Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
2
Replies

issue with second vlan

Go to solution
jkay18041
Level 3
Level 3

‎05-26-2016 08:48 PM - edited ‎03-08-2019 05:57 AM

I'm setting up a new wifi network for a business. using 1142n and a 3750e switch for it. I can get vlan 1 and the ssid on it working fine. however the 2nd ssid on vlan 2 that will be used for the guest will not work. I've gave the device an ip on that vlan statically and it connects but i cannot ping the switch. I've also assigned a ip address to the ap on the gigabit 0.2 sub interface and I still cannot ping the vlan 2 ip address of the switch. The switch is going to route the vlan as well since it's a guest network.

Here are my configs, does anyone have any thoughts to why vlan 2 won't work correctly? Ive done the no shutdown on the switch on vlan 2 as well as the interfaces on the AP

Thank you for the help!

Switch config

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
no logging console
enable password 
!
username admin privilege 15 password 
no aaa new-model
switch 1 provision ws-c3750e-24pd
system mtu routing 1500
ip routing
ip dhcp excluded-address 10.15.1.1
ip dhcp excluded-address 10.15.1.254
!
ip dhcp pool Guest_Wireless
 network 10.15.1.0 255.255.255.0
 dns-server 8.8.8.8 8.8.4.4
 default-router 10.15.1.254
!
!
!
!
crypto pki trustpoint TP-self-signed-28769879
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-28769879
 revocation-check none
 rsakeypair TP-self-signed-287698790
!
!
crypto pki certificate chain TP-self-signed-28769879
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32383736 39383739 3034301E 170D3036 30313032 30303031
  32395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38373639
  38373930 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81008658 6AD30FC6 5DAB8DA1 C851A3E2 B6F2511C 1F08073F 9192AD5D 203AE499
  FFD3C24A 361766FF 2306AD75 B30F5CA7 2D7779AB 1F54B1D9 FA01C92C 1571B83A
  DE25EE8E AD1B61A5 01C7A7EB 817FB798 D4863DA1 B367C967 339120AC EDC30B56
  6CC4A23F 9424CCBF 737F572C BC3C7BAB 1990D560 12015755 479D266A 2F36AA17
  563D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 141C689B 7EF196F8 BA466FDC F9414A8D A3B5C4D9 AB301D06
  03551D0E 04160414 1C689B7E F196F8BA 466FDCF9 414A8DA3 B5C4D9AB 300D0609
  2A864886 F70D0101 05050003 8
        quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
 description Wireless
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,2
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 description Wireless
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,2
 switchport mode trunk
!
interface GigabitEthernet1/0/3
 description Wireless
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,2
 switchport mode trunk
!
interface GigabitEthernet1/0/4
 description Wireless
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,2
 switchport mode trunk
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
 ip address 192.168.111.2 255.255.255.0
!
interface Vlan2
 description Guest Wireless
 ip address 10.15.1.254 255.255.255.0
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.111.1
!
ip access-list extended Guest_WiFi_Block
 deny   ip 192.168.111.0 0.0.0.255 10.15.1.0 0.0.0.255
 permit ip any any
!
access-list 122 deny   tcp any eq 22 any
access-list 122 permit tcp 192.168.111.0 0.0.0.255 any
!
!
!
line con 0
line vty 0 4
 access-class 122 in
 privilege level 15
 login
 transport input ssh
line vty 5 15
 login
!
end
AP config
hostname AP1
!
!
logging rate-limit console 9
no logging console
enable secret 
!
no aaa new-model
no ip cef
!
!
!
!
dot11 syslog
!
dot11 ssid SFC
   vlan 1
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 
!
dot11 ssid SFC Guest
   vlan 2
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 
!
!
dot11 guest
!
!
!
username Cisco password 
username admin privilege 15 password 
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 encryption vlan 2 mode ciphers aes-ccm
 !
 ssid SFC
 !
 ssid SFC Guest
 !
 antenna gain 0
 mbssid
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 spanning-disabled
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.2
 encapsulation dot1Q 2
 no ip route-cache
 bridge-group 2
 bridge-group 2 spanning-disabled
 no bridge-group 2 source-learning
!
interface BVI1
 description LAN
 ip address 192.168.111.250 255.255.255.0
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip default-gateway 192.168.111.2
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 privilege level 15
 login local
 transport input ssh
!
end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnd2310
Level 8
Level 8

‎05-26-2016 09:01 PM

Hi,

 Has vlan 2 been created on the switch? does show interface vlan 2 show the interface as up/up?

Thanks

John

**Please rate posts you find helpful**

View solution in original post

0 Helpful
2 Replies 2

Go to solution
johnd2310
Level 8
Level 8

‎05-26-2016 09:01 PM

Hi,

 Has vlan 2 been created on the switch? does show interface vlan 2 show the interface as up/up?

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Go to solution
jkay18041
Level 3
Level 3
In response to johnd2310

‎05-26-2016 09:29 PM

That was it, I thought that since I added a ip address to vlan 2 on the switch and also ran a no shutdown on vlan 2 that it meant vlan 2 was created.

Thank you

0 Helpful
Customers Also Viewed These Support Documents