09-20-2010 11:59 PM - edited 07-03-2021 07:11 PM
Hi
I have two controllers running code 6.0.182 and one guest controller with same version.
I can see the tunnel UP(Both control and data path) in both controller.
Guest users are authenticated by web authentication.Suddenly guest users become too slow to access internet.Web authentication is successfull.But its too slow to access internet.Did anyone face the same issue.Pls reply me at the earliest.
Regards
Danish Ahammed
10-13-2010 01:57 AM
Hi Nicolas,
It was typo error , Vlan 40 and Vlan 1 are not on the same subnet.
I just want to know , if i need to create another default Gateway for Vlan 40 on SWITCH.
I know that there is only one default gateway per AP, which i did. and i have the two Vlans configured already on AP.
My Question is what you mean by Bridging them ; "simply bridging them. One switch somewhere having a vlan interface for both vlan 1 and 40 and a dhcp pool for each subnet."
is it on Switch or AP. And How?
Dak
10-13-2010 01:10 AM
Hi,
Here you can follow a detailed config example for IOS AP with 2 VLANs, including the configuration on the L3 switch for the VLAN interfaces and dhcp pools:
Hope this helps.
Tiago
PS. Next time please open a discussion for your setup as it has nothing to do with the original post..The original post was for LWAPP deployment.
Yours is for Autonomous AP.
10-13-2010 02:02 AM
Hi,
I can not open link you sent " http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a0080665ceb.shtml. I will need Password to open it. Could you send me other link without Password ?
Dak
10-13-2010 02:33 AM
10-13-2010 07:10 AM
Hello ,
I tried to configures int vlan 40 and enable it with "no shutdwon",
when i check on the interface , it is down dwon
VLAN40 10.0.0.18 YES NVRAM administratively down down .
Any Help
DAk
10-13-2010 09:30 AM
As any L3 VLAN, the VLAN needs to be configured on the switch and will only come up if you have it on an interface.
You need to create the vlan, create the vlan interface and add it to the allowed vlan list on the trunk where the AP is connected.
Have you gone through the document i suggested to you?
Did it helped?
Thanks,
Tiago
10-13-2010 11:03 PM
Hello Tiago,
I appriciate all your effort, i want you to know what i did already and if i am wrong in my configuration let me know .
On SWITCH I created access Vlan for GUEST and Phone
Int fa0/12
Switchport mode access
switchport access vlan 40 >>>>> GUEST VLAN
switchport voice vlan 10 >>>>>>>Phone VLAN
spanning-tree portfast
still Int vlan 40 is still the same ( down down)
Incase you want more information let me now. the switch is Cisco 3548 XL
10-13-2010 11:53 PM
Hi,
Is that the config of the port where the AP is connected???
Why would you configure a switchport voice vlan there??
Where have you seen to configure an access port where you have the AP connected on the document i sent you?
Can you just follow the document?
The config on the port where the AP is connected should be something like:
Switch#configure terminal
Switch
!−−− Enter the interface mode for Fast Ethernet 0/10
Switch
!−−− Configure the switch port mode to trunk mode.
Switch
!−−− Configure the encapsulation on the switch port to dot1q.
Switch
!−−− Configure the native VLAN as VLAN x.
Switch
!−−− Configure the list of VLANs that are allowed on the trunk port.
Switch
Thanks,
Tiago
10-14-2010 01:47 AM
Tiago,
No that is not the port AP is going to be pluged in, the configuration was already there before think of AP .I just want to inform you that Guest network or Vlan is already defines in some port. I know that AP port need to be Trunk .which i did already and at the port i allowed all vlans.
Regards
dak
10-14-2010 02:00 AM
Ok, so are those interfaces up?
Can you share with us the output of "sh int status" and "sh vlan"?
Thanks,
Tiago
10-14-2010 03:53 AM
Hi,
I will get back to you latter , i am at different site.
