cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
694
Views
0
Helpful
6
Replies

question about configuration cisco ap aironet 1100... why does it disconnect?

Essam H
Beginner
Beginner

I have Cisco AP Aironet 1100 and I have 5 vlans in my network as the fallowing:

vlan101 with name (APmangm101)
vlan4 with name (Voice4)
vlan6 with name (User6)
vlan8 with name (inter8)

and vlan100 is native vlan

step1
I configured the SSID and Map it to respective VLANs (vlan4,vlan6,vla8)as the fallowing:

Dot11 ssid Voice4
vlan 4
authentication open
authentication key-managment wpa
wpa-psk ascii admin4444
mbssid guest-mode
exit

Dot11 ssid User6
vlan 6
authentication open
authentication key-managment wpa
wpa-psk ascii admin666
mbssid guest-mode
exit

Dot11 ssid inter8
vlan8
authentication open
authentication key-managment wpa
wpa-psk ascii admin888
mbssid guest-mode
exit

Step 2
Assigning the encryption to different SSIDs with repective Vlans.


int dot11Radio 0
mbssid
encryption vlan 4 mode ciphers aes-ccm
encryption vlan 6 mode ciphers aes-ccm
encryption vlan 8 mode ciphers aes-ccm
ssid Voice4
ssid User6
ssid inter8

Step 3
Configuring the sub interface for Dot11 radio 0 and Ethernet

interface Dot11Radio0.100
encapsulation dot1Q 100 native
bridge-group 100
exit

interface fastethernet0.100
bridge-group 100
encapsulation dot1Q 100 native
exit


interface Dot11Radio0.101
encapsulation dot1Q 101
bridge-group 101
exit


interface fastethernet0.101
bridge-group 101
encapsulation dot1Q 101
exit


interface Dot11Radio0.4
encapsulation dot1Q 4
bridge-group 4
exit


interface fastethernet0.4
bridge-group 4
encapsulation dot1Q 4
exit


interface Dot11Radio0.6
encapsulation dot1Q 6
bridge-group 6
exit


interface fastethernet0.6
bridge-group 6
encapsulation dot1Q 6
exit

interface Dot11Radio0.8
encapsulation dot1Q 8
bridge-group 8
exit


interface fastethernet0.8
bridge-group 8
encapsulation dot1Q 8
exit

bridge irb
bridge 1 route ip
exit


Step 4
Configuration on the switch

int g1/0/3
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan 100,101,4,6,8
exit

=======================================================
My question:
1-The AP is work with Multi SSID and I can connect to any SSID and and do ping to any network, but when try to do ping to AP's IP management (172.16.101.20) I can't do it and can't access ass webpage to AP?
2-whene I type this command (At the bottom) the AP is disconnect and I can't ping to it even reload it:

 interface fastethernet0.100
 bridge-group 100

why it disconnect?
 
Note:
interface BVI1
 ip address 172.16.101.20 255.255.255.0


 ip default-gateway 172.16.101.254

 

6 Replies 6

Stephen Rodriguez
Cisco Employee
Cisco Employee

When you tell the AP that the subinterface .100 is encapsulation dot1q 100 native, it should set the bridge-group to bridge-group 1.

 

Bridge-group 1, is what is linked to BVI 1 and is the "routed" interface for the AP.

 

 

--

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Thank you so match Stephen Rodriguez 

and according to the configuration if i need to use AP's IP on [vlan101 with name (APmangm101)] and not in same vlan 100 (native vlan) , What is suitable configuration to do it? becuse with my configuration (I told you) I can connect to any SSID and and do ping to any network, but when try to do ping to AP's IP management (172.16.101.20) I can't do it and can't access ass webpage to AP?

what you would need to change is

 

remove the .100 interfaces

 

then under the .101 interfaces

encapsulation dot1q 101 native

bridge-group 1

 

this links .101 sub interfaces to the BVI 1, which has the IP address.

 

then on the switch side you need to change the native VLAN to 101 as well.

 

--

HTH

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Dear Stephen

I need to keep vlan 100 is native vlan , but the management IP of AP in vlan 101.

not trying to be difficult...but why?

 

the AP is a layer 2 bridging device it's going to pass whatever VLAN's you configure with the VLAN tag. To the AP the "native" VLAN is the untagged VLAN, which is where it's IP address lives.

 

I suppose you could leave VLAN 100 as the native on the switch, call it "native" in the sub interfaces, and change it to be .100 and then change the .101 to be in bridge-group 1, but I could see that causing issues down the road if the AP boots up and parses that native tag on .100 again and resets the configuration.

 

--

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Dear Stephen

I know I am aweary you with me, but plz can you explain to me more.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers