06-24-2007 05:17 AM - edited 07-03-2021 02:15 PM
I'm struggle configuring an Aironet 1200 with 2 VLAN's.
I want to setup the AP with one VLAN for normal LAN access and a second VLAN as guest VLAN for internet access only. The AP is connected to a 2524 HP layer 2 switch which is connected further to a 9208 layer 3 HP switch.
AP config is attached as config.txt
The LAN wireless access is working fine, but I can't access the guest VLAN from my wireless clients. I reserved 192.168.14.0/24 for the wireless guest VLAN and 172.16.11.0/24 for the internal LAN. I can ping 192.168.14.2, my internet GW, from the AP. The wireless clients can ping each other, but not the internet GW. When I put a wired client into the same VLAN, all is working perfect.
What do I miss ?
Thanks,
Claudia
06-25-2007 01:30 AM
Hello,
The problem is that you don't bridge the radio interface with Fasthethernet.
interface Dot11Radio0.30
encapsulation dot1Q 30
bridge-group 30 <--- this line is missing
no ip route-cache
no cdp enable
interface FastEthernet0.30
encapsulation dot1Q 30
bridge-group 30 <--- this line is missing
no ip route-cache
no cdp enable
Also the uplink of the AP should be trunk with native vlan 1.
bye
FCS
Please rate me if I helped.
06-25-2007 01:51 AM
Hello,
thanks for your reply.
I put in both lines, but still no success.
I'm nearly sure the uplink switches are configured correctly, as a wired client connected to the same uplink switch (the 2524) can access the internet GW. In HP language, the port the AP is connected to is untagged member of VLAN 1 and tagged member of VLAN 30.
Claudia
06-25-2007 02:13 AM
That's works for me:
interface Dot11Radio0.590
encapsulation dot1Q 590
no ip route-cache
bridge-group 90
bridge-group 90 subscriber-loop-control
bridge-group 90 block-unknown-source
no bridge-group 90 source-learning
no bridge-group 90 unicast-flooding
bridge-group 90 spanning-disabled
interface Dot11Radio0.606
encapsulation dot1Q 606
no ip route-cache
bridge-group 6
bridge-group 6 subscriber-loop-control
bridge-group 6 block-unknown-source
no bridge-group 6 source-learning
no bridge-group 6 unicast-flooding
bridge-group 6 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface FastEthernet0.590
encapsulation dot1Q 590
no ip route-cache
bridge-group 90
no bridge-group 90 source-learning
bridge-group 90 spanning-disabled
!
interface FastEthernet0.606
encapsulation dot1Q 606
no ip route-cache
bridge-group 6
no bridge-group 6 source-learning
bridge-group 6 spanning-disabled
interface BVI1
ip address 10.xx.xx.xx 255.255.255.0
Try to use only tagged frames for Radio Interface, native vlan is only for BVI1.
The connected switch port is trunk with native vlan: BVI vlan and in my case 590 and 606 is trunked over the link with tags.
bye
FCS
Please rate me if I helped.
06-27-2007 06:08 AM
Hi,
whatever I did changed nothing, so I decided to reset the AP and startover from scratch. This did the job. I ended up with the following configuration:
dot11 vlan-name Guest-VLAN vlan 30
dot11 vlan-name default vlan 1
!
dot11 ssid HH-FIR-01
vlan 1
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
infrastructure-ssid optional
!
dot11 ssid IT-Guest
vlan 30
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii xxx
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
!
ssid HH-FIR-01
!
ssid IT-Guest
!
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
channel 2412
station-role root
world-mode dot11d country DE both
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
no bridge-group 30 source-learning
bridge-group 30 spanning-disabled
!
interface BVI1
ip address 172.16.11.15 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.11.1
Thanks for your help
Claudia
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: