The 4510 switch is the same subnet as VLAN 1, we also have portable devices that need to be in the same subnet as VLAN 1 on that Building B FDAPC side of things.  I don't need encryption for ROOT_1 only on FDAPC.  What do you suggest?

Hi Fabarboza,

I hope you are reffering to below command when you mention "you need to link each VLAN to an SSID and each SSID to the radio so that the radio can come up"

dot11 ssid ROOT_1

vlan 1

authentication open

guest-mode

infrastructure-ssid optional

interface Dot11Radio1

no ip address

no ip route-cache

encryption vlan 1 mode ciphers tkip 

ssid ROOT_1

I'm I missing something here?

Regards

Najaf

I've switched the ROOT_1 to VLAN3 now and I've attached the changed configurations and switch settings.  I now have radios up and up on both AP's but I'm unable to ping AP3 from AP1 because I think the VLAN3.

Hi Justin,

Yes your right...it is because of vlan 3 that you are not able to reach the BVI interface.

For timbeing ignore the second part (chaning the vlan number) of my intial posting and carry out only the first part. i.e

With out changing the VLAN number just add Vlan 1 under ROOT_1 ssid and check if you have end to end rechability.

dot11 ssid ROOT_1

vlan 1

authentication open

guest-mode

infrastructure-ssid optional

Regards

Najaf

That did not work.

I've managed to fix the ROOT_1 and FDAPC... now I'm having an issue where I can attempt to connect to the PCOFFICE SSID but I'm unable to get a DHCP address from the server.

Here is the config for the AP with PCOFFICE on it and the switch.

SWITCH

interface GigabitEthernet3/2

switchport trunk allowed vlan 1,200

switchport mode trunk

interface Vlan1

ip address 192.168.3.4 255.255.255.0

interface Vlan200

ip address 192.168.30.2 255.255.255.0

ip helper-address 192.168.3.98

ip default-network 192.168.3.0

ip route 0.0.0.0 0.0.0.0 192.168.3.1

no ip http server

ACCESS POINT

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

hostname AP1_ROOT_AP

enable secret 5 REMOVED

ip subnet-zero

no aaa new-model

dot11 vlan-name VLAN1 vlan 1

dot11 vlan-name pcCopper vlan 200

dot11 ssid PCOFFICE

   vlan 200

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7 REMOVED

dot11 ssid ROOT_1

   vlan 1

   authentication open

   authentication key-management wpa

   infrastructure-ssid optional

   wpa-psk ascii 7 REMOVED

dot11 network-map

dot11 arp-cache optional

power inline negotiation prestandard source

username Cisco password 7 REMOVED

username admin privilege 15 password 7 REMOVED

bridge irb

interface Dot11Radio0

no ip address

no ip route-cache

encryption mode ciphers tkip

encryption vlan 200 mode ciphers tkip

ssid PCOFFICE

speed basic-2.0 5.5 11.0 12.0 18.0 24.0 36.0 48.0 54.0

no power client local

power client 17

power local cck 17

power local ofdm 17

channel 2462

station-role root access-point

antenna receive right

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 port-protected

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

interface Dot11Radio0.200

encapsulation dot1Q 200

no ip route-cache

bridge-group 200

bridge-group 200 subscriber-loop-control

bridge-group 200 block-unknown-source

no bridge-group 200 source-learning

no bridge-group 200 unicast-flooding

bridge-group 200 spanning-disabled

interface Dot11Radio1

no ip address

no ip route-cache

encryption mode ciphers tkip

encryption vlan 1 mode ciphers tkip

ssid ROOT_1

dfs band 3 block

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

no power client local

power client 11

power local 11

channel 5180

station-role root bridge

antenna receive right

antenna transmit right

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

hold-queue 160 in

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 spanning-disabled

interface FastEthernet0.200

encapsulation dot1Q 200

no ip route-cache

bridge-group 200

bridge-group 200 spanning-disabled

interface BVI1

ip address 192.168.3.241 255.255.255.0

no ip route-cache

ip default-gateway 192.168.3.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

control-plane

bridge 1 route ip

line con 0

line vty 0 4

login local

Where is the server located?  If it is across the bridge link you need to add in the sub-interfaces on Radio 1

interface Dot11Radio1.200

encapsulation dot1Q 200

no ip route-cache

bridge-group 200

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

The server is on the same side as the AP I'm having the current issue with, not over the on the other side of the bridge.

if you plug a wired device into the switch in a port that is access to 200, can you get an IP address?

can you do a show interfacae g3/2 trunk

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Yes, we have another AP down the hall that is plugged into a different port on the switch on VLAN 200 and it's handing out IP's just fine.

GigabitEthernet3/2 is down, line protocol is down (notconnect)

  Hardware is Gigabit Ethernet Port, address is 1cdf.0f52.59e1 (bia 1cdf.0f52.59e1)

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Auto-duplex, Auto-speed, link type is auto, media type is 10/100/1000-TX

  input flow-control is off, output flow-control is off

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 3d06h, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     24199565 packets input, 5063166298 bytes, 0 no buffer

     Received 298749 broadcasts (213186 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 input packets with dribble condition detected

     78977931 packets output, 36881448592 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

are you sure the AP is in G3/2?  The output shows that the port is down.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

I'm an idiot... I just remembered that the AP is down on the table in here and so the port is down because that run is up in the ceiling.  I've been trying to fix this for days and my brain is fried....  Let me hang it back up and see what happens.  /facepalm

happens to all of us man.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered