AP 1242 VLAN question

Unanswered Question

I am trying to set up a new WAP in a remote facility. This set-up is a mirror of the setup that we have in our corp office (with obvious differences that are site specific).


I am trying to configure this so that there are two VLANs. VLAN 10 is set specifically for data and all laptops are authenticating against a RADIUS server back at corp. VLAN 20 is set for Voice and is using pre-shared keys between the wireless phones we use and the AP.

interface FastEthernet0.10

encapsulