05-14-2018 12:45 AM - edited 07-05-2021 08:37 AM
I cannot connect to the managent website of the AP when i use tagging on the gi0 interface.
If i use a BVI 228 interface for VLAN 228 and give it an IP i cannot access to the Ap.
When i use the BVI 1 interface and give it an Ip i can access the Ap but without tagging.
How can i connect by trunking on gi0 to the ap?
05-14-2018 01:12 AM
HI,
paste the complete AP config and swicthport config where AP connected.
Use this posts to understand the link between BVI interface and bridge group:
http://packetlife.net/blog/2012/feb/20/aironet-aps-bridge-groups-and-bvi/
Regards
Dont forget to rate helpful posts
05-14-2018 01:19 AM - edited 05-14-2018 01:20 AM
Here is the config
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname GVBWLAP074
!
!
logging rate-limit console 9
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip source-route
no ip cef
ip domain name xxxxxxxxxxxx
!
!
!
!
dot11 pause-time 100
dot11 syslog
dot11 vlan-name _freeXXXXwifi vlan 1267
!
dot11 ssid _freeXXXXwifi
vlan 1267
authentication open
guest-mode
!
dot11 ssid gvb2002noxx
vlan 228
authentication open
guest-mode
!
!
!
no ipv6 cef
!
!
username admin privilege 15 password 7 xxxxxxxxxxxxxxxxx
!
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 7 xxxxxxxxxxxxxxxx transmit-key
encryption mode wep mandatory
!
ssid gvb2002noxx
!
antenna transmit right-a
antenna receive right-a
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0
packet retries 64 drop-packet
channel 2432
station-role root
rts threshold 2312
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.228
encapsulation dot1Q 228
no ip route-cache
bridge-group 228
bridge-group 228 subscriber-loop-control
bridge-group 228 spanning-disabled
bridge-group 228 block-unknown-source
no bridge-group 228 source-learning
no bridge-group 228 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid _freeXXXXwifi
!
antenna gain 0
peakdetect
no dfs band block
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet retries 64 drop-packet
channel dfs
station-role root access-point
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.1267
encapsulation dot1Q 1267
no ip route-cache
ipv6 address dhcp
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet1
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet1.228
encapsulation dot1Q 228
bridge-group 228
bridge-group 228 spanning-disabled
no bridge-group 228 source-learning
!
interface GigabitEthernet1.1267
encapsulation dot1Q 1267
bridge-group 255
bridge-group 255 spanning-disabled
no bridge-group 255 source-learning
!
interface BVI1
no ip address
no ip route-cache
!
interface BVI228
mac-address 2c5a.0fa0.cf8a
ip address 10.94.20.74 255.255.0.0
!
ip default-gateway 10.94.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smb
ip radius source-interface BVI1
!
logging host 10.94.1.2
logging host 10.94.90.2
!
radius-server attribute 32 include-in-access-req format %h
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
length 0
transport input all
!
sntp server 10.94.10.250
end
05-14-2018 02:26 AM
05-14-2018 02:35 AM
okay this works but now i have a untagged vlan 228 as native.
this is okay for me so i can live with it.
best regards
05-14-2018 02:36 AM
Glad it helped.
Please mark the question as answered. It may help others.
Regards
Dont forget to rate helpful posts
05-23-2018 11:53 PM
No it does not work.
So the BVI 1 interface is not tagged. So i can only access the AP when i take BVI 1 as native Vlan.
I would connect the Ap by an other ip as the native VLAN. So maybe by BVI 10 so vlan10. This interface is tagged.
best regards
05-14-2018 02:38 AM
with Tagged vlan, it must also work.
Check my posts about it:
https://rscciew.wordpress.com/2014/05/24/multiple-ssid-configurations-on-autonomous-ap/
Regards
Dont forget to rate helpful posts
05-14-2018 01:27 AM
Here is the config
Current configuration : 4322 bytes
!
! Last configuration change at 17:23:39 CET Fri May 11 2018 by admin
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname GVBWLAP074
!
!
logging rate-limit console 9
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip source-route
no ip cef
ip domain name xxxxxxxxxxxx
!
!
!
!
dot11 pause-time 100
dot11 syslog
dot11 vlan-name _freeXXXXwifi vlan 1267
!
dot11 ssid _freeXXXwifi
vlan 1267
authentication open
guest-mode
!
dot11 ssid gvb2002noxx
vlan 228
authentication open
guest-mode
!
!
!
no ipv6 cef
!
!
username admin privilege 15 password 7 xxxxxxxxxxxxxxxxx
!
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 128bit 7 xxxxxxxxxxxxxxxx transmit-key
encryption mode wep mandatory
!
ssid gvb2002noxx
!
antenna transmit right-a
antenna receive right-a
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0
packet retries 64 drop-packet
channel 2432
station-role root
rts threshold 2312
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.228
encapsulation dot1Q 228
no ip route-cache
bridge-group 228
bridge-group 228 subscriber-loop-control
bridge-group 228 spanning-disabled
bridge-group 228 block-unknown-source
no bridge-group 228 source-learning
no bridge-group 228 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid _freeXXXXwifi
!
antenna gain 0
peakdetect
no dfs band block
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet retries 64 drop-packet
channel dfs
station-role root access-point
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.1267
encapsulation dot1Q 1267
no ip route-cache
ipv6 address dhcp
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet1
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet1.228
encapsulation dot1Q 228
bridge-group 228
bridge-group 228 spanning-disabled
no bridge-group 228 source-learning
!
interface GigabitEthernet1.1267
encapsulation dot1Q 1267
bridge-group 255
bridge-group 255 spanning-disabled
no bridge-group 255 source-learning
!
interface BVI1
no ip address
no ip route-cache
!
interface BVI228
mac-address 2c5a.0fa0.cf8a
ip address 10.94.20.74 255.255.0.0
!
ip default-gateway 10.94.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smb
ip radius source-interface BVI1
!
logging host 10.94.1.2
logging host 10.94.90.2
!
radius-server attribute 32 include-in-access-req format %h
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
length 0
transport input all
!
sntp server 10.94.10.250
end
05-14-2018 01:39 AM
change this and try again:
no bridge 1 route ip
bridge 228 route ip
Regards
Dontf orget to arte helpful posts
05-14-2018 02:18 AM
i cannot delete bridge 1 route ip
no bridge 1 route ip .........not allowed
bridge 228 route ip ..... i have configured
I cannot access the Ap
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide