Re: AP 1242 VLAN question

mrocha · ‎06-09-2008

I am trying to set up a new WAP in a remote facility. This set-up is a mirror of the setup that we have in our corp office (with obvious differences that are site specific).

I am trying to configure this so that there are two VLANs. VLAN 10 is set specifically for data and all laptops are authenticating against a RADIUS server back at corp. VLAN 20 is set for Voice and is using pre-shared keys between the wireless phones we use and the AP.

interface FastEthernet0.10

encapsulation dot1Q 10 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

interface FastEthernet0.20

encapsulation dot1Q 20

no ip route-cache

bridge-group 2

no bridge-group 2 source-learning

bridge-group 2 spanning-disabled

interface BVI1

ip address 172.16.152.5 255.255.252.128

no ip route-cache

The port on the 3750 switch onsite is set as a trunk port:

interface FastEthernet1/0/45

switchport trunk encapsulation dot1q

switchport mode trunk

The problem that i'm having is that I can only get one VLAN to work at one time. The IP address/Subnet mask for the BVI interface correspond to the VLAN 10 subnetting scheme. I also played around with the trunk settings on the switch (by adding the voice vlan 20 command to push voice in that direction). But no matter what, if VLAN 10 is working (and laptops are authenticating against RADIUS) the phones will not work and vice versa.

Any help would be appreciated.

bbxie · ‎06-09-2008

You do not need to configure a bridge group on the subinterface that you set up as the native VLAN. This bridge group is moved to the native subinterface automatically to maintain the link to BVI 1, which represents both the radio and Ethernet interfaces; bridge-group number should be the same as vlan number; 3750 need to use same native vlan as AP. so make following changes:

1. delete bridge-group 1 under int f0.10,

2. change bridge-group 2 under int f0.20 to bridge-group 20.

3. in 3750, under int f1/0/45, add: switchport trunk native vlan 10

Farrukh Haroon · ‎06-09-2008

You need to set the native vlan to match your management vlan (subnet 172.16.152.5). Also you have a pretty weird subnet mask configured 255.255.252.128?

This is a working config, for vlans 222 and 208:

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

hold-queue 160 in

!

interface FastEthernet0.222

encapsulation dot1Q 222

no ip route-cache

bridge-group 222

no bridge-group 222 source-learning

bridge-group 222 spanning-disabled

!

interface FastEthernet0.208

encapsulation dot1Q 208

no ip route-cache

bridge-group 208

no bridge-group 208 source-learning

bridge-group 208 spanning-disabled

Also it is better to restrict you trunk port like this:

switchport trunk encapsulation dot1q

switchport trunk native vlan 300

switchport trunk allowed vlan 222,208,300

switchport mode trunk

Assuming 300 is the Mgmt. VLAN and the others are for the Wireless USers.

Regards

Farrukh

pradeepk_123 · ‎06-10-2008

Hi,

Could you provide the entire configuration. Check the below template.. It might help

dot11 ssid data

vlan 20

authentication open

guest-mode

mbssid guest-mode

!

dot11 ssid voice

vlan 10

authentication open

mbssid guest-mode

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.10

encapsulation dot1Q 10

no ip route-cache

bridge-group 10

bridge-group 10 subscriber-loop-control

bridge-group 10 block-unknown-source

no bridge-group 10 source-learning

no bridge-group 10 unicast-flooding

bridge-group 10 spanning-disabled

!

interface Dot11Radio0.20

encapsulation dot1Q 20

no ip route-cache

bridge-group 20

bridge-group 20 subscriber-loop-control

bridge-group 20 block-unknown-source

no bridge-group 20 source-learning

no bridge-group 20 unicast-flooding

bridge-group 20 spanning-disabled

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 10 key 1 size 40bit 7 E7898F31C4BE transmit-key

encryption vlan 10 mode wep mandatory

!

encryption mode wep mandatory

!

encryption vlan 20 key 1 size 40bit 7 32B4B7CFE0F6 transmit-key

encryption vlan 20 mode wep mandatory

!

ssid data

!

ssid voice

!

mbssid

station-role root

!