Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
0
Helpful
7
Replies

Why must port role be set to Access Point for a Wifi AP to work?

xrper
Level 1
Level 1

‎09-08-2017 12:22 PM - edited ‎03-08-2019 11:58 AM

I have a Cisco switch into which is plugged a Cisco Aironet. Unless the port role is set to access point traffic from wireless clients is 9 times out of 10 not passed through the switch. Why is this, what exacly does port roles change?

Labels:
0 Helpful
7 Replies 7

Georg Pauwen
VIP
VIP

‎09-08-2017 12:53 PM

Hello,

not sure if I understand what you are asking, but actually, the switchport connected to the AP should be set to trunk mode. Do you have different VLANs configured on the AP ?

Can you post the configs of both devices ? 

 

0 Helpful

xrper
Level 1
Level 1

‎09-09-2017 01:24 PM

The switch is an ESW 500 series Small Business Switch, as far as I can tell it only has a web GUI, I cant see any way of getting a CLI on it.

The config on the Wifi AP is as follows:

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap1142_1
!
!
logging rate-limit console 9
enable secret 5 $1$VaPA$HN1vIlgnlRYgkQiABiacQ.
!
aaa new-model
!
!
aaa group server radius rad_eap
 server name 192.168.253.206
!         
aaa group server radius rad_mac
!         
aaa group server radius rad_pmip
!         
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local 
!         
!         
!         
!         
!         
aaa session-id common
no ip cef 
ip domain name wrinehillvilla.local
ip name-server 192.168.253.254
!         
!         
!         
!         
dot11 syslog
!         
dot11 ssid 7 Bishops Wood
   authentication open eap eap_methods 
   authentication network-eap eap_methods 
   authentication key-management wpa version 2
   guest-mode
   no ids mfp client
!         
!         
dot11 arp-cache optional
dot11 guest
!         
!         
!         
username Cisco password 7 01300F175804
username admin secret 5 $1$3fMG$1YwEpxe4qt7I4fX2M8AjQ1
!         
!         
ip ssh version 2
bridge irb
!         
!         
interface Dot11Radio0
 no ip address
 no ip route-cache
 !        
 encryption vlan 1 mode ciphers aes-ccm 
 !        
 encryption mode ciphers aes-ccm 
 !        
 ssid 7 Bishops Wood
 !        
 antenna gain 0
 packet retries 128
 station-role root
 rts threshold 1024
 rts retries 128
 world-mode dot11d country-code GB both
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding
!         
interface Dot11Radio1
 no ip address
 shutdown 
 antenna gain 0
 peakdetect
 no dfs band block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!         
interface GigabitEthernet0
no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!         
interface BVI1
 ip address 192.168.253.250 255.255.255.0
 ipv6 address dhcp
 ipv6 address autoconfig
!         
ip default-gateway 192.168.253.254
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!         
!         
radius-server attribute 32 include-in-access-req format %h
radius server 192.168.253.206
 address ipv4 192.168.253.206 auth-port 1812 acct-port 1646
 key 7 095F460C0B1516
!         
bridge 1 protocol ieee
bridge 1 route ip
!         
!         
!         
line con 0
 exec-timeout 0 0
 logging synchronous
line vty 0 4
 length 0 
transport input ssh
line vty 5 15
 transport input ssh
!         
sntp server 85.199.214.99
sntp broadcast client
end
0 Helpful

Georg Pauwen
VIP
VIP
In response to xrper

‎09-09-2017 01:48 PM

Hello,

you have only one Vlan (Vlan 1, the default) configured. The ESW500 indeed does not have a CLI command line.

In the 'Smart Port Settings Wizard - Access Point'  (page 25 step 3 of the attached user guide) do you have the 'Trunk Native VLAN ID' set to 1 (Vlan 1) ?

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/esw500/administration/guide/ESW_500_Administration_Guide.pdf

0 Helpful

Julio E. Moisa
VIP
VIP

‎09-10-2017 06:18 AM - edited ‎09-10-2017 06:19 AM

Hi,

Please correct me if I understand wrong the question, but usually the access mode is used when you have 1 VLAN in few workds a SSID, now if you have configured multiple SSIDs and they have been assigned to specific VLANs you need to use trunk mode to pass multiple VLANs through the port, also is required configure a native VLAN once you are using Trunk, on the AP you need to create the native vlan and specifiy it. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

xrper
Level 1
Level 1
In response to Julio E. Moisa

‎09-11-2017 11:52 AM

Yes the native /default VLAN is set to 1 on the switch.

0 Helpful

Georg Pauwen
VIP
VIP
In response to xrper

‎09-11-2017 01:21 PM

Hello,

is your question about the Smart Ports for Access Points ? When configured as access point, a QoS policy is implemented, that might be the issue.

0 Helpful

Julio E. Moisa
VIP
VIP
In response to xrper

‎09-11-2017 01:52 PM

I usually dont use the vlan 1, but have you configured the vlan 1 as native on the AP?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card