Solved: Multiple vlans on aironet 1240 series

Julio E. Moisa · ‎04-03-2011

Good morning

I have configured my aironet 1242 in order to involve multiple ssid's, I put a management ip address on the interface BVI. The interface has been configured on trunk mode on the switch.

Everything works properly with the SSIDs but i am not able to reach the management ip address.

someone has a solution?

Thank you so much.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

dmantill · ‎04-05-2011

At first it seems to be that you are using Vlan 1 as native, that means untagged.

Now we need to make sure that BVI IP address belongs to that vlan IP range.

So, does ip address 172.30.30.101 255.255.255.0 default-gateway 172.30.30.1 belongs to vlan 1?

Now on the other hand, you havent specified the native vlan on the switchport.

Use this command for setting it up.

Switch(config-if)# switchport trunk native vlan 1

shutdown the port and enable it again so it takes affect inmediately.

Let us know the result if it is still not working then we need as I mentioned previously, the vlan information and IP ranges.

Thanks

View solution in original post

dmantill · ‎04-03-2011

Hi

Please reply with show tech from the AP and running configuration from the switch.

Give us some more background abouy vlans used, Ip ranges used per vlan etc...

Julio E. Moisa · ‎04-05-2011

Thank you to all

This is the configuration on the AP

no aaa new-model
!
dot11 ssid Test
   vlan 2
   authentication open
authentication key-management wpa
   guest-mode
   mbssid guest-mode
   wpa-psk ascii 7 1433135F5B0B012D36
!
dot11 ssid test22
   vlan 3
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 072B20181906320305
!
dot11 ssid test3
   vlan 4
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 123D04434504270238
!
power inline negotiation prestandard source
!
!
username Cisco password 7 13261E010803
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 3 mode ciphers aes-ccm tkip
!
encryption vlan 4 mode ciphers aes-ccm tkip
!
ssid Test
!
ssid test22
!
ssid test3
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 242
bridge-group 242 subscriber-loop-control
bridge-group 242 block-unknown-source
no bridge-group 242 source-learning
no bridge-group 242 unicast-flooding
bridge-group 242 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
bridge-group 254 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 3 mode ciphers aes-ccm tkip
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 242
no bridge-group 242 source-learning
bridge-group 242 spanning-disabled
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
!
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 254
no bridge-group 254 source-learning
bridge-group 254 spanning-disabled
!
interface BVI1
ip address 172.30.30.101 255.255.255.0
no ip route-cache
!
ip default-gateway 172.30.30.1
ip http server
no ip http secure-server
!
!
control-plane
!
bridge 1 route ip
!

And this is the configuration on the SW

interface FastEthernet0/35
description WIRELESS
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no shutdown
end

thanks

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

dmantill · ‎04-05-2011

At first it seems to be that you are using Vlan 1 as native, that means untagged.

Now we need to make sure that BVI IP address belongs to that vlan IP range.

So, does ip address 172.30.30.101 255.255.255.0 default-gateway 172.30.30.1 belongs to vlan 1?

Now on the other hand, you havent specified the native vlan on the switchport.

Use this command for setting it up.

Switch(config-if)# switchport trunk native vlan 1

shutdown the port and enable it again so it takes affect inmediately.

Let us know the result if it is still not working then we need as I mentioned previously, the vlan information and IP ranges.

Thanks

Julio E. Moisa · ‎04-05-2011

Hi Dmantill,

Thank you for your quick response,

The ip address does not belong to the native vlan, but please let me create it and i will inform you about it.

Thank you.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Julio E. Moisa · ‎04-09-2011

Dmantill,

Thank you very much!! I am able to reach the management IP address, configuring the native vlan.

Thanks for your help!

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

dmantill · ‎04-10-2011

Awesome! Glad to know is working.

Dont forget to rate the posts and to mark it as solved.

Surendra BG · ‎04-03-2011

Hi,

I guess you have mapped 2 different VLANs to 2 ssids and the Bridge-group 1 is under the Radio interface (dot11 0) , Please create a sub interface for management interface for Radio and the Ethernet on the AP , and bridge group it with 1 and this will help you!!

Thats is..

Assuming We have Vlan 2 and 3 for clients , and Vlan 1 is for Management (No SSID mapped to this Vlan).. then here is the config that we need to do to get the managent interface connectivity..

int dot11 0.1

encap dot1Q 1 native

bridge-group 1

int fa 0.1

encap dot1Q 1 native

bridge-group 1

The above may help you!!

U can use the below link as well.. Its for bridge, but u will get an idea..

https://supportforums.cisco.com/docs/DOC-14496

https://supportforums.cisco.com/docs/DOC-15193

Lemme know if this answered ur question!!

Regards

Surendra

Regards
Surendra BG

Julio E. Moisa · ‎04-05-2011

Thnak you, i have a question for you:

Each interface Dot11Radio must be on the same bridge group?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Surendra BG · ‎04-05-2011

Not to the same bridge group. it should be respective bridge groups.. Thats is dot11 0.4 to Bridge group 5 and etc..

Did this answer??

Regards

Surendra

Regards
Surendra BG

Surendra BG · ‎04-05-2011

Sorry.. a typo..

Not to the same bridge group. it should be respective bridge groups.. Thats is dot11 0.4 to Bridge group 4 and etc..

Did this answer??

Regards

Surendra

Regards
Surendra BG

dmantill · ‎04-05-2011

Surendra

Not really, the AP by itself start from either 255 or from 1, vlan id does NOT need to match the bridge group number

It can, yes, but it is not needed mandatory, in addition whenever you configure the AP using the GUI interface you will see that it generates the bridge groups in different orders usually it starts from 255 however bridgegroup 1 is always going to be for the native vlan...

Surendra BG · ‎04-05-2011

Yup i agree with you.. But the config looks good or easy to check if the respective valn and sub interface are same!! So told that!

Regards

Surendra

Regards
Surendra BG

dmantill · ‎04-05-2011

Yes, indeed... Unfortunately... Cisco way... LOL

fbarboza · ‎04-03-2011

Remember that the cisco aps as you mention need to have an ip address on the bvi1 for managment and we need that the bvi1 is linked to the bridge group 1 and also that is the native vlan of the fa port of the ap and that on the switch this is also the same native vlan of the port where the ap is connected and that the switch has the vlan for managment of the ap on its database

Sent from Cisco Technical Support iPhone App