Dak
10-14-2010 10:23 AM
Hello Tiago,
Here is all the info you requested for .But i have not plug AP into any port
are these
1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/6,
Fa0/8, Fa0/10, Fa0/12, Fa0/13,
Fa0/14, Fa0/17, Fa0/21, Fa0/22,
Fa0/23
2 DATA_rfarafarrfa active
20 VOICE_voippppp active Fa0/5, Fa0/15, Fa0/16, Fa0/18,
Fa0/19, Fa0/24
21 VOICE_Prorama12 active
50 Weada active Fa0/7
51 VB_PErafaraf_1 active Fa0/9
40 GUEST active Fa0/20
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
===================================
Fa0/8 notconnect 1 Auto Auto 100BaseTX/FX
Fa0/9 XXXXXXXXXXXX1 connected 51 Full 100 100BaseTX/FX
Fa0/10 notconnect 1 Auto Auto 100BaseTX/FX
Fa0/11 PC + PHONE connected trunk A-Full A-100 100BaseTX/FX
Fa0/12 notconnect 1 Auto Auto 100BaseTX/FX
Fa0/13 CCCCCCCCCCCC notconnect 1 Auto Auto 100BaseTX/FX
Fa0/14 PPPPPPPPPPPPP notconnect 1 Auto Auto 100BaseTX/FX
Fa0/15 VOIP connected 20 Full 100 100BaseTX/FX
Fa0/16 VOIP connected 20 Full 100 100BaseTX/FX
Fa0/17 cravafabsbs nic 2 connected 1 Full A-100 100BaseTX/FX
Fa0/18 VOIP connected 20 Full 100 100BaseTX/FX
Fa0/19 top PC notconnect 20 Auto Auto 100BaseTX/FX
Fa0/20 VLAN 40 GUEST Inte notconnect 40 Auto Auto 100BaseTX/FX
Port Name Status Vlan Duplex Speed Type
10-14-2010 11:45 PM
Hi,
So looking at your post it is clear why the VLAN is down...
The VLAN will only come up if the VLAN is active in any port of the switch.
And looking at the output, you only have VLAN 40 assigned to one interface, and that interface is not connected "Fa0/20 VLAN 40 GUEST Inte notconnect 40 " so untill you connect a device to this interface, it will always remain DOWN.
HTH,
Tiago
--
If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.
10-15-2010 01:26 AM
Thanks
i will get back to you . I am on other site.
Regards,
Dak
10-18-2010 07:32 AM
Hi Tiago,
I just want to inform you that the AP can not connect to GUEST . Here are the information for trouble shooting.
1.
Oct 18 14:17:03.120: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:17:30.080: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:17:30.141: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:18:04.439: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:18:04.606: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:18:05.650: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:18:10.229: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:18:42.313: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:18:46.923: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 402b.a1d2.5
1aa Associated KEY_MGMT[WPA PSK]
Oct 18 14:19:04.485: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:19:18.970: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 402b.a1d2.51aa Reason: Sending station has left the BSS
Oct 18 14:19:34.492: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:20:20.041: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:20:50.049: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:21:01.792: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:21:31.799: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:21:45.636: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
Oct 18 14:22:15.647: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0024.9f52.c99f Reason: Sending station has left the BSS
Oct 18 14:22:34.543: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0024.9f52.c
99f Associated KEY_MGMT[WPA PSK]
2. show ip int brief :
ocol
VLAN1 10.21.48.44 YES NVRAM up up >>>>>>>>>>> NATIVE VLAN
VLAN9 unassigned YES unset administratively down down
VLAN40 10.21.41.2 YES manual administratively down down>>>> GUEST VLAN
FastEthernet0/1 unassigned YES unset down down
FastEthernet0/2 unassigned YES unset down down
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
3. on AP show ip int brief
ocol
BVI1 10.10.48.X YES NVRAM up up
Dot11Radio0 unassigned YES NVRAM up up
Dot11Radio0.1 unassigned YES unset up up
Dot11Radio0.30 unassigned YES unset up up
Dot11Radio0.40 unassigned YES unset up up
GigabitEthernet0 unassigned YES NVRAM up up
GigabitEthernet0.1 unassigned YES unset up up
GigabitEthernet0.40 unassigned YES unset up up
4. Trunk Port configure and AP install in Switch port as well
Building configuration..
Current configuration:
!
interface FastEthernet0/25
description TRUNK-to- GUEST Wireless
speed 100
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,40,1002-1005
switchport mode trunk
spanning-tree portfast
spanning-tree rootguard
5. Admin User can connect and browse internet ,but the Guest user can not connect.
This is where i need solution>
I read the pdf you sent, and my Configuration is nearly the same. except hat i used TACAC & Radius server.
Regards,
Dak
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: