Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
935
Views
0
Helpful
4
Replies

Aironet 1200 and VLAN's

claudia1910
Level 1
Level 1

‎06-24-2007 05:17 AM - edited ‎07-03-2021 02:15 PM

I'm struggle configuring an Aironet 1200 with 2 VLAN's.

I want to setup the AP with one VLAN for normal LAN access and a second VLAN as guest VLAN for internet access only. The AP is connected to a 2524 HP layer 2 switch which is connected further to a 9208 layer 3 HP switch.

AP config is attached as config.txt

The LAN wireless access is working fine, but I can't access the guest VLAN from my wireless clients. I reserved 192.168.14.0/24 for the wireless guest VLAN and 172.16.11.0/24 for the internal LAN. I can ping 192.168.14.2, my internet GW, from the AP. The wireless clients can ping each other, but not the internet GW. When I put a wired client into the same VLAN, all is working perfect.

What do I miss ?

Thanks,

Claudia

Labels:
Preview file
4 KB
0 Helpful
4 Replies 4

farkascsgy
Level 4
Level 4

‎06-25-2007 01:30 AM

Hello,

The problem is that you don't bridge the radio interface with Fasthethernet.

interface Dot11Radio0.30

encapsulation dot1Q 30

bridge-group 30 <--- this line is missing

no ip route-cache

no cdp enable

interface FastEthernet0.30

encapsulation dot1Q 30

bridge-group 30 <--- this line is missing

no ip route-cache

no cdp enable

Also the uplink of the AP should be trunk with native vlan 1.

bye

FCS

Please rate me if I helped.

0 Helpful

claudia1910
Level 1
Level 1
In response to farkascsgy

‎06-25-2007 01:51 AM

Hello,

thanks for your reply.

I put in both lines, but still no success.

I'm nearly sure the uplink switches are configured correctly, as a wired client connected to the same uplink switch (the 2524) can access the internet GW. In HP language, the port the AP is connected to is untagged member of VLAN 1 and tagged member of VLAN 30.

Claudia

0 Helpful

farkascsgy
Level 4
Level 4
In response to claudia1910

‎06-25-2007 02:13 AM

That's works for me:

interface Dot11Radio0.590

encapsulation dot1Q 590

no ip route-cache

bridge-group 90

bridge-group 90 subscriber-loop-control

bridge-group 90 block-unknown-source

no bridge-group 90 source-learning

no bridge-group 90 unicast-flooding

bridge-group 90 spanning-disabled

interface Dot11Radio0.606

encapsulation dot1Q 606

no ip route-cache

bridge-group 6

bridge-group 6 subscriber-loop-control

bridge-group 6 block-unknown-source

no bridge-group 6 source-learning

no bridge-group 6 unicast-flooding

bridge-group 6 spanning-disabled

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

hold-queue 160 in

!

interface FastEthernet0.590

encapsulation dot1Q 590

no ip route-cache

bridge-group 90

no bridge-group 90 source-learning

bridge-group 90 spanning-disabled

!

interface FastEthernet0.606

encapsulation dot1Q 606

no ip route-cache

bridge-group 6

no bridge-group 6 source-learning

bridge-group 6 spanning-disabled

interface BVI1

ip address 10.xx.xx.xx 255.255.255.0

Try to use only tagged frames for Radio Interface, native vlan is only for BVI1.

The connected switch port is trunk with native vlan: BVI vlan and in my case 590 and 606 is trunked over the link with tags.

bye

FCS

Please rate me if I helped.

0 Helpful

claudia1910
Level 1
Level 1
In response to farkascsgy

‎06-27-2007 06:08 AM

Hi,

whatever I did changed nothing, so I decided to reset the AP and startover from scratch. This did the job. I ended up with the following configuration:

dot11 vlan-name Guest-VLAN vlan 30

dot11 vlan-name default vlan 1

!

dot11 ssid HH-FIR-01

vlan 1

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa

infrastructure-ssid optional

!

dot11 ssid IT-Guest

vlan 30

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii xxx

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

!

ssid HH-FIR-01

!

ssid IT-Guest

!

speed basic-1.0 basic-2.0 basic-5.5 basic-11.0

channel 2412

station-role root

world-mode dot11d country DE both

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

bridge-group 30 subscriber-loop-control

bridge-group 30 block-unknown-source

no bridge-group 30 source-learning

no bridge-group 30 unicast-flooding

bridge-group 30 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

no bridge-group 30 source-learning

bridge-group 30 spanning-disabled

!

interface BVI1

ip address 172.16.11.15 255.255.255.0

no ip route-cache

!

ip default-gateway 172.16.11.1

Thanks for your help

Claudia

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card