Aironet 1200 and VLAN's

Unanswered Question
Jun 24th, 2007
User Badges:

I'm struggle configuring an Aironet 1200 with 2 VLAN's.

I want to setup the AP with one VLAN for normal LAN access and a second VLAN as guest VLAN for internet access only. The AP is connected to a 2524 HP layer 2 switch which is connected further to a 9208 layer 3 HP switch.


AP config is attached as config.txt


The LAN wireless access is working fine, but I can't access the guest VLAN from my wireless clients. I reserved 192.168.14.0/24 for the wireless guest VLAN and 172.16.11.0/24 for the internal LAN. I can ping 192.168.14.2, my internet GW, from the AP. The wireless clients can ping each other, but not the internet GW. When I put a wired client into the same VLAN, all is working perfect.

What do I miss ?


Thanks,

Claudia



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
farkascsgy Mon, 06/25/2007 - 01:30
User Badges:
  • Silver, 250 points or more

Hello,


The problem is that you don't bridge the radio interface with Fasthethernet.


interface Dot11Radio0.30

encapsulation dot1Q 30

bridge-group 30 <--- this line is missing

no ip route-cache

no cdp enable


interface FastEthernet0.30

encapsulation dot1Q 30

bridge-group 30 <--- this line is missing

no ip route-cache

no cdp enable


Also the uplink of the AP should be trunk with native vlan 1.


bye

FCS


Please rate me if I helped.

claudia1910 Mon, 06/25/2007 - 01:51
User Badges:

Hello,


thanks for your reply.


I put in both lines, but still no success.


I'm nearly sure the uplink switches are configured correctly, as a wired client connected to the same uplink switch (the 2524) can access the internet GW. In HP language, the port the AP is connected to is untagged member of VLAN 1 and tagged member of VLAN 30.


Claudia

farkascsgy Mon, 06/25/2007 - 02:13
User Badges:
  • Silver, 250 points or more

That's works for me:


interface Dot11Radio0.590

encapsulation dot1Q 590

no ip route-cache

bridge-group 90

bridge-group 90 subscriber-loop-control

bridge-group 90 block-unknown-source

no bridge-group 90 source-learning

no bridge-group 90 unicast-flooding

bridge-group 90 spanning-disabled


interface Dot11Radio0.606

encapsulation dot1Q 606

no ip route-cache

bridge-group 6

bridge-group 6 subscriber-loop-control

bridge-group 6 block-unknown-source

no bridge-group 6 source-learning

no bridge-group 6 unicast-flooding

bridge-group 6 spanning-disabled



interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

hold-queue 160 in

!

interface FastEthernet0.590

encapsulation dot1Q 590

no ip route-cache

bridge-group 90

no bridge-group 90 source-learning

bridge-group 90 spanning-disabled

!

interface FastEthernet0.606

encapsulation dot1Q 606

no ip route-cache

bridge-group 6

no bridge-group 6 source-learning

bridge-group 6 spanning-disabled


interface BVI1

ip address 10.xx.xx.xx 255.255.255.0


Try to use only tagged frames for Radio Interface, native vlan is only for BVI1.

The connected switch port is trunk with native vlan: BVI vlan and in my case 590 and 606 is trunked over the link with tags.


bye

FCS


Please rate me if I helped.


claudia1910 Wed, 06/27/2007 - 06:08
User Badges:

Hi,


whatever I did changed nothing, so I decided to reset the AP and startover from scratch. This did the job. I ended up with the following configuration:


dot11 vlan-name Guest-VLAN vlan 30

dot11 vlan-name default vlan 1

!

dot11 ssid HH-FIR-01

vlan 1

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa

infrastructure-ssid optional

!

dot11 ssid IT-Guest

vlan 30

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii xxx

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

!

ssid HH-FIR-01

!

ssid IT-Guest

!

speed basic-1.0 basic-2.0 basic-5.5 basic-11.0

channel 2412

station-role root

world-mode dot11d country DE both

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

bridge-group 30 subscriber-loop-control

bridge-group 30 block-unknown-source

no bridge-group 30 source-learning

no bridge-group 30 unicast-flooding

bridge-group 30 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

no bridge-group 30 source-learning

bridge-group 30 spanning-disabled

!

interface BVI1

ip address 172.16.11.15 255.255.255.0

no ip route-cache

!

ip default-gateway 172.16.11.1


Thanks for your help

Claudia

Actions

This Discussion