1142 Autonomous 2 VLAN connection problem IOS

BIRDHOUSE · ‎11-28-2018

Hello,

My setup:

200 VLAN-native

100 VLAN

ssid: xxx (guest mode) for employees

ssid:yyy(guest mode) for guests

Both have wpa2 security.

With devices : IOS,android, win10 i can connect to both SSIDs.

SSID:yyy - only win devices work.

I get IP on iphone (dhcp) - it connects but after only first age is opened in browser. It is not DNS issue - i tested with different DNS.

The same setup works on older 1240 AG series AP.

Any idea what could be wrong? I changed DTIM to 100 ...

Rasika Nayanajith · ‎11-28-2018

Pls attach your AP config as .txt file to have a look. Leave DTIM value as default

HTH

Rasika

BIRDHOUSE · ‎11-28-2018

!
! Last configuration change at 04:59:14 +0200 Sun May 12 2018
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname ap_dnevna
!
!
logging rate-limit console 9
enable secret 5 $xxxxxxxx.
!
no aaa new-model
clock timezone +0200 2 0
no ip source-route
no ip cef
!
!
!
!
dot11 pause-time 100
dot11 syslog
dot11 vlan-name birdhouse vlan 200
dot11 vlan-name Guest vlan 100
!
dot11 ssid Guest
   vlan 100
   band-select
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 xxxxxxx
!
dot11 ssid birdhouse
   vlan 200
   band-select
   authentication open
   authentication key-management wpa version 2
   guest-mode
   mbssid guest-mode
   wpa-psk ascii 7 0yyyyyyy
!
dot11 band-select parameters
   cycle-count 3
   cycle-threshold 200
   expire-supression 20
   expire-dual-band 60
   client-rssi 70
!
dot11 arp-cache optional
!
no ipv6 cef
!
!
username Cisco password 7 ccccccc
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 200 mode ciphers aes-ccm tkip
!
encryption vlan 100 mode ciphers aes-ccm tkip
!
ssid Guest
!
ssid birdhouse
!
antenna gain 0
mbssid
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2437
station-role root
beacon dtim-period 50
beacon privacy guest-mode
!
interface Dot11Radio0.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
!
interface Dot11Radio0.200
encapsulation dot1Q 200 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2001
!
interface Dot11Radio1
no ip address
!
encryption vlan 200 mode ciphers aes-ccm tkip
!
encryption vlan 100 mode ciphers aes-ccm tkip
!
ssid Guest
!
ssid birdhouse
!
antenna gain 0
peakdetect
dfs band 3 block
mbssid
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
channel width 40-above
channel dfs
station-role root
beacon period 20
beacon dtim-period 6
!
interface Dot11Radio1.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
!
interface Dot11Radio1.200
encapsulation dot1Q 200 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 spanning-disabled
no bridge-group 100 source-learning
!
interface GigabitEthernet0.200
encapsulation dot1Q 200 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.2001
!
interface BVI1
mac-address cccc.cccc.cccc
ip address 192.168.200.241 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
transport input all
!
sntp server 2.europe.pool.ntp.org
sntp broadcast client
end

Rasika Nayanajith · ‎11-29-2018

Try below modifications & see if it helps.(most of them help you to bring configs to default values which is recommended)

no dot11 arp-cache

!

int d0

no beacon privacy guest-mode

channel least-congested

speed basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

beacon period 100

!

int d1

speed basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

beacon period 100

beacon dtim-period 2

HTH

Rasika

*** Pls rate all useful responses ***

BIRDHOUSE · ‎11-29-2018

No difference.

SSID 1 working SSID 2 gets IP DHCP but not connecting to internet...

Rasika Nayanajith · ‎11-29-2018

It's look like vlan 200 config issue (DNS/NAT).

If you getting an IP to the client, can you ping 8.8.8.8 ?

If you configure vlan 200 switch port & connect your laptop using a wire, will that device get internet access ?

HTH

Rasika

BIRDHOUSE · ‎11-29-2018

i reset to default and put the same settings as written above.

now it is working