cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
612
Views
0
Helpful
1
Replies

AP1131 confused STP Problem

ncciscouser
Level 1
Level 1

Hi,

iam running into a issue which i solved but not totaly understood.

Cisco IOS Router VLAN 1 + 5 native = 1

->trunk between subifaces IOS Router to Procurve

Procurve Switch VLAN 1,2,3,4,5 native = 1

->trunk between Procurve Switch to Cisco AP1131

CISCO AP 1131 VLAN 1,5,99 native = 99

I have two SSIDs GST and TMP configured as following:

--------------------------------------------------------

dot11 SSID GST

  vlan 5

  wpa-psk.....

  authen....

  mbssid gue

dot 11 SSID TMP

  vlan 1

  wpa-psk.....

  authen...

  mbssid gue

bridge irb

int dot 0

  encryption... vlan 1... aes

  encryption.... vlan 5... aes

  dot11 ssid GST

  dot11 ssid TMP

  mbssid

  station-role root

int dot 0.1

  enc dot1q 1

  bridge-gr 1

int dot 0.5

  enc dot1q 5

  bridge-gr 5

int dot 0.99

  enc dot1q 99 native

  bridge-gr 99

int fa 0.1

  enc dot1q 1

  bridge-gr 1

int fa 0.5

  enc dot1q 5

  bridge-gr 5

int fa 0.99

  enc dot1q 99 nat

  bridge-gr 99

int bvi 1

  ip address dhcp.....

bridge 1 route ip

--------------------------------------------------------

so now i have two things i dont understand.

1. In this config no spanning-tree is configured, so it should be off.

When i run this config all clients authenticate successfully and working good except the fact iam losing partially network connectivity.

ICMP Pakets are going randomly lost, between cabled as well as aired clients to switches, routers and server. So it looks like a STP issue or any kind of loop. One possibiliy would be to globally activate STP on the AP, or like i did add the following command to every bridge group (dot sub interface) on the AP:

"bridge-group X subscriber-loop-control"

This solved the paket lost.

I dont understand why it is possible to have a loop here without STP. Could somebody please explain iam doing hard understanding it.

if you have something like this:

Client ---- Switch --- AP --- Client how is it possible to have a loop?

If you had:

Client1 --- Switch1 -- AP1 -- Switch1 -- AP1 -- Client

than it would...

2. When having VLAN 1 or VLAN 5 defined as native on the AP iam unable to receive DHCP for the Clients in the according native vlan.

I have configured a non exisiting 99 and set it to native and it works for the other both.

Thank You!

1 Reply 1

Federico Ziliotto
Cisco Employee
Cisco Employee

Hello,

Without having the chance to troubleshoot the failing scenario, it might be hard to actually say where the root cause really was.
Would you have the chance to revert back to the failing configuration so to investigate it a little bit more?

For what concerns the best practices, you may want to take a quick look at the following link:
https://www.ciscotaccc.com/kaidara-advisor/wireless/showcase?case=K38698256

It doesn't necessarily explain all the reasons behind each command, but it does recommend the following configuration (in your case under each sub-interface):

bridge-group X subscriber-loop-control
bridge-group X spanning-disabled
bridge-group X block-unknown-source

Regards,

Fede

--
If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Review Cisco Networking for a $25 gift card