07-29-2018 05:52 AM - edited 03-08-2019 03:46 PM
I read few threads about this issue, hovewer there is no sollution that works for me. I can ping both 10.0.0.13 or 10.0.0.14, management vlan works fine on copper, DHCP works on Fa 0/23.
Not working: device that try to connect to AP çan't aquire IP address.
Scenario:
catalyst 3750, configured dhcp server, int fa 0/24 - trunk, native vlan 10
aironet 1421 autonomous, gi0 - trunk, native vlan 10
-- 3750 config
ommited ! ip dhcp pool lan network 10.0.0.0 255.255.255.240 default-router 10.0.0.13 dns-server 8.8.8.8 domain-name int.local lease 0 4 ! -- output ommited ! interface FastEthernet0/23 # for testing purposes switchport access vlan 10 switchport mode access ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport trunk allowed vlan 10 switchport mode trunk ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address 10.0.0.13 255.255.255.240 !
-- aironet 1421
no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname AP ! ! logging rate-limit console 9 enable secret 5 xxxxx ! no aaa new-model no ip source-route no ip cef ip domain name int.local ! ! ! ! login block-for 60 attempts 2 within 10 login on-failure log login on-success log dot11 syslog ! dot11 ssid k2 vlan 10 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 7 xxxxx ! dot11 ssid k2g vlan 30 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 7 xxxxx ! dot11 ssid k5 vlan 10 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 7 xxxxx ! dot11 ssid k5g vlan 30 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 7 xxxxx ! ! ! no ipv6 cef ! ! username Cisco password 7 05280F1C2243 ! ! bridge irb ! ! ! interface Dot11Radio0 no ip address ! encryption mode ciphers aes-ccm ! encryption vlan 10 mode ciphers aes-ccm ! encryption vlan 30 mode ciphers aes-ccm ! ssid k2 ! ssid k2g ! antenna gain 0 mbssid speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. channel 2437 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio0.10 encapsulation dot1Q 10 bridge-group 10 bridge-group 10 subscriber-loop-control bridge-group 10 spanning-disabled bridge-group 10 block-unknown-source no bridge-group 10 source-learning no bridge-group 10 unicast-flooding ! interface Dot11Radio0.30 encapsulation dot1Q 30 bridge-group 30 bridge-group 30 subscriber-loop-control bridge-group 30 spanning-disabled bridge-group 30 block-unknown-source no bridge-group 30 source-learning no bridge-group 30 unicast-flooding ! interface Dot11Radio1 no ip address ! encryption mode ciphers aes-ccm ! encryption vlan 10 mode ciphers aes-ccm ! encryption vlan 30 mode ciphers aes-ccm ! ssid k5 ! ssid k5g ! antenna gain 0 peakdetect no dfs band block mbssid speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio1.10 encapsulation dot1Q 10 bridge-group 10 bridge-group 10 subscriber-loop-control bridge-group 10 spanning-disabled bridge-group 10 block-unknown-source no bridge-group 10 source-learning no bridge-group 10 unicast-flooding ! interface Dot11Radio1.30 encapsulation dot1Q 30 bridge-group 30 bridge-group 30 subscriber-loop-control bridge-group 30 spanning-disabled bridge-group 30 block-unknown-source no bridge-group 30 source-learning no bridge-group 30 unicast-flooding ! interface GigabitEthernet0 no ip address duplex auto speed auto ! interface GigabitEthernet0.10 encapsulation dot1Q 10 native bridge-group 1 bridge-group 1 spanning-disabled no bridge-group 1 source-learning ! interface GigabitEthernet0.30 encapsulation dot1Q 30 bridge-group 30 bridge-group 30 spanning-disabled no bridge-group 30 source-learning ! interface BVI1 mac-address c471.fe43.c7cc ip address 10.0.0.14 255.255.255.240 ipv6 address autoconfig ipv6 enable ! ip forward-protocol nd ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ! ! ! bridge 1 route ip ! ! ! line con 0 line vty 0 4 login local transport input all ! end
07-29-2018 06:51 AM
why are you using native vlan when you are explicitly tagging dot1q with vlan 10? take the native vlan statements out if you tag all vlans.
also. if you have an endpoint with a static ip address associated with the ap, in vlan 10, can you ping the dhcp server/switch?
cheers
07-29-2018 10:34 AM - edited 07-29-2018 11:07 AM
By default switch interface is going to have this statement:
switchport trunk allowed vlan 10, 30
I cannot remove vlan 10 native because I will lose management on AP.
