05-04-2009 04:24 AM - edited 07-03-2021 05:32 PM
I'm configuring an AP1130 AG with two vlans: one for the managemement and one for the WiFi users. The customer does not want to use the VLAN 1. I created radio interface 0.<management vlan> and 0.<WiFi VLAN> using two specific bridge-groups (different from 1). My question is the following: under the main radio interface there are the references of the bridge group 1 that I did not use. Can I leave it or must I replace it with the bridge group that I used for the management vlan?
Thank you very much
05-04-2009 04:53 AM
Yes, you should remove all references to bridge-groups on your actual Dot0 and Fa0 interfaces. It's also necessary to create subinterfaces on your Fa0 interface, just in case you didn't do that.
Keep in mind that you should use bridge-group 1 on your native VLAN, so if your management VLAN is the native then it should be on bridge-group 1. Either way, you should have a subinterface on Fa0 for your native VLAN, otherwise you won't be able to telnet to the AP.
If you want to post your configuration, we can probably be of more help. Hopefully that works for you though.
Jeff
05-04-2009 05:07 AM
Thank you.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname
!
enable secret 5 $1$cCq2$xiXU5xj9FOzWTNvhpmvVr.
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.0.1 auth-port 1812 acct-port 1813
server 192.168.0.2 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
!
aaa session-id common
!
!
!
dot11 ssid XYZ
vlan 117
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
!
power inline negotiation prestandard source
!
!
username cisco password cisco
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 117 mode ciphers tkip
!
encryption vlan 102 key 1 size 128bit 7 D27D726E54606C44B67B17586243 transmit-key
encryption vlan 102 mode wep mandatory
!
ssid XYZ
!
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.102
encapsulation dot1Q 102 native
no ip route-cache
bridge-group 102
bridge-group 102 subscriber-loop-control
bridge-group 102 block-unknown-source
no bridge-group 102 source-learning
no bridge-group 102 unicast-flooding
bridge-group 102 spanning-disabled
!
interface Dot11Radio0.117
encapsulation dot1Q 117
no ip route-cache
bridge-group 117
bridge-group 117 subscriber-loop-control
bridge-group 117 block-unknown-source
no bridge-group 117 source-learning
no bridge-group 117 unicast-flooding
bridge-group 117 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 117 mode ciphers tkip
!
encryption vlan 102 key 1 size 128bit 7 D27D726E54606C44B67B17586243 transmit-key
encryption vlan 102 mode wep mandatory
!
ssid XYZ
!
no dfs band block
channel dfs
station-role root
bridge-group 102
bridge-group 102 subscriber-loop-control
bridge-group 102 block-unknown-source
no bridge-group 102 source-learning
no bridge-group 102 unicast-flooding
bridge-group 102 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.102
encapsulation dot1Q 102 native
ip address 10.10.10.1 255.255.255.0
no ip route-cache
bridge-group 102
no bridge-group 102 source-learning
bridge-group 102 spanning-disabled
!
interface FastEthernet0.117
encapsulation dot1Q 117
ip address 10.11.10.1 255.255.255.0
no ip route-cache
bridge-group 117
no bridge-group 117 source-learning
bridge-group 117 spanning-disabled
!
interface BVI1
no ip address
no ip route-cache
!
ip default-gateway 10.11.10.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key 7 dsdsd
radius-server host 192.168.0.2 auth-port 1812 acct-port 1813 key 7 deafsgtggfsgfsgv
bridge 1 route ip
SO I must to remove under the dot11 radio 0 and 1 the references for the bridge-group1? if under the fast ethernet 0.102 I put bridge group 1 I lose the connection from the switch. It seems a link between bridge group 1 and vlan 1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide