Showing results for 
Search instead for 
Did you mean: 

Management ssh http Cisco 1532

I cannot connect to the managent website of the AP when i use tagging on the gi0 interface. 


If i use a BVI 228 interface for VLAN 228 and give it an IP i cannot access to the Ap.


When i use the BVI 1 interface and give it an Ip i can access the Ap but without tagging.


How can i connect by trunking on gi0 to the ap?


10 Replies 10

Sandeep Choudhary
VIP Alumni
VIP Alumni


paste the complete AP config and swicthport config where AP connected.



Use this posts to understand the link between BVI interface and bridge group:



Dont forget to rate helpful posts

Here is the config


version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
hostname GVBWLAP074
logging rate-limit console 9
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip source-route
no ip cef
ip domain name xxxxxxxxxxxx
dot11 pause-time 100
dot11 syslog
dot11 vlan-name _freeXXXXwifi vlan 1267
dot11 ssid _freeXXXXwifi
vlan 1267
authentication open
dot11 ssid gvb2002noxx
vlan 228
authentication open
no ipv6 cef
username admin privilege 15 password 7 xxxxxxxxxxxxxxxxx
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption key 1 size 128bit 7 xxxxxxxxxxxxxxxx transmit-key
encryption mode wep mandatory
ssid gvb2002noxx
antenna transmit right-a
antenna receive right-a
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0
packet retries 64 drop-packet
channel 2432
station-role root
rts threshold 2312
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.228
encapsulation dot1Q 228
no ip route-cache
bridge-group 228
bridge-group 228 subscriber-loop-control
bridge-group 228 spanning-disabled
bridge-group 228 block-unknown-source
no bridge-group 228 source-learning
no bridge-group 228 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
ssid _freeXXXXwifi
antenna gain 0
no dfs band block
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet retries 64 drop-packet
channel dfs
station-role root access-point
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.1267
encapsulation dot1Q 1267
no ip route-cache
ipv6 address dhcp
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
interface GigabitEthernet0
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet1
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet1.228
encapsulation dot1Q 228
bridge-group 228
bridge-group 228 spanning-disabled
no bridge-group 228 source-learning
interface GigabitEthernet1.1267
encapsulation dot1Q 1267
bridge-group 255
bridge-group 255 spanning-disabled
no bridge-group 255 source-learning
interface BVI1
no ip address
no ip route-cache
interface BVI228
mac-address 2c5a.0fa0.cf8a
ip address
ip default-gateway
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path
ip radius source-interface BVI1
logging host
logging host
radius-server attribute 32 include-in-access-req format %h
bridge 1 route ip
line con 0
line vty 0 4
length 0
transport input all
sntp server

Try attached config..


On swicth side use:


switchport mode trunk

switchport trunk native vlan 228

sw trunk allowed vlan 228,1267



Dontf orget to rate helpful posts


okay this works but now i have a untagged vlan 228 as native.


this is okay for me so i can live with it.


best regards


Glad it helped.


Please mark the question as answered. It may help others.



Dont forget to rate helpful posts

No it does not work.

So the BVI 1 interface is not tagged. So i can only access the AP when i take BVI 1 as native Vlan. 


I would connect the Ap by an other ip as the native VLAN. So maybe by BVI 10 so vlan10. This interface is tagged.


best regards


with Tagged vlan, it must also work.

Check my posts about it:



Dont forget to rate helpful posts

Here is the config

Current configuration : 4322 bytes
! Last configuration change at 17:23:39 CET Fri May 11 2018 by admin
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
hostname GVBWLAP074
logging rate-limit console 9
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip source-route
no ip cef
ip domain name xxxxxxxxxxxx
dot11 pause-time 100
dot11 syslog
dot11 vlan-name _freeXXXXwifi vlan 1267
dot11 ssid _freeXXXwifi
vlan 1267
authentication open
dot11 ssid gvb2002noxx
vlan 228
authentication open
no ipv6 cef
username admin privilege 15 password 7 xxxxxxxxxxxxxxxxx
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption key 1 size 128bit 7 xxxxxxxxxxxxxxxx transmit-key
encryption mode wep mandatory
ssid gvb2002noxx
antenna transmit right-a
antenna receive right-a
antenna gain 0
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0
packet retries 64 drop-packet
channel 2432
station-role root
rts threshold 2312
no dot11 extension aironet
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.228
encapsulation dot1Q 228
no ip route-cache
bridge-group 228
bridge-group 228 subscriber-loop-control
bridge-group 228 spanning-disabled
bridge-group 228 block-unknown-source
no bridge-group 228 source-learning
no bridge-group 228 unicast-flooding
interface Dot11Radio1
no ip address
no ip route-cache
ssid _freeXXXXwifi
antenna gain 0
no dfs band block
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
packet retries 64 drop-packet
channel dfs
station-role root access-point
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.1267
encapsulation dot1Q 1267
no ip route-cache
ipv6 address dhcp
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
interface GigabitEthernet0
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet1
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet1.228
encapsulation dot1Q 228
bridge-group 228
bridge-group 228 spanning-disabled
no bridge-group 228 source-learning
interface GigabitEthernet1.1267
encapsulation dot1Q 1267
bridge-group 255
bridge-group 255 spanning-disabled
no bridge-group 255 source-learning
interface BVI1
no ip address
no ip route-cache
interface BVI228
mac-address 2c5a.0fa0.cf8a
ip address
ip default-gateway
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path
ip radius source-interface BVI1
logging host
logging host
radius-server attribute 32 include-in-access-req format %h
bridge 1 route ip
line con 0
line vty 0 4
length 0
transport input all
sntp server

change this and try again:


no bridge 1 route ip

bridge 228 route ip



Dontf orget to arte helpful posts

i cannot delete   bridge 1 route ip


no bridge 1 route ip      .........not allowed 


bridge 228 route ip      ..... i have configured


I cannot access the Ap




Review Cisco Networking for a $25 gift card