Hello all. I have setup a few trunks before between Cisco ASA5505 and CISCO 1252 access points, with no problem... However this one will not work for some reason, and I have been unable to find out why.. If I put the port into Access Mode, I am able to access the Access Point's Management Interface on the Native Vlan (1), but once I enable Trunking Mode on the port, all communication stops. The goal is to provide a trunk for 2 VLANS running on 2 SSID's.
EDIT: I did notice that the "switchport trunk native vlan " command is missing on this ASA5505 (only gives option for switchport trunk allowed), it does seem to appear in other versions. Is there a command I am missing somewhere to make this work?
Please help!!!
ASA5505:
ASA Version 8.0(2)
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8
Advanced Endpoint Assessment : Disabled
This platform has an ASA 5505 Security Plus license.
Switching Config:
interface Vlan1
nameif inside
security-level 100
ip address 192.168.9.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address xxxxxxxxxxxx 255.255.255.248
!
interface Vlan3
nameif inet
security-level 50
ip address 10.10.0.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
description TO ACCESS POINT
switchport trunk allowed vlan 1,3
switchport mode trunk
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
ACCESS POINT CONFIG:
Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(10b)JDA3, RELEASE SOFTWARE (fc1)
dot11 ssid INET
vlan 3
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxx
!
dot11 ssid Inside
vlan 1
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxx
!
dot11 ssid Inside-5g
vlan 1
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxx
!
interface Dot11Radio0
no ip address
no ip route-cache
!
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 3 mode ciphers aes-ccm
!
broadcast-key change 3600
!
!
ssid INET
!
ssid Inside
!
mbssid
channel 2437
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
broadcast-key change 3600
!
!
ssid Inside-5g
!
dfs band 3 block
mbssid
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.3
encapsulation dot1Q 3
no ip route-cache
no cdp enable
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface BVI1
ip address 192.168.9.254 255.255.255.0
no ip route-cache
!
interface BVI3
ip address 10.10.0.254 255.255.255.0
no ip route-cache
