04-03-2011 02:10 AM - edited 07-03-2021 08:02 PM
Good morning
I have configured my aironet 1242 in order to involve multiple ssid's, I put a management ip address on the interface BVI. The interface has been configured on trunk mode on the switch.
Everything works properly with the SSIDs but i am not able to reach the management ip address.
someone has a solution?
Thank you so much.
Solved! Go to Solution.
04-05-2011 08:09 AM
At first it seems to be that you are using Vlan 1 as native, that means untagged.
Now we need to make sure that BVI IP address belongs to that vlan IP range.
So, does ip address 172.30.30.101 255.255.255.0 default-gateway 172.30.30.1 belongs to vlan 1?
Now on the other hand, you havent specified the native vlan on the switchport.
Use this command for setting it up.
Switch(config-if)# switchport trunk native vlan 1
shutdown the port and enable it again so it takes affect inmediately.
Let us know the result if it is still not working then we need as I mentioned previously, the vlan information and IP ranges.
Thanks
04-03-2011 02:35 AM
Hi
Please reply with show tech from the AP and running configuration from the switch.
Give us some more background abouy vlans used, Ip ranges used per vlan etc...
04-05-2011 07:32 AM
Thank you to all
This is the configuration on the AP
no aaa new-model
!
dot11 ssid Test
vlan 2
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 1433135F5B0B012D36
!
dot11 ssid test22
vlan 3
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 072B20181906320305
!
dot11 ssid test3
vlan 4
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 123D04434504270238
!
power inline negotiation prestandard source
!
!
username Cisco password 7 13261E010803
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 3 mode ciphers aes-ccm tkip
!
encryption vlan 4 mode ciphers aes-ccm tkip
!
ssid Test
!
ssid test22
!
ssid test3
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 242
bridge-group 242 subscriber-loop-control
bridge-group 242 block-unknown-source
no bridge-group 242 source-learning
no bridge-group 242 unicast-flooding
bridge-group 242 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 3 mode ciphers aes-ccm tkip
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 242
no bridge-group 242 source-learning
bridge-group 242 spanning-disabled
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
!
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 254
no bridge-group 254 source-learning
bridge-group 254 spanning-disabled
!
interface BVI1
ip address 172.30.30.101 255.255.255.0
no ip route-cache
!
ip default-gateway 172.30.30.1
ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 route ip
!
And this is the configuration on the SW
interface FastEthernet0/35
description WIRELESS
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdown
end
thanks
04-05-2011 08:09 AM
At first it seems to be that you are using Vlan 1 as native, that means untagged.
Now we need to make sure that BVI IP address belongs to that vlan IP range.
So, does ip address 172.30.30.101 255.255.255.0 default-gateway 172.30.30.1 belongs to vlan 1?
Now on the other hand, you havent specified the native vlan on the switchport.
Use this command for setting it up.
Switch(config-if)# switchport trunk native vlan 1
shutdown the port and enable it again so it takes affect inmediately.
Let us know the result if it is still not working then we need as I mentioned previously, the vlan information and IP ranges.
Thanks
04-05-2011 09:00 AM
Hi Dmantill,
Thank you for your quick response,
The ip address does not belong to the native vlan, but please let me create it and i will inform you about it.
Thank you.
04-09-2011 11:35 PM
Dmantill,
Thank you very much!! I am able to reach the management IP address, configuring the native vlan.
Thanks for your help!
04-10-2011 06:40 AM
Awesome! Glad to know is working.
Dont forget to rate the posts and to mark it as solved.
04-03-2011 05:48 AM
Hi,
I guess you have mapped 2 different VLANs to 2 ssids and the Bridge-group 1 is under the Radio interface (dot11 0) , Please create a sub interface for management interface for Radio and the Ethernet on the AP , and bridge group it with 1 and this will help you!!
Thats is..
Assuming We have Vlan 2 and 3 for clients , and Vlan 1 is for Management (No SSID mapped to this Vlan).. then here is the config that we need to do to get the managent interface connectivity..
int dot11 0.1
encap dot1Q 1 native
bridge-group 1
int fa 0.1
encap dot1Q 1 native
bridge-group 1
The above may help you!!
U can use the below link as well.. Its for bridge, but u will get an idea..
https://supportforums.cisco.com/docs/DOC-14496
https://supportforums.cisco.com/docs/DOC-15193
Lemme know if this answered ur question!!
Regards
Surendra
04-05-2011 07:43 AM
Thnak you, i have a question for you:
Each interface Dot11Radio must be on the same bridge group?
04-05-2011 07:49 AM
Not to the same bridge group. it should be respective bridge groups.. Thats is dot11 0.4 to Bridge group 5 and etc..
Did this answer??
Regards
Surendra
04-05-2011 07:51 AM
Sorry.. a typo..
Not to the same bridge group. it should be respective bridge groups.. Thats is dot11 0.4 to Bridge group 4 and etc..
Did this answer??
Regards
Surendra
04-05-2011 08:22 AM
Surendra
Not really, the AP by itself start from either 255 or from 1, vlan id does NOT need to match the bridge group number
It can, yes, but it is not needed mandatory, in addition whenever you configure the AP using the GUI interface you will see that it generates the bridge groups in different orders usually it starts from 255 however bridgegroup 1 is always going to be for the native vlan...
04-05-2011 08:30 AM
Yup i agree with you.. But the config looks good or easy to check if the respective valn and sub interface are same!! So told that!
Regards
Surendra
04-05-2011 08:42 AM
Yes, indeed... Unfortunately... Cisco way... LOL
04-03-2011 09:59 AM
Remember that the cisco aps as you mention need to have an ip address on the bvi1 for managment and we need that the bvi1 is linked to the bridge group 1 and also that is the native vlan of the fa port of the ap and that on the switch this is also the same native vlan of the port where the ap is connected and that the switch has the vlan for managment of the ap on its database
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide