04-18-2008 01:12 PM - edited 07-03-2021 03:45 PM
Let me try this again..
I am attempting to set up multiple SSIDs and VLANs on a 1121G autonomous / IOS WAP. One appears to be working fine - the other has no connectivity.
SSID = ssid_100 and VLAN 100 seem to be working fine. We can connect and get the appropriate DHCP address.
SSID = ssid_910 and VLAN 910 are not working. The client and the AP both say the client is associated, but DHCP fails. I have used a packet sniffer to verify that the DHCP request is never making it to the switch port.
I think the VLANs on the wired LAN are working fine, because I can plug into a properly configured switch port and get connectivity no problem.
I have attached a snippet of the WAP config. The switchport tthat the WAP is connected to has this config:
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,910
switchport mode trunk
Any suggestions or pointers will be very much appreciated.
Thanks.
04-21-2008 08:10 AM
Sorry about this folks, I am trying post a portion of my WAP config and I am getting Tomcat error messages.
04-21-2008 08:12 AM
dot11 ssid ssid_100
vlan 100
authentication open eap eap_methods1
!
dot11 ssid ssid_910
vlan 910
authentication open
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode wep mandatory
!
encryption vlan 1 mode wep mandatory
!
encryption vlan 100 mode wep mandatory
!
encryption vlan 910 key 2 size 40bit 7
encryption vlan 910 mode wep mandatory
!
ssid ssid_100
!
ssid ssid_910
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
interface Dot11Radio0.910
encapsulation dot1Q 910
no ip route-cache
no cdp enable
bridge-group 91
bridge-group 91 subscriber-loop-control
bridge-group 91 block-unknown-source
no bridge-group 91 source-learning
no bridge-group 91 unicast-flooding
bridge-group 91 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.100
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
!
interface FastEthernet0.910
encapsulation dot1Q 910
no ip route-cache
no cdp enable
bridge-group 91
no bridge-group 91 source-learning
bridge-group 91 spanning-disabled
dot11 ssid ssid_100
vlan 100
authentication open eap eap_methods1
!
dot11 ssid ssid_910
vlan 910
authentication open
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode wep mandatory
!
encryption vlan 1 mode wep mandatory
!
encryption vlan 100 mode wep mandatory
!
encryption vlan 910 key 2 size 40bit 7
encryption vlan 910 mode wep mandatory
!
ssid ssid_100
!
ssid ssid_910
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
interface Dot11Radio0.910
encapsulation dot1Q 910
no ip route-cache
no cdp enable
bridge-group 91
bridge-group 91 subscriber-loop-control
bridge-group 91 block-unknown-source
no bridge-group 91 source-learning
no bridge-group 91 unicast-flooding
bridge-group 91 spanning-disabled
04-23-2008 11:55 AM
Hi
Basically your your bridge groups, SSID, and Vlan assignmnts don't agree.
1 your native Vlan 1 is your first vlan with no SSID/radio only Fastethernet defined as bridge group 1
2. Vlan 100 assigned to SSID 100 and brige group 100.
3. Vlan 910 assigned to SSID 910 and bridge group 910
you can use whatever SSID you wan for the VLAN's but the numbers for the VLAN and bridge groups need to be consistant.
I recomend you use the GUI to set up VLAN's as it takes care of all the interrelatioinships.
Here is a linl to a good doc on this configuration for AP's
Best practice is not to use your native VLAN for wireless traffic
HTH
Bill
04-21-2008 08:12 AM
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.100
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
!
interface FastEthernet0.910
encapsulation dot1Q 910
no ip route-cache
no cdp enable
bridge-group 91
no bridge-group 91 source-learning
bridge-group 91 spanning-disabled
04-21-2008 08:15 AM
04-21-2008 08:23 AM
04-21-2008 12:46 PM
Could you copy all the config into a text file and attach it? It would be much easier to read?!
04-21-2008 01:58 PM
04-21-2008 01:59 PM
04-22-2008 07:04 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide