08-07-2005 09:49 PM - edited 07-04-2021 11:01 AM
Hi:
i have two vlans in my network vlan 1 and vlan 30 , i try to configure my AP (1200) to have the two vlan 1 and 30,by give to ssid for each vlan, but my problem that the vlan 1 is work AP , but the vlan 30 doesnt being added to vlan, it can authenticate using leap but cant connect to any station in vlan 30, the following are my configuration for the AP:
aaa session-id common
dot11 network-map
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip wep128
!
encryption vlan 1 mode ciphers tkip wep128
!
encryption vlan 30 mode ciphers tkip wep128
!
ssid root
vlan 1
authentication network-eap eap_methods mac-address mac_methods
!
ssid root1
vlan 30
authentication network-eap eap_methods mac-address mac_methods
!
world-mode
speed basic-1.0 2.0 5.5 11.0
rts threshold 2312
channel 2422
station-role root
l2-filter bridge-group-acl
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
l2-filter bridge-group-acl
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
no bridge-group 30 source-learning
bridge-group 30 spanning-disabled
!
interface BVI1
ip address 10.100.3.26 255.255.252.0
no ip route-cache
!
ip default-gateway 10.100.1.1
ip http server
ip http authentication aaa
ip radius source-interface BVI1
logging history errors
logging facility local3
snmp-server community xxx
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps wlan-wep
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps aaa_server
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server host 172.20.228.71 msg
radius-server local
nas 10.100.2.70 key xxx
nas 172.20.228.70 key xxx
!
radius-server host 172.20.228.70 auth-port 1645 acct-port 1646 key xxxx
radius-server host 10.100.2.70 auth-
08-08-2005 03:23 AM
Hi ,
have you configured the switch port to which the AP is connected to in Trunk?
08-08-2005 04:03 AM
ya, i configure the switch as mode trunk, but doesnt work.
02-22-2006 02:03 PM
VLAN 1 is a native VLAN by default. Change ssid root to any VLAN but not VLAN 1.
02-23-2006 02:53 PM
Below is an example of what we have for our switch orts. We have 5 separate vlans tied to 5 separate security settings. Which range from open to EAP-FAST The IP address of the BVI1 should match your native vlan subnet. Also, how are you doing authentication for the users to be assigned to a particular vlan. We use ACS and tie the ap into authenticating to acs, which will drop them in the correct vlan.
switchport trunk encapsulation dot1q
switchport trunk native vlan 170
switchport trunk allowed vlan 76,158,162,165,170
switchport mode trunk
speed 100
duplex full
03-07-2006 08:13 AM
I don't see the interface BVI30 in your config. The BVI interface is what ties all the parts together that are in bridge-group 30. Without it, all the pieces in bridge-group 30 are not connected. Add the BVI30 interface and you should be all set.
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide