Dear Sir,
My AP is to supoprt multiple VLAN and the switchport that connects to the AP has the following commands
Int fa0/1
Switchport mode trunk
Switchport encapsulation dot1Q
Duplex Full
Speed 100
Below is the partial configurations of my AP due to the limitations of characters allowed in this message
!
!
hostname A6FRONT
!
!
username admin privilege 15 password xxxx
ip subnet-zero
!
dot11 network-map
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 201 key 1 size 128bit 7 xxxx transmit-key
encryption vlan 201 mode wep mandatory
!
encryption vlan 202 key 2 size 128bit 7 xxx transmit-key
!
broadcast-key vlan 201 change 6000
!
!
ssid 4eVerDiaL911
vlan 202
max-associations 5
authentication open
!
ssid EazzzYYY88
vlan 201
max-associations 15
authentication open
authentication network-eap eap_methods
!
ssid GoLIve4eVer
vlan 200
max-associations 5
authentication open
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2312
power local 50
power client 30
channel 2437
station-role root
no dot11 extension aironet
!
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 port-protected
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
bridge-group 200 spanning-disabled
!
interface Dot11Radio0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
bridge-group 201 subscriber-loop-control
bridge-group 201 port-protected
bridge-group 201 block-unknown-source
no bridge-group 201 source-learning
no bridge-group 201 unicast-flooding
bridge-group 201 spanning-disabled
!
interface Dot11Radio0.202
encapsulation dot1Q 202
no ip route-cache
bridge-group 202
bridge-group 202 subscriber-loop-control
bridge-group 202 port-protected
bridge-group 202 block-unknown-source
no bridge-group 202 source-learning
no bridge-group 202 unicast-flooding
bridge-group 202 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
speed 100
full-duplex
!
interface FastEthernet0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 port-protected
no bridge-group 200 source-learning
bridge-group 200 spanning-disabled
!
interface FastEthernet0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
bridge-group 201 port-protected
no bridge-group 201 source-learning
bridge-group 201 spanning-disabled
!
interface FastEthernet0.202
encapsulation dot1Q 202
no ip route-cache
bridge-group 202
bridge-group 202 port-protected
no bridge-group 202 source-learning
bridge-group 202 spanning-disabled
!
interface BVI1
ip address 10.15.7.38 255.255.252.0
no ip route-cache
!
ip default-gateway 10.15.4.1
bridge 1 route ip
!
!
line con 0
line vty 5 15
!
end
Is there any additioanl comand swhich I have left out? I failed to get IP address assignment from the DHCP server.
Thank you for your help.
Regards,
Delon
Delon,
It looks like you need to add a helper address on your BVI1 interface.
e.g.
#interface BVI1
ip helper-address IP_OF YOUR_DHCP_SERVER
HTH
Paddy
I had the same problem. Is it a 1220 with a 802.11g radio upgrade? Put this IOS on it and it will work fine.
12.2.13-JA4
Based on the speed parameter in the AP, the AP only 802.11b radio. (i.e. there is no speed for 802.11g).
Also, you do not need ip helper-address on the BVI. You need ip helper-address on the ethernet interface on an external router.
From the configuration, VLAN 2 is set as native VLAN in the AP. There is no native VLAN setting in the switch. Thus, VLAN 1 is used. Please try the following command under int fa0/1 in the switch "switch trunk native vlan 2."
Hi,
In fact I have put in the commands you suggested in the switchport which connects to the AP.
However, problem still persists.
In fact, I found a workaround to it. Under the VLAN configuration on the AP, you should not check enable public secure packet forwarding. Then the client on VLAN 202 is able to get IP address from the DHCP server. However, I would like to disable inter client communication. How can I achieve that since enabling it will cause the client fail to grab IP from a DHCP server.
Please advise.
Regards,
Delon
Hi,
You don't have to enable PSPF on the FastEthernet subinterfaces to block communciation between wireless clients. You only need to enable it on the radio subinterfaces.
The thing about PSPF is that communication between all interfaces with PSPF enabled will fail. This included DHCP traffic.
Kind Regards,
Byung
Hi Byung,
I am confused. How can I enable pspf on the radio interface only? I usually configure the AP using web-based interface. The pspf feature is found on the page we define VLAN. If I check the box to enable pspf on the VLAN creation page, does it mean that I am enabling pspf on the fastEthernet and radio interface as well?
Can I know the command in IOS to enable pspf on the radio interface?
Thank you.
Regards,
Delon
I overlooked the public secure packet forwarding configuration. If you enable secure packet forwarding, you need to have a DHCP server on each VLAN.