In my network - on the same LAN I have AP CISCO 3502 & 2602 in stand alone mode and some others AP Huawei ... switches and wired LAN devices.
After I installed the CISCO AP I found that all WIFI clients connected to this AP's can't access any server configured with BOND interface as fault-tolerance / active-backup ( ETH & WIFI ) when the active interface is ETH ( and this is configured as primary and always reselect ), they can access any other servers/devices on LAN/internet that have only Ethernet or WiFi interface.
The same wifi clients if they are connected to others AP's Huawei... have no problem communicating with the servers in the same condition.
In the Cisco Association window I can see that all the servers with bond interface are associated/connected OK with bonding MAC but all with IP 0.0.0.0.
At servers side bonding it is working properly with all interfaces UP and ETH active.
As soon as I remove Ethernet cable at server side; in CISCO AP they receive correct IPs ( the same IP as for ETH because it is Bonding ) and communication it is ok ( BOND interface it is switched to wifi ), if I plug LAN cable back they lose communication again to any wifi client only from CISCO APs not Huawei.
It is clear a problem with CISCO AP's, a firmware bug or something wrong in AP configuration but I was unable to find any hint how to fix this problem.
Maybe somebody can help.
Here it is the config from AP3502:
! ! Last configuration change at 18:51:28 +0300 Fri May 3 2019 ! NVRAM config last updated at 18:51:50 +0300 Fri May 3 2019 ! NVRAM config last updated at 18:51:50 +0300 Fri May 3 2019 version 15.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname Cisco_3502 ! ! logging rate-limit console 9 enable secret 5 $1xxxxxx ! no aaa new-model clock timezone +0300 3 0 no ip source-route no ip cef ip admission name webpass consent no ip domain lookup ! ! ! ! dot11 pause-time 100 no dot11 igmp snooping-helper dot11 syslog ! dot11 ssid XXXXXX band-select authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii 7 xxxxxxxxxxxxx 11w-pmf client optional ! dot11 band-select parameters cycle-count 3 cycle-threshold 200 expire-supression 20 expire-dual-band 60 client-rssi 68 ! ! no ipv6 cef ! crypto pki trustpoint TP-self-signed-2831870232 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2831870232 revocation-check none rsakeypair TP-self-signed-2831870232 ! ! crypto pki certificate chain TP-self-signed-2831870232 certificate self-signed 01 nvram:IOS-Self-Sig#2.cer username XXXXXX secret 5 $1xxxxxxxxx. ! ! bridge irb ! ! ! interface Dot11Radio0 no ip address ! encryption mode ciphers aes-ccm ! ssid XXXXXX ! antenna gain 0 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. power client local station-role root no dot11 qos mode no dot11 extension aironet world-mode dot11d country-code PL both bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio1 no ip address ! encryption mode ciphers aes-ccm ! ssid XXXXXX ! antenna gain 0 probe-response gratuitous peakdetect no dfs band block speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. power client local channel width 40-above channel dfs station-role root no dot11 qos mode no dot11 extension aironet world-mode dot11d country-code PL both bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface GigabitEthernet0 no ip address duplex auto speed auto bridge-group 1 bridge-group 1 spanning-disabled no bridge-group 1 source-learning ! interface BVI1 mac-address 5057.a8ca.e815 ip address dhcp client-id GigabitEthernet0 ipv6 address dhcp ipv6 address autoconfig ! ip forward-protocol nd no ip http server ip http secure-server ip http secure-port 4343 ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ! ! no cdp run ! bridge 1 route ip ! ! ! line con 0 line vty 0 4 login local transport input all ! sntp server 192.168.102.1 sntp broadcast client end
Solved! Go to Solution.
thank you for answer.
My wifi clients are not restricted to communicate between them as you can see from AP config I posted up.
Every equipment: servers, APs, clients are on the same LAN segment and I am not using VLANs here so all direct communication here will not be managed by router.
For some reason Cisco AP after register the inactive bond MAC with IP 0.0.0.0.0 will block communication from all his wifi clients to the same bond MAC registered with correct static IP but active in eth.
When bond will switch to wifi, all it is OK on Cisco AP I can see MAC it is registered with same static IP previous seen on eth, when bond is active on eth it is NOT OK from Cisco AP point.
I am using this setup as a fail safe in case bond eth it is not available: cable cut...
System Software Filename: ap3g1-k9w7-xx.153-3.JF9
System Software Version: 15.3(3)JF9
I activated ARP Caching - optional but no luck.
dot11 arp-cache optional