cannot ping the access point form the router.

Luca Pecchiari · ‎10-19-2020

Hello, i have make this setup for the acess point and i get lost somewhere. i have a Cisco C887VA, router with secondary core for the acce point.

version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
no service password-encryption
!
hostname ap802
!
!
logging buffered 20000 informational
logging rate-limit console 9
enable secret 9 xxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
!
!
!
!
aaa session-id common
clock timezone CET 1 0
clock summer-time DST recurring last Sun Mar 2:00 last Sun Oct 3:00
clock save interval 8
no ip source-route
no ip cef
ip domain name xxxxxx
ip name-server 192.168.1.1
!
!
!
!
ip dhcp-server 192.168.1.1
dot11 pause-time 100
dot11 syslog
dot11 activity-timeout unknown default 120
dot11 activity-timeout client default 120 maximum 300
dot11 vlan-name vlan1 vlan 1
dot11 vlan-name vlan10 vlan 10
!
dot11 ssid --Caos-WiFi-C--
   vlan 10
   authentication open 
   authentication key-management wpa version 2
   guest-mode
   mbssid guest-mode
   wpa-psk ascii 0 xxxxx
!
dot11 ssid WiFi-Bridge
   vlan 1
   authentication open 
   authentication key-management wpa version 2
   infrastructure-ssid
   wpa-psk ascii 0 xxxxxx
!
!
!
no ipv6 cef
!
!
username Cisco password 7 032752180500
username caoslady privilege 15 secret 9 xxx
!
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 10 mode ciphers aes-ccm 
 !
 ssid --Caos-WiFi-C--
 !
 vocera
 antenna gain 4
 beamform ofdm
 speed  basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
 packet max-retries 3 0 fail-threshold 100 500 priority 5 drop-packet
 packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet
 channel 2472
 station-role root
 dot11 qos class background local
    cw-min 6
    fixed-slot 10
 !
 dot11 qos class video local
    cw-max 5
    fixed-slot 3
    transmit-op 0
 !
 dot11 qos class voice local
    cw-max 4
    transmit-op 0
 !
 dot11 qos class background cell
    cw-min 8
    fixed-slot 12
 !
 dot11 qos class best-effort cell
    cw-min 6
    fixed-slot 5
 !
 dot11 qos class video cell
    cw-min 4
    cw-max 6
    fixed-slot 5
    transmit-op 0
 !
 dot11 qos class voice cell
    cw-max 4
    transmit-op 0
 !
 world-mode dot11d country-code US both
 infrastructure-client
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.10
 encapsulation dot1Q 10
 no ip route-cache
 bridge-group 10
 bridge-group 10 subscriber-loop-control
 bridge-group 10 spanning-disabled
 bridge-group 10 block-unknown-source
 no bridge-group 10 source-learning
 no bridge-group 10 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 load-interval 60
 !
 encryption vlan 1 mode ciphers aes-ccm 
 !
 encryption vlan 10 mode ciphers aes-ccm 
 !
 ssid --Caos-WiFi-C--
 !
 antenna gain 3
 peakdetect
 no dfs band block
 beamform ofdm
 speed  basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
 packet max-retries 3 0 fail-threshold 100 500 priority 5 drop-packet
 packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet
 channel width 40-above
 channel 5560
 station-role root bridge wireless-clients
 dot11 qos class background local
    cw-min 6
    fixed-slot 10
 !
 dot11 qos class video local
    cw-max 5
    fixed-slot 3
    transmit-op 0
 !
 dot11 qos class voice local
    cw-max 4
    transmit-op 0
 !        
 dot11 qos class background cell
    cw-min 8
    fixed-slot 12
 !
 dot11 qos class best-effort cell
    cw-min 6
    fixed-slot 5
 !
 dot11 qos class video cell
    cw-min 4
    cw-max 6
    fixed-slot 5
    transmit-op 0
 !
 dot11 qos class voice cell
    cw-max 4
    transmit-op 0
 !
 world-mode dot11d country-code US both
 infrastructure-client
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 no ip route-cache
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.10
 encapsulation dot1Q 10
 no ip route-cache
 bridge-group 10
 bridge-group 10 subscriber-loop-control
 bridge-group 10 spanning-disabled
 bridge-group 10 block-unknown-source
 no bridge-group 10 source-learning
 no bridge-group 10 unicast-flooding
!
interface GigabitEthernet0
 description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
 mac-address 6c20.5650.e076
 no ip address
 no ip route-cache
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.10
 encapsulation dot1Q 10
 no ip route-cache
 bridge-group 10
 bridge-group 10 spanning-disabled
!
interface BVI1
 mac-address 6c20.5650.e076
 ip address 192.168.1.2 255.255.255.0
 no ip route-cache
 ipv6 address dhcp
 ipv6 address autoconfig
 ipv6 enable
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip ssh version 2
!
!
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
!
!
alias exec qos0 show policy-map interface dot11Radio 0.1
alias exec qos1 show policy-map interface dot11Radio 1.1
alias exec busy0 dot11 dot11Radio 0 carrier busy
alias exec busy1 dot11 dot11Radio 1 carrier busy

!
line con 0
 privilege level 15
 no activation-character
line vty 0 4
 access-class 80 in
 exec-timeout 30 0
 length 0 
 transport preferred ssh
 transport input ssh
 transport output telnet
!
sntp server 192.168.1.1
sntp source-interface BVI1
cns dhcp
end

router config

interface Ethernet0
 description **  RETE INTERNA **
 no ip address
 shutdown
!
interface FastEthernet0
 description **  RETE INTERNA **
 switchport access vlan 10
 no ip address
!
interface FastEthernet1
 description **  RETE INTERNA **
 switchport access vlan 10
 no ip address
!
interface FastEthernet2
 description **  RETE INTERNA **
 switchport access vlan 10
 no ip address
!
interface FastEthernet3
 description **  RETE INTERNA **
 switchport access vlan 10
 no ip address
!
interface Virtual-Template1
 description **  VPN - Virual Template  **
 mtu 1406
 ip unnumbered Dialer0
 zone-member security outside
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 switchport trunk allowed vlan 1,2,10,1002-1005
 switchport mode trunk
 no ip address
!
interface wlan-ap0
 description Embedded Service module interface to manage the embedded AP
 ip unnumbered Vlan10
 shutdown
!
interface Vlan1
 description **  NOT USED  **
 no ip address
 shutdown
!
interface Vlan10
 description ** VLAN - RETE INTERNA **
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 zone-member security inside
 ip tcp adjust-mss 1452

Here is where i am totally lost.

If i put under Interface Wlan-GigabitEthernet0:

switchport trunk native vlan 10.

I can ping the access point from the router, but wirelss client cannot get a ip address.

If i put under Interface Wlan-GigabitEthernet0:

switchport trunk native vlan 1, i cannot ping the access point, but the wireless client gets an ip address and they basically work.

Tryed also the "switchport trunk allowed vlan 1,2,10,1002-1005" but it does not help.

Please, what i am doing of wrong?

Any help will be appreciated. Thank you very much.