I did as you recommended, I set static IP on wireless client but no luck, no access ether to AP or switch gateway. I can assume that this could be an issue with AP, but device I working fine in router-on-a-stick configuration, with vlans etc. That's why I'm surprised why it's not working, in this setup switch replaced router.
Thanks for sugestion!
--------
update:
I'm SPANing fa0/24 interface and in wireshark all I can see is CDP and ping while I'm pinging one of the gateways.
Setting up static IP on wireless clinent and running ping doesn't work. What's more, I cannot ping AP gateway once I'm connected wirelessly.
Any ideas folks?
07-29-2018 03:09 PM
Hello,
in addition to the other posts, I think you need to add an IP helper address to the BVI:
interface BVI1
mac-address c471.fe43.c7cc
ip address 10.0.0.14 255.255.255.240
ip helper-address 10.0.0.13
ipv6 address autoconfig
ipv6 enable
and also:
ip default-gateway 10.0.0.13
08-12-2018 12:17 PM - edited 08-12-2018 12:22 PM
Sorry for my late response, today I made another attempt to troubleshoot that AP and I finally fixed it by erasing everything and entering line by line of my config manualy, and it works now. Thank you all for help!
08-13-2018 03:43 AM - edited 08-13-2018 03:45 AM
Hello
Can you post that new configuration be intersting to see if you have added the following:
interface dot11radio 0.10
encapsulation dot1q vlan-id native 10
interface dot11radio 1.10
encapsulation dot1q vlan-id native 10
08-19-2018 04:31 AM
Yes, thanks I added this, here is my config, all working as it should. However I have quick question, while I'm adding vlan to dot11 ssid, eg. vlan 10 to interface 2g and 5g it says that I cannot set the same vlan on more that 1 interface, when finally it's addedd to config, is it a bug?
no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname AP ! ! logging rate-limit console 9 enable secret 5 xxx ! no aaa new-model no ip source-route no ip cef ip domain name int.local ! ! ! ! login block-for 60 attempts 2 within 10 login on-failure log login on-success log dot11 syslog ! dot11 ssid k2g vlan 30 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 7 xxx ! dot11 ssid k5g vlan 30 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 7 xxx ! dot11 ssid k2gee vlan 10 authentication open authentication key-management wpa version 2 guest-mode mbssid guest-mode wpa-psk ascii 7 xxx ! dot11 ssid k5gee vlan 10 authentication open authentication key-management wpa version 2 mbssid guest-mode wpa-psk ascii 7 xxx ! ! ! no ipv6 cef ! ! username xxx privilege 15 secret 5 xxx ! ! bridge irb ! ! ! interface Dot11Radio0 no ip address ! encryption mode ciphers aes-ccm ! encryption vlan 30 mode ciphers aes-ccm ! encryption vlan 10 mode ciphers aes-ccm ! ssid k2g ! ssid k2gee ! antenna gain 0 mbssid speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. channel 2437 station-role root ! interface Dot11Radio0.10 encapsulation dot1Q 10 native bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio0.30 encapsulation dot1Q 30 bridge-group 30 bridge-group 30 subscriber-loop-control bridge-group 30 spanning-disabled bridge-group 30 block-unknown-source no bridge-group 30 source-learning no bridge-group 30 unicast-flooding ! interface Dot11Radio1 no ip address ! encryption mode ciphers aes-ccm ! encryption vlan 10 mode ciphers aes-ccm ! encryption vlan 30 mode ciphers aes-ccm ! ssid k5g ! ssid k5gee ! antenna gain 0 peakdetect no dfs band block mbssid speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. channel dfs station-role root ! interface Dot11Radio1.10 encapsulation dot1Q 10 native bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio1.30 encapsulation dot1Q 30 ! interface GigabitEthernet0 no ip address duplex auto speed auto ! interface GigabitEthernet0.10 encapsulation dot1Q 10 native bridge-group 1 bridge-group 1 spanning-disabled no bridge-group 1 source-learning ! interface GigabitEthernet0.30 encapsulation dot1Q 30 bridge-group 30 bridge-group 30 spanning-disabled no bridge-group 30 source-learning ! interface BVI1 mac-address c471.fe49.c7cc ip address 10.0.0.61 255.255.255.192 ip helper-address 10.0.0.62 ipv6 address dhcp ipv6 address autoconfig ipv6 enable ! ip default-gateway 10.0.0.62 ip forward-protocol nd ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ! ! ! bridge 1 route ip ! ! ! line con 0 line vty 0 4 password 7 xxx login local transport input ssh ! end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide