12-30-2010 01:03 AM - edited 03-06-2019 02:45 PM
Hi,
iam running into a issue which i solved but not totaly understood.
Cisco IOS Router VLAN 1 + 5 native = 1
->trunk between subifaces IOS Router to Procurve
Procurve Switch VLAN 1,2,3,4,5 native = 1
->trunk between Procurve Switch to Cisco AP1131
CISCO AP 1131 VLAN 1,5,99 native = 99
I have two SSIDs GST and TMP configured as following:
--------------------------------------------------------
dot11 SSID GST
vlan 5
wpa-psk.....
authen....
mbssid gue
dot 11 SSID TMP
vlan 1
wpa-psk.....
authen...
mbssid gue
bridge irb
int dot 0
encryption... vlan 1... aes
encryption.... vlan 5... aes
dot11 ssid GST
dot11 ssid TMP
mbssid
station-role root
int dot 0.1
enc dot1q 1
bridge-gr 1
int dot 0.5
enc dot1q 5
bridge-gr 5
int dot 0.99
enc dot1q 99 native
bridge-gr 99
int fa 0.1
enc dot1q 1
bridge-gr 1
int fa 0.5
enc dot1q 5
bridge-gr 5
int fa 0.99
enc dot1q 99 nat
bridge-gr 99
int bvi 1
ip address dhcp.....
bridge 1 route ip
--------------------------------------------------------
so now i have two things i dont understand.
1. In this config no spanning-tree is configured, so it should be off.
When i run this config all clients authenticate successfully and working good except the fact iam losing partially network connectivity.
ICMP Pakets are going randomly lost, between cabled as well as aired clients to switches, routers and server. So it looks like a STP issue or any kind of loop. One possibiliy would be to globally activate STP on the AP, or like i did add the following command to every bridge group (dot sub interface) on the AP:
"bridge-group X subscriber-loop-control"
This solved the paket lost.
I dont understand why it is possible to have a loop here without STP. Could somebody please explain iam doing hard understanding it.
if you have something like this:
Client ---- Switch --- AP --- Client how is it possible to have a loop?
If you had:
Client1 --- Switch1 -- AP1 -- Switch1 -- AP1 -- Client
than it would...
2. When having VLAN 1 or VLAN 5 defined as native on the AP iam unable to receive DHCP for the Clients in the according native vlan.
I have configured a non exisiting 99 and set it to native and it works for the other both.
Thank You!
12-30-2010 06:35 AM
Hello,
Without having the chance to troubleshoot the failing scenario, it might be hard to actually say where the root cause really was.
Would you have the chance to revert back to the failing configuration so to investigate it a little bit more?
For what concerns the best practices, you may want to take a quick look at the following link:
https://www.ciscotaccc.com/kaidara-advisor/wireless/showcase?case=K38698256
It doesn't necessarily explain all the reasons behind each command, but it does recommend the following configuration (in your case under each sub-interface):
bridge-group X subscriber-loop-control
bridge-group X spanning-disabled
bridge-group X block-unknown-source
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide