10-17-2013 06:21 AM - edited 07-04-2021 01:06 AM
Hi All
I currently have a lab in place where I am using multiple Vlans with different Ip ranges using SVI's
I want to add a stand alone AP with the core switch a cting as the DHCP server.
i have 2 vlans 10.8.5.0/24 10.8.6.0/24 I have reserved the 1st 10 address in each ranges.
Gateways vlan 5 10.8.5.1/24
vlan 6 10.8.6.1/24
I want to configure a trunk port on the switch for the AP to connect to
ap(config)#Dot11 ssid HR
ap(config-ssid)#authentication open
ap(config-ssid)#guest-mode
ap(config-ssid)#exit
ap(config)#Dot11 ssid staff
ap(config-ssid)#authentication open
ap(config-ssid)#guest-mode
ap(config-ssid)#exit
Do I simply just need to configure sub interfaces on the radio's and the physical interface using
encapsulation dot1q 5
encapsulation dot1q 6
and adding the bridge groups in on both sets of interfaces.
add the BVI 1 interface 10.8.5.9
will this be enough to get me going ???
Thanks
Will this be
Solved! Go to Solution.
10-21-2013 04:08 AM
Hi James,
Glad to hear that
Please mark the thread as "Answered" if your issue is resolved.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you"
10-21-2013 01:28 PM
Please rate if helpful and mark as answered if your issue is resolved.
You need to match native vlan on AP and trunk port.
Do you have vlan 5 as a native vlan on the trunk port connected to the AP? If not please do it.
HTH
Amjad
Sent from Cisco Technical Support iPad App
10-19-2013 11:23 PM
You need at least one sub-interface to be on the native vlan.
encapsulation dot1q 1 native (supposing that the vlan 1 is the native).
For the others you simply (encapsulation dot1q 5) and same for vlan 6.
BVI 1 ip address must be in native vlan subnet range. It will not work if it is on a tagged VLAN. it must be untagged.
sub-interfaces tagging (and bridge-group number also) must be the same on radio and ethernet intefaces. i.e. subinterface dot11radio0.5 or dot11radio 1.5 must have same encapsulation as fastethernet 0.5 (or gigethernet 0.5).
sample config
mbssid guest-mode ----------> enables multiple SSIDs on the AP.
Dot11 ssid HR
authentication open
mbssid guest-mode --------------> mbssid keyword is needed if multiple SSIDs need to be broadcasted.
vlan 5 --------------> you need to specify the VLAN to which the SSID is mapped.
int dot11radio0
ssid HR ----------> broadcast ssid HR on radio 0.
!
encryption vlan 5 mode cipher .....
!
(same above config need to be applied to dot11radio1 if the WLAN need to be on 5 GHz radio as well).
!
interface dot11radio 0.1
encapsulation dot1q 1 native ---------> this is the native vlan.
bridge-group 1 -----------> bridge group 1 need to be under the native vlan sub-interface.
!
!
interface dot11radio 1.1
encapsulation dot1q 1 native ---------> this is the native vlan.
bridge-group 1 -----------> bridge group 1 need to be under the native vlan sub-interface.
!
!
intreface fastethernet 0.1
encapsulation dot1q 1 native
bridge-group 1
!
!
interface dot11radio 0.5
encapsulation dot1q 5
bridge-group 5
!
interface dot11radio 1.5
encapsulation dot1q 5
bridge-group 5
!
interface fastethernet 0.5
encapsulation dot1q 5
bridge-group 5
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
10-21-2013 02:25 AM
Hi Thanks for that Amjad
for That im still cant get the BVI 1 interface up and the AP to send beacons. I have the output of the config below.
I understand that there may be some additional config in there, that is not relavant.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname
!
logging rate-limit console 9
enable secret 5 $1$I5/V$FSTi6anwaUrW3CXUwlKUX/
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid DE-BO
vlan 6
authentication open
mbssid guest-mode
dot11 ssid UK-BO
vlan 5
authentication open
mbssid guest-mode
!
!
crypto pki trustpoint TP-self-signed-3181700439
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3181700439
revocation-check none
rsakeypair TP-self-signed-3181700439
!
!
username Cisco password 7 14341B180F0B
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
antenna gain 0
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 5 native
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 6
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.1
encapsulation dot1Q 5 native
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 6
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface BVI1
ip address 10.11.0.15 255.255.255.0
no ip route-cache
!
ip http server
ip http authentication local
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
10-21-2013 03:22 AM
Two points I noticed:
- The native VLAN must be in bridge-group 1. remove the bridge-group 1 from the main interface and put it under the sub-interface with the default vlan.
- you need to either use the keyword (dot11 mbssid) globally or you can interchangeably use the keyword (mbssid) under the radio interface (both radio interfaces).
Hope that will fix it.
Rating useful replies is more useful than saying "Thank you"
10-21-2013 03:39 AM
Hi Amjad
I changed the 2 interfaces that have the native vlan to bridge group 1. That brought BVI 1 up.
Thank you for that.
I had to use the use the global dot11 mbssid as you cannot use the singular command under the sub interfaces
I got the following error
%DOT11-4-NO_SSID_VLAN: No SSID with VLAN configured. Dot11Radio0 not started.^Z
10-21-2013 03:45 AM
Hi James,
OK. great. we found one more thing missing
- "mbssid" is a command that is put under the interface itself, not the sub-interface.
- the missing point is adding the SSIDs under the radio interfaces as the below.
interface Dot11Radio0
no ip address
no ip route-cache
ssid DE-BO ----------> those commands are added under the main interface, not the sub-interface.
ssid UK-BO
do the same for Dot11Radio1 interface.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you"
10-21-2013 04:03 AM
Hi Amjad
I di extacly that I went under the dott11radio 0
added the 2 ssid's and enabled mbssid
I also selected channel 6
and the SSID's are now being advertised
Many thanks
10-21-2013 04:08 AM
Hi James,
Glad to hear that
Please mark the thread as "Answered" if your issue is resolved.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you"
10-21-2013 06:56 AM
Hi Amjad
I have another dilema
I can connect to the Vlan 6 ID DE-BO no problem I get the correct IP address and I can get internet connection.
However the Vlan 5 UK-BO (native) I cannot get an address and no internet connection.
Is it possibly something to do with it being Native
I have allowed all vlans on the trunk port at the switch end. Please see the config below
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
logging rate-limit console 9
enable secret 5 $1$I5/V$FSTi6anwaUrW3CXUwlKUX/
!
no aaa new-model
!
!
dot11 mbssid
dot11 syslog
!
dot11 ssid DE-BO
vlan 6
authentication open
mbssid guest-mode
!
dot11 ssid UK-BO
vlan 5
authentication open
mbssid guest-mode
!
!
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid DE-BO
!
ssid UK-BO
!
antenna gain 0
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel 2437
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 5 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 6
no ip route-cache
bridge-group 6
bridge-group 6 subscriber-loop-control
bridge-group 6 block-unknown-source
no bridge-group 6 source-learning
no bridge-group 6 unicast-flooding
bridge-group 6 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
!
interface GigabitEthernet0.1
encapsulation dot1Q 5 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.2
encapsulation dot1Q 6
no ip route-cache
bridge-group 6
no bridge-group 6 source-learning
bridge-group 6 spanning-disabled
!
interface BVI1
ip address 10.11.0.15 255.255.255.0
no ip route-cache
!
ip http server
ip http authentication local
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
sh ip int brief
Interface IP-Address OK? Method Status Protocol
BVI1 10.11.0.15 YES manual up up
Dot11Radio0 unassigned YES NVRAM up up
Dot11Radio0.1 unassigned YES unset up up
Dot11Radio0.2 unassigned YES unset up up
Dot11Radio1 unassigned YES NVRAM administratively down down
GigabitEthernet0 unassigned YES NVRAM up up
GigabitEthernet0.1 unassigned YES unset up up
GigabitEthernet0.2 unassigned YES unset up up
10-21-2013 01:28 PM
Please rate if helpful and mark as answered if your issue is resolved.
You need to match native vlan on AP and trunk port.
Do you have vlan 5 as a native vlan on the trunk port connected to the AP? If not please do it.
HTH
Amjad
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide