cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
205
Views
0
Helpful
6
Replies
Highlighted
Beginner

Standalone AP 3502 & 2602: WIFI clients have problems communication with servers configured with BOND interface ( ETH & WIFI )

Hello,

In my network - on the same LAN I have AP CISCO 3502 & 2602 in stand alone mode and some others AP Huawei ... switches and wired LAN devices.

After I installed the CISCO AP I found that all WIFI clients connected to this AP's can't access any server configured with BOND interface as fault-tolerance / active-backup ( ETH & WIFI ) when the active interface is ETH ( and this is configured as primary and always reselect ), they can access any other servers/devices on LAN/internet that have only Ethernet or WiFi interface.

The same wifi clients if they are connected to others AP's Huawei... have no problem communicating with the servers in the same condition.

In the Cisco Association window I can see that all the servers with bond interface are associated/connected OK with bonding MAC but all with IP 0.0.0.0.

At servers side bonding it is working properly with all interfaces UP and ETH active.

As soon as I remove Ethernet cable at server side; in CISCO AP they receive correct IPs ( the same IP as for ETH because it is Bonding ) and communication it is ok ( BOND interface it is switched to wifi ), if I plug LAN cable back they lose communication again to any wifi client only from CISCO APs not Huawei.

 

It is clear a problem with CISCO AP's, a firmware bug or something wrong in AP configuration but I was unable to find any hint how to fix this problem.

Maybe somebody can help.

Thank you.

Here it is the config from AP3502:

!
! Last configuration change at 18:51:28 +0300 Fri May 3 2019
! NVRAM config last updated at 18:51:50 +0300 Fri May 3 2019
! NVRAM config last updated at 18:51:50 +0300 Fri May 3 2019
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Cisco_3502
!
!
logging rate-limit console 9
enable secret 5 $1xxxxxx
!
no aaa new-model
clock timezone +0300 3 0
no ip source-route
no ip cef
ip admission name webpass consent
no ip domain lookup
!
!
!
!
dot11 pause-time 100
no dot11 igmp snooping-helper
dot11 syslog
!
dot11 ssid XXXXXX
   band-select
   authentication open 
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 xxxxxxxxxxxxx
   11w-pmf client optional
!
dot11 band-select parameters
   cycle-count 3
   cycle-threshold 200
   expire-supression 20
   expire-dual-band 60
   client-rssi 68
!
!
no ipv6 cef
!
crypto pki trustpoint TP-self-signed-2831870232
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2831870232
 revocation-check none
 rsakeypair TP-self-signed-2831870232
!
!
crypto pki certificate chain TP-self-signed-2831870232
 certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
username XXXXXX secret 5 $1xxxxxxxxx.
!
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers aes-ccm 
 !
 ssid XXXXXX
 !
 antenna gain 0
 speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
 power client local
 station-role root
 no dot11 qos mode
 no dot11 extension aironet
 world-mode dot11d country-code PL both
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 encryption mode ciphers aes-ccm 
 !
 ssid XXXXXX
 !
 antenna gain 0
 probe-response gratuitous
 peakdetect
 no dfs band block
 speed  basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
 power client local
 channel width 40-above
 channel dfs
 station-role root
 no dot11 qos mode
 no dot11 extension aironet
 world-mode dot11d country-code PL both
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface BVI1
 mac-address 5057.a8ca.e815
 ip address dhcp client-id GigabitEthernet0
 ipv6 address dhcp
 ipv6 address autoconfig
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip http secure-port 4343
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
no cdp run
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
sntp server 192.168.102.1
sntp broadcast client
end

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: Standalone AP 3502 & 2602: WIFI clients have problems communication with servers configured with BOND interface ( ETH & WIFI )

Edited:

Solved finally by changing AP role to Root Bridge with Wireless Clients

Thank you for help.

6 REPLIES 6
VIP Engager

Re: Standalone AP 3502 & 2602: WIFI clients have problems communication with servers configured with BOND interface ( ETH & WIFI )

I'm a tiny bit confused about your setup. Assuming the servers are in the same WLAN as the clients, is the feature "P2P Blocking Action" enabled? It should be set to disabled, if your wireless clients should be able to communicate with each other.

Are the Huawei attached WLAN clients and the Cisco attacked WLAN clients in the same VLAN, or are you using different ones?
Beginner

Re: Standalone AP 3502 & 2602: WIFI clients have problems communication with servers configured with BOND interface ( ETH & WIFI )

Hi,

thank you for answer.

My wifi clients are not restricted to communicate between them as you can see from AP config I posted up.

Every equipment: servers, APs, clients are on the same LAN segment and I am not using VLANs here so all direct communication here will not be managed by router.

For some reason Cisco AP after register the inactive bond MAC with IP 0.0.0.0.0 will block communication from all his wifi clients to the same bond MAC registered with correct static IP but active in eth.

When bond will switch to wifi, all it is OK on Cisco AP I can see MAC it is registered with same static IP previous seen on eth, when bond is active on eth it is NOT OK from Cisco AP point.

I am using this setup as a fail safe in case bond eth it is not available: cable cut...

VIP Engager

Re: Standalone AP 3502 & 2602: WIFI clients have problems communication with servers configured with BOND interface ( ETH & WIFI )

Ah sorry, I misread the model! I thought you have a WLC 3504, not an AP 3502.
I wonder if this has to do with ARP issues.
What software release is running on the APs?
Beginner

Re: Standalone AP 3502 & 2602: WIFI clients have problems communication with servers configured with BOND interface ( ETH & WIFI )

System Software Filename: ap3g1-k9w7-xx.153-3.JF9

System Software Version: 15.3(3)JF9

 

ps

I activated ARP Caching - optional but no luck.

dot11 arp-cache optional
VIP Engager

Re: Standalone AP 3502 & 2602: WIFI clients have problems communication with servers configured with BOND interface ( ETH & WIFI )

Ok, software is up to date.

Which device on your network is the router responsible?
I wonder if it has to do with some weird broadcast issue. That is typically filtered on wireless devices to a certain degree.
I don't have an autonomous AP here, but can you test to toggle those commands on the SSID and BVI?
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding

See here for more information on those commands: https://www.cisco.com/c/en/us/td/docs/ios/bridging/command/reference/br_book/br_a1.html
And here even better: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/15-3-3-JB/command/reference/cr-book/cr-chap2.html#pgfId-2468614

Could you maybe make a drawing of your setup?
There is also a chance that you have to change the configuration to Bridge mode, but I'm not really sure.
Here the manual: https://community.cisco.com/t5/wireless-mobility-documents/autonomous-ap-and-bridge-basic-configuration-template/ta-p/3112198
Beginner

Re: Standalone AP 3502 & 2602: WIFI clients have problems communication with servers configured with BOND interface ( ETH & WIFI )

Edited:

Solved finally by changing AP role to Root Bridge with Wireless Clients

Thank you for help.

CreatePlease to create content