment. It says to use the "trunk" mode. But, I am not getting it to work.

Here is some other info:

IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(8a)EW1

cat4000-is-mz.121-8a.EW1.bin

Config of the port on the 4006 that connects the AP (this does not work):

interface GigabitEthernet4/23

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,55,200,1002-1005

switchport mode trunk

switchport nonegotiate

description Cisco 1231 AP

If I change to these two lines to "access" instead of "trunk", traffic will pass and my wireless devices begin working.

switchport mode access

switchport access vlan 55

show int gi4/23 switchport on the 4006 produces:

Name: Gi4/23

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Operational private-vlan: none

Trunking VLANs Enabled: 1,55,200,1002-1005

Pruning VLANs Enabled: 2-1001

show int gi4/23 trunk on the 4006 produces:

Port Mode Encapsulation Status Native vlan

Gi4/23 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi4/23 1,55,200,1002-1005

Port Vlans allowed and active in management domain

Gi4/23 1,55,200,1002-1005

Port Vlans in spanning tree forwarding state and not pruned

Gi4/23 1,55,200,1002-1005

VTP is configured and VLAN 55 is "active". No matter what, I can always ping the address for Interface VLAN 55.

I know I'm missing something.... can anyone help?

Thank in advance!

5 Replies 5

p.devalck
Level 1
Level 1

Hello,

I'm currently trying Aironets 1200 as well.

What I have read and tried is using trunking with a native vlan (I tried using a L2 switch and a router behind it).

I had to specify the native vlan explicitly (switchport trunk native vlan NNN) on the switch.

In the Aironet the native VLAN had to be configured also explicitly (somewhere in ethernet link settings).

It then worked just fine, I could associate with different SSIDs, each of them corresponding to a different VLAN (different ranges of DHCP addresses, so that checking the ip address gives an indication on the VLAN).

Possibly this is way off the mark, I post this just in case...

Thank you for your comments. I have tried what you suggested, but am still in the same spot.

I specifically added "switchport trunk native vlan 1" to the port on the 4006 switch.

I verified that that native vlan was specified in the CLI of the AP. Both the Ethernet Sub-Interface and the Radio Sub-Interface for VLAN 1 specify that VLAN 1 is the native VLAN.

Still no luck, so just to rule out the AP I connected a laptop with a static IP Address (172.16.55.50) for VLAN 55. (172.16.55.1) It reacted the same way.

If the 4006 port is in "trunk" mode - no traffic will pass using this subnet. As soon as I revert to "access" mode, traffic passes. But the mutliple VLAN config on the AP won't work.

Either I am misunderstanding how this is supposed to work, or I am missing something in the configuration.

Thanks for any additional help or suggestions!

I am having a similar problem. I am able to configure VLANS and the VLANS work as long as I am not using WEP keys. The device will authenticate but will not reieve DHCP. Apparently this is a known bug ,CSCec54099. If I assign an address it works fine.

We run multiple VLANS on 1200 with IOS code. Vlan 2 is the management VLAN and 26 and 28 are voice and data. See below.

1200AP 12.2(13)JA--------------------

interface Dot11Radio0.26

encapsulation dot1Q 26

no ip route-cache

no cdp enable

bridge-group 26

bridge-group 26 subscriber-loop-control

bridge-group 26 block-unknown-source

no bridge-group 26 source-learning

no bridge-group 26 unicast-flooding

bridge-group 26 spanning-disabled

!

interface Dot11Radio0.28

encapsulation dot1Q 28

no ip route-cache

no cdp enable

bridge-group 28

bridge-group 28 subscriber-loop-control

bridge-group 28 block-unknown-source

no bridge-group 28 source-learning

no bridge-group 28 unicast-flooding

bridge-group 28 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

ntp broadcast client

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.2

encapsulation dot1Q 2

ip address 10.1.2.152 255.255.255.0

no ip route-cache

bridge-group 2

no bridge-group 2 source-learning

bridge-group 2 spanning-disabled

!

interface FastEthernet0.26

encapsulation dot1Q 26

no ip route-cache

bridge-group 26

no bridge-group 26 source-learning

bridge-group 26 spanning-disabled

!

interface FastEthernet0.28

encapsulation dot1Q 28

no ip route-cache

bridge-group 28

no bridge-group 28 source-learning

bridge-group 28 spanning-disabled

3550 Trunk Port 12.1(19)EA1a-------------

interface FastEthernet0/29

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2,26,28

switchport mode trunk

switchport nonegotiate

no ip address

no logging event link-status

ram.vijay
Level 1
Level 1

Hi,

Pls use the config as given below, it works in my environoment.

interface GigabitEthernet4/23

swithport access vlan 55

switchport trunk encapsulation dot1q

no switchport trunk native vlan

switchport trunk allowed vlan 1,55,200,1002-1005

switchport mode trunk

switchport nonegotiate

description Cisco 1231 AP

end

Rgds,

Vijay V

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco