Solved: Router on a stick - AP and switch can't ping subifs

NicP270591 · ‎02-03-2013

Experts,

I am deploying a wireless network with multiple SSID's - 1242 trunked to 3560. 3560 trunked to 2811 subifs. Native VLAN 99 set at every point. Wireless clients can connect to SSID fine, but do not get DHCP from the router. The switch can ping BVI interface on AP (VLAN 99), and its own VLAN 99 of course, but cannot reach router loopback, 99, or subifs. Phones and desktop PC's in their respective VLAN's work fine and connect with DHCP etc. I am stumped. Seeing as the switch can ping the AP, but clients on the AP cannot ping the switch or router, or get DHCP, I am assuming there is a problem with the switch rather than the AP.

SWITCH

vlan 21

name VLAN-21-WLAN

!

vlan 22

name VLAN-22-GUEST-WLAN

!

vlan 99

name VLAN-99-NETMGT

!

interface Loopback0

description loopback

ip address 192.102.10.2 255.255.255.255

no ip route-cache

!

interface FastEthernet0/47

description to AP 1

switchport trunk encapsulation dot1q

switchport trunk native vlan 99

switchport trunk allowed vlan 21,22,40,41,51,99

switchport mode trunk

!

interface FastEthernet0/48

description to 2811 fa0/0

switchport trunk encapsulation dot1q

switchport trunk native vlan 99

switchport trunk allowed vlan 12,20-22,30,40,41,50,51,60,99

switchport mode trunk

!

interface Vlan99

ip address 192.102.99.2 255.255.255.192

no ip route-cache

ROUTER

!

ip dhcp pool VLAN-21-WLAN

network 192.102.21.0 255.255.255.192

default-router 192.102.21.1

dns-server 61.88.88.88 192.102.21.1 8.8.8.8

lease 7

!

ip dhcp pool VLAN-22-GUEST-WLAN

network 192.102.22.0 255.255.255.0

default-router 192.102.22.1

dns-server 61.88.88.88 192.102.21.1 8.8.8.8

!

interface Loopback0

description L,OP,Rothwell,4022

ip address 192.102.10.1 255.255.255.192

!

interface FastEthernet0/0

description to SW 0/48

no ip address

no ip redirects

ip flow ingress

ip nat inside

ip virtual-reassembly in

duplex auto

speed 100

!

interface FastEthernet0/0.21

description VLAN-21-WLAN

encapsulation dot1Q 21

ip address 192.102.21.1 255.255.255.192

no ip redirects

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

!

interface FastEthernet0/0.22

description VLAN-22-GUEST-WLAN

encapsulation dot1Q 22

ip address 192.102.22.1 255.255.255.0

no ip redirects

no ip proxy-arp

ip flow ingress

!

interface FastEthernet0/0.99

description VLAN-99-NETMGT,OP,Rothwell,4022

encapsulation dot1Q 99 native

no ip redirects

no ip proxy-arp

ip flow ingress

AP

dot11 ssid Guest Connect

vlan 22

authentication open

authentication key-management wpa

guest-mode

mbssid guest-mode

wpa-psk ascii 7 XXXXX

!

dot11 ssid Corporate Connect

vlan 21

authentication open

!

nterface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 21 key 1 size 128bit 7 XXXX transmit-key

encryption vlan 21 mode wep mandatory

!

encryption mode ciphers tkip

!

encryption vlan 22 mode ciphers tkip

!

ssid Guest Connect

!

ssid Corporate Connect

!

mbssid

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.21

encapsulation dot1Q 21

no ip route-cache

bridge-group 21

bridge-group 21 subscriber-loop-control

bridge-group 21 block-unknown-source

no bridge-group 21 source-learning

no bridge-group 21 unicast-flooding

bridge-group 21 spanning-disabled

!

interface Dot11Radio0.22

encapsulation dot1Q 22

no ip route-cache

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface FastEthernet0.21

encapsulation dot1Q 21

no ip route-cache

!

interface FastEthernet0.22

encapsulation dot1Q 22

no ip route-cache

!

interface FastEthernet0.99

encapsulation dot1Q 99 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface BVI1

ip address 192.102.99.3 255.255.255.192

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

John Blakley · ‎02-04-2013

You need to assign your bridge-groups under the subinterfaces for f0 as well. Your native has it, but the other two do not...

!

interface FastEthernet0.21

encapsulation dot1Q 21

bridge-group 21

no ip route-cache

!

interface FastEthernet0.22

encapsulation dot1Q 22

bridge-group 2

no ip route-cache

!

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

Praveen AR · ‎02-04-2013

HI Nic,

Could you please confirm reachability for router sub interface from AP's.

Regards

Praveen

NicP270591 · ‎02-04-2013

Hello Praveen!

If I ping 192.102.21.1 or 22.1 from the AP's I get 0% success rate.

Nic.

Praveen AR · ‎02-04-2013

I doubt problem in AP configuration.could you please recheck your AP config.

Regards

Praveen

NicP270591 · ‎02-04-2013

Praveen,

A bit unclear there. I am assuming youre saying you're doubting a problem in the router and switch but to check AP configuration?

Nic.

John Blakley · ‎02-04-2013

You need to assign your bridge-groups under the subinterfaces for f0 as well. Your native has it, but the other two do not...

!

interface FastEthernet0.21

encapsulation dot1Q 21

bridge-group 21

no ip route-cache

!

interface FastEthernet0.22

encapsulation dot1Q 22

bridge-group 2

no ip route-cache

!

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

NicP270591 · ‎02-04-2013

John,

Solved it in one! Can't believe I missed that. Thank you!, and Praveen, helpful as always!

Nic.

Praveen AR · ‎02-04-2013

Hi Nic,

I doubt configuration in AP only ,Even you can confirm swapping the switch connected port and AP .

I think there is no issues with switch config ,doubt problem in trunking between switch and AP.