10-18-2012 01:01 PM - edited 07-03-2021 10:52 PM
Hello,
Thanks for all of the help provided in previous threads. I am trying now to deploy the setup that works on some APs and doesn't work on others.
For example, on an AIR-AP1231G-A-K9, the following setup works:
! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname AP-6 ! enable secret 5 $1$TWtQ$NZ9YG6.PSLEfXZK2uoQo91 enable password 7 020C1150020A5A6C1C ! username Cisco password 7 072C285F4D06 username admin password 7 0705344747054C4847 ip subnet-zero ip domain name wesleysem.edu ! no aaa new-model ! dot11 ssid (Secure) Staff/Faculty vlan 70 authentication open ! dot11 ssid Public vlan 60 authentication open guest-mode ! ! ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! ssid (Secure) Staff/Faculty ! ssid Public ! short-slot-time speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 rts threshold 2312 power local cck 100 power local ofdm 30 channel 2462 station-role root no cdp enable ! interface Dot11Radio0.60 encapsulation dot1Q 60 native no ip route-cache no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.70 encapsulation dot1Q 70 no ip route-cache no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 10.60.255.6 255.255.0.0 no ip route-cache ! ip default-gateway 10.60.0.1 ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 logging snmp-trap emergencies logging snmp-trap alerts logging snmp-trap critical logging snmp-trap errors logging snmp-trap warnings snmp-server community WesleySNMP RO snmp-server enable traps tty bridge 1 route ip ! ! ! line con 0 transport preferred all transport output all line vty 0 4 login local transport preferred all transport input all transport output all line vty 5 15 login transport preferred all transport input all transport output all ! end
But on a AIR-AP1220-IOS-UPGRD (Basically an AP Aironet 1220 with an IOS upgrade), the following setup does not work - neither network connects, even though I tried to make them as similar as possible:
Building configuration...
Current configuration : 2215 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP-7
!
enable secret 5 $1$S7mv$JLVVGhRBEYTR5D7UXaj3M/
enable password 7 11030C0E1E1E5E4154
!
ip subnet-zero
ip domain name wesleysem.edu
!
!
no aaa new-model
!
dot11 ssid (Secure) Staff/Faculty
vlan 70
authentication open
mbssid guest-mode
!
dot11 ssid Public
vlan 60
authentication open
mbssid guest-mode
!
dot11 network-map
!
!
username Cisco password 7 0501130428401B4449
username admin password 7 020C1150020A5A6C1C
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid (Secure) Staff/Faculty
!
ssid Public
!
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
station-role root
!
interface Dot11Radio0.60
encapsulation dot1Q 60 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.60
encapsulation dot1Q 60 native
ip address 10.60.255.7 255.255.0.0
ip helper-address 10.60.0.1
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.60.255.7 255.255.0.0
ip helper-address 10.60.0.1
no ip route-cache
!
ip default-gateway 10.60.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
transport preferred all
transport output all
line vty 0 4
login local
transport preferred all
transport input all
transport output all
line vty 5 15
login
transport preferred all
transport input all
transport output all
!
end
I have both ports connecting to identical port configurations as follows:
interface GigabitEthernet 0/47
switchport trunk encapsulation dot1q
switchport trunk native vlan 60
switchport mode trunk
!
What changes do I need to make to 12.2 IOS and older APs to recognize and use multiple networks?
Thanks.
10-18-2012 02:01 PM
You need to assign a different bridge group id to each VLAN on both the radio and ethernet interfaces. You assigned the same IP address to the Fast Ethernet0.60 Interface and the BVI1 interface. You also assigned an IP Helper to the FastEthernmet0.60 Interface and the BVI Interface. Only the BVI1 interface needs an IP address for mangement of the AP. The IP helper should be assigned to the L3 interface on your router or switch to forward the DHCP requests. I would also recommend not using a VLAN for management of the AP that is assigned an SSID especially on the Public/Guest WiFI. It also looks like the 1200 AP is on 12.3 from the listing.
Here is a partial configuration example below for multiple VLANS.
!
dot11 ssid (Secure) Staff/Faculty
vlan 70
authentication open
mbssid guest-mode
!
dot11 ssid Public
vlan 65
authentication open
mbssid guest-mode
!
!
interface Dot11Radio0.65
encapsulation dot1Q 65
no ip route-cache
bridge-group 65
bridge-group 65 subscriber-loop-control
bridge-group 65 block-unknown-source
no bridge-group 65 source-learning
no bridge-group 65 unicast-flooding
bridge-group 65 spanning-disabled
!
interface Dot11Radio0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 70
bridge-group 70 subscriber-loop-control
bridge-group 70 block-unknown-source
no bridge-group 70 source-learning
no bridge-group 70 unicast-flooding
bridge-group 70 spanning-disabled
!
...
!
interface FastEthernet0.60
encapsulation dot1Q 60 native
no ip route-cache
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.65
encapsulation dot1Q 65
no ip route-cache
bridge-group 65
bridge-group 65 block-unknown-source
no bridge-group 65 source-learning
bridge-group 65 spanning-disabled
!
interface FastEthernet0.70
encapsulation dot1Q 70
no ip route-cache
bridge-group 70
bridge-group 70 block-unknown-source
no bridge-group 70 source-learning
bridge-group 70 spanning-disabled
!
!
interface BVI1
ip address 10.60.255.7 255.255.0.0
!
ip default-gateway 10.60.0.1
!
10-18-2012 08:50 PM
Chris,
Just like the previous thread, you are trunking to your switchport. I believe there is a L3 switch somewhere to do the routing for vlan 60 and 70.The IP helper can be assigned in the L3 switch for those vlans.
Remove the IP address from BVI1 and shutdown it. Assign the ip address in Fas0.60 in both the AP's. Choose the lease congested channel and it should work fine. We got this setup for all our autonomous system AP's and works without any issues.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide