VLANs / SSIDs Connectivity

Unanswered Question
Apr 18th, 2008

Let me try this again..

I am attempting to set up multiple SSIDs and VLANs on a 1121G autonomous / IOS WAP. One appears to be working fine - the other has no connectivity.

SSID = ssid_100 and VLAN 100 seem to be working fine. We can connect and get the appropriate DHCP address.

SSID = ssid_910 and VLAN 910 are not working. The client and the AP both say the client is associated, but DHCP fails. I have used a packet sniffer to verify that the DHCP request is never making it to the switch port.

I think the VLANs on the wired LAN are working fine, because I can plug into a properly configured switch port and get connectivity no problem.

I have attached a snippet of the WAP config. The switchport tthat the WAP is connected to has this config:

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,100,910

switchport mode trunk

Any suggestions or pointers will be very much appreciated.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Mon, 04/21/2008 - 08:10

Sorry about this folks, I am trying post a portion of my WAP config and I am getting Tomcat error messages.

Anonymous (not verified) Mon, 04/21/2008 - 08:12

dot11 ssid ssid_100

vlan 100

authentication open eap eap_methods1

!

dot11 ssid ssid_910

vlan 910

authentication open

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode wep mandatory

!

encryption vlan 1 mode wep mandatory

!

encryption vlan 100 mode wep mandatory

!

encryption vlan 910 key 2 size 40bit 7 transmit-key

encryption vlan 910 mode wep mandatory

!

ssid ssid_100

!

ssid ssid_910

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.100

encapsulation dot1Q 100

no ip route-cache

no cdp enable

bridge-group 100

bridge-group 100 subscriber-loop-control

bridge-group 100 block-unknown-source

no bridge-group 100 source-learning

no bridge-group 100 unicast-flooding

bridge-group 100 spanning-disabled

!

interface Dot11Radio0.910

encapsulation dot1Q 910

no ip route-cache

no cdp enable

bridge-group 91

bridge-group 91 subscriber-loop-control

bridge-group 91 block-unknown-source

no bridge-group 91 source-learning

no bridge-group 91 unicast-flooding

bridge-group 91 spanning-disabled

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.100

encapsulation dot1Q 100

no ip route-cache

no cdp enable

bridge-group 100

no bridge-group 100 source-learning

bridge-group 100 spanning-disabled

!

interface FastEthernet0.910

encapsulation dot1Q 910

no ip route-cache

no cdp enable

bridge-group 91

no bridge-group 91 source-learning

bridge-group 91 spanning-disabled

dot11 ssid ssid_100

vlan 100

authentication open eap eap_methods1

!

dot11 ssid ssid_910

vlan 910

authentication open

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode wep mandatory

!

encryption vlan 1 mode wep mandatory

!

encryption vlan 100 mode wep mandatory

!

encryption vlan 910 key 2 size 40bit 7 transmit-key

encryption vlan 910 mode wep mandatory

!

ssid ssid_100

!

ssid ssid_910

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.100

encapsulation dot1Q 100

no ip route-cache

no cdp enable

bridge-group 100

bridge-group 100 subscriber-loop-control

bridge-group 100 block-unknown-source

no bridge-group 100 source-learning

no bridge-group 100 unicast-flooding

bridge-group 100 spanning-disabled

!

interface Dot11Radio0.910

encapsulation dot1Q 910

no ip route-cache

no cdp enable

bridge-group 91

bridge-group 91 subscriber-loop-control

bridge-group 91 block-unknown-source

no bridge-group 91 source-learning

no bridge-group 91 unicast-flooding

bridge-group 91 spanning-disabled

bcolvin Wed, 04/23/2008 - 11:55

Hi

Basically your your bridge groups, SSID, and Vlan assignmnts don't agree.

1 your native Vlan 1 is your first vlan with no SSID/radio only Fastethernet defined as bridge group 1

2. Vlan 100 assigned to SSID 100 and brige group 100.

3. Vlan 910 assigned to SSID 910 and bridge group 910

you can use whatever SSID you wan for the VLAN's but the numbers for the VLAN and bridge groups need to be consistant.

I recomend you use the GUI to set up VLAN's as it takes care of all the interrelatioinships.

Here is a linl to a good doc on this configuration for AP's

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml

Best practice is not to use your native VLAN for wireless traffic

HTH

Bill

Anonymous (not verified) Mon, 04/21/2008 - 08:12

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.100

encapsulation dot1Q 100

no ip route-cache

no cdp enable

bridge-group 100

no bridge-group 100 source-learning

bridge-group 100 spanning-disabled

!

interface FastEthernet0.910

encapsulation dot1Q 910

no ip route-cache

no cdp enable

bridge-group 91

no bridge-group 91 source-learning

bridge-group 91 spanning-disabled

Anonymous (not verified) Mon, 04/21/2008 - 08:15

Anonymous (not verified) Mon, 04/21/2008 - 08:23

Anonymous (not verified) Mon, 04/21/2008 - 13:58

Anonymous (not verified) Mon, 04/21/2008 - 13:59

Anonymous (not verified) Tue, 04/22/2008 - 07:04

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode