02-17-2009 08:34 AM - edited 07-03-2021 05:11 PM
Hi,
I have two 1310G bridges, one configured as a Root the other as Non Root. The root is attached to a 3560 switch. I have configured VLAN 15 (Management) and VLAN 573 (Client) on the 3560. The Root and Non Root bridges have the same VLANS, and VLAN 15 is configues as the Native VLAN.
I can ping on both VLANS (10.4.0.x = VLAN 15 and 192.168.0.x = VLAN 573)separately from the switch or laptops. As soon as I trunk the VLANS across the 3560, I cannot ping to either IP. What am I doing wrong?
I'm running software Version 12.4(10b)JDA2 on both Root and Non Root.
Here are the respective configs:
JRGRE_ROOT#
---------------------------------------------
dot11 vlan-name JRGRE_TBI vlan 573
dot11 vlan-name MANAGEMENT_VLAN vlan 15
!
dot11 ssid JRG_RE_573
vlan 573
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxx
!
dot11 ssid MANAGEMENT
vlan 15
authentication open
authentication key-management wpa version 2
infrastructure-ssid
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxx
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 15 mode ciphers aes-ccm
!
encryption vlan 573 mode ciphers aes-ccm
!
ssid JRG_RE_573
!
ssid MANAGEMENT
station-role root bridge
!
interface Dot11Radio0.15
encapsulation dot1Q 15 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.573
encapsulation dot1Q 573
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0.15
encapsulation dot1Q 15 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0.573
encapsulation dot1Q 573
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
!
interface BVI1
ip address 10.4.0.104 255.255.0.0
no ip route-cache
JRGRE_NROOT#
--------------------------------------------
dot11 vlan-name JRGRE_TBI vlan 573
dot11 vlan-name MANAGEMENT_VLAN vlan 15
dot11 ssid JRG_RE_573
vlan 573
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxx
!
dot11 ssid MANAGEMENT
vlan 15
authentication open
authentication key-management wpa version 2
infrastructure-ssid
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxx
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid JRG_RE_573
!
ssid MANAGEMENT
!
station-role non-root bridge
!
interface Dot11Radio0.15
encapsulation dot1Q 15 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.573
encapsulation dot1Q 573
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0.15
encapsulation dot1Q 15 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0.573
encapsulation dot1Q 573
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
!
interface BVI1
ip address 10.4.0.105 255.255.0.0
no ip route-cache
My 3560 Switch config:
Switch3560_01#sh run int fa0/1
Building configuration...
--------------------------------------
interface FastEthernet0/1
Description Trunk connection to Root Bridge
switchport trunk encapsulation dot1q
switchport trunk native vlan 15
switchport trunk allowed vlan 15,573
switchport mode trunk
speed 100
duplex full
priority-queue out
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
end
02-17-2009 02:52 PM
Keep in mind that you can only have one SSID active at a time on a bridge link. You need to remove one of your SSIDs in order to properly configure these bridges.
I don't know if that will fix your issue, but try that first and see if it works. Use your native-vlan SSID, delete your other one. The VLANs will be carried across the trunk due to configuration on the subinterfaces.
02-20-2009 07:09 AM
Jeff, thanks for your suggestion.
I made the changes last night, keeping only the Managent SSID and the associated VLAN, which in my case is 15, and configured as Native.
I still could not get the client VLAN to work with this switch port config:
Switch3550#sh run int fa0/2
Building configuration...
Current configuration : 577 bytes
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 15
switchport trunk allowed vlan 15,827
switchport mode trunk
speed 100
duplex full
priority-queue out
random-detect
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
end
So, I've had to remove the trunk config and change it to access VLAN 827. Client circuit is up, but obviously no management.
I've ready cisco docs on this type of setup and each VLAN is associated with a SSID.
Does anyone have a sample config I can use.
03-18-2009 08:29 PM
Did you ever get your issue resolved? I seem to be having the same problem.
thanks,
03-19-2009 06:58 AM
Somehow I never saw this response, many apologies to Rambrosio. That switchport configuration is exactly how it should be, so I'm not sure that the problem lies with the switchport. Did you ever get it working?
Ferguson, if you can, please post your configs for the switchport and the bridge.
03-19-2009 08:00 PM
My issue is now resolved, i wiped the configs of the wireless bridge and the switch and reconfigured, all is well now.
03-23-2009 12:20 PM
You mean you did not use the 'concatenation' command on the SSID to bind all the subs to the one ssid?
03-23-2009 12:32 PM
Actually, concatenation has nothing to do with trunking or SSIDs. Concatenation is a technique that aggregates multiple packets together in order to send them all as one "super packet". The goal here is to reduce the wireless overhead that exists with each packet transmission.
03-24-2009 08:54 AM
Sorry for not getting back to anyone on this. Firstly, I was on vacation.
Secondly I just recieved a new set of 1310s so I can start troubleshooting on them once I set them up in my office.
The ones that are having this issue are in production and would rather have them working until I have resolved the issue.
Prior to posting my issue I had wiped the configs clean on both the 1310 and 3560 trunk port on at least 2 occations. That never helped me.
So right now, I still dont have a solution to this issue. I will try and get the new 1310 up by end of week.
b.ferguson. Would you be kind enough to post your config here? Much appreciated.
Rob
08-17-2009 12:16 PM
I'm attempting this tomorrow and will post the results. Main issue for me is to mitigate against the risk of vlan1 jumping!
Ajaz
09-17-2009 01:21 AM
Hi Rob,
Thanks for your email buddy - I did get this working. Would you like me to post some working configs?
Ajaz
09-17-2009 05:03 AM
That would be very much appreciated and is excellent timing. I'm going, for the third time, to erase all configs and start from scratch.
Looking forward to your reply.
Thanks,
Rob
09-17-2009 06:22 AM
Just some notes:
1. Make sure c1310-k9w7-tar.124-10b.JDA2 is loaded and running on each AP
2. Apply the config below in the same order as it appears
3. You must use BVI1 for mgt. The bridge group number does not relate to the VLAN id e.g. see my vlan496 which maps to bridge-group no.196
4. Enable CDP to start with and disable if you want afterwards.
5. Take your time and be patient - keep it simple.
6. If you have any qtns fire them back n/probs.
***************
RootAP
***************
RootAP#
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid vlan199
!
ssid vlan496
!
station-role root bridge
no cdp enable
!
interface Dot11Radio0.199
encapsulation dot1Q 199 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.496
encapsulation dot1Q 496
no ip route-cache
no cdp enable
bridge-group 196
bridge-group 196 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0.199
encapsulation dot1Q 199 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0.496
encapsulation dot1Q 496
no ip route-cache
no cdp enable
bridge-group 196
bridge-group 196 spanning-disabled
!
dot11 ssid vlan199
vlan 199
authentication open
infrastructure-ssid
!
dot11 ssid vlan496
vlan 496
authentication open
!
interface BVI1
ip address 10.10.14.83 255.255.255.248
no ip route-cache
!
ip default-gateway 10.10.14.84
no ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
bridge 1 route ip
!
RootAP#
***************
NON_RootAP
***************
NonRootAP#
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid vlan199
!
ssid vlan496
!
station-role non-root bridge
no cdp enable
!
interface Dot11Radio0.199
encapsulation dot1Q 199 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.496
encapsulation dot1Q 496
no ip route-cache
no cdp enable
bridge-group 196
bridge-group 196 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface FastEthernet0.199
encapsulation dot1Q 199 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0.496
encapsulation dot1Q 496
no ip route-cache
no cdp enable
bridge-group 196
!
dot11 ssid vlan199
vlan 199
authentication open
infrastructure-ssid
!
dot11 ssid vlan496
vlan 496
authentication open
!
interface BVI1
ip address 10.10.14.82 255.255.255.248
no ip route-cache
!
ip default-gateway 10.10.14.81
no ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
bridge 1 route ip
!
NonRootAP#
-----------------------------------------
The config on the switch at each end will look something like this:
interface GigabitEthernet9/47
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 199
switchport trunk allowed vlan 199,496
switchport mode trunk
spanning-tree portfast trunk
end
10-16-2009 04:40 AM
I finally got around to implementing this setup.. The upgrade to
c1310-k9w7-tar.124-10b.JDA2 addressed my inability to trunk two vlans to my 3560 switch. So I got that working. I think there must be a bug in the .JA version.
I'm still having an issue passing two VLANs across the link. One, VLAN 15 is my management VLAN and is configured Native. The other is the Client VLAN 192.
If I drop VLAN 15 the client can connect.
I want to have the ability to Manage the 1310 and still allow the cleint's traffic though to my MAN.
Each VLAN is associated with it's own SSID, just like your example so I have two SSIDs I want to pass accross the link.
Any help would be appreciated.
Thanks
Rob
10-16-2009 05:49 AM
Rob,
Please post your configs from both AP's and switches here please. The best way probably is attachments.
thanks
Ajaz
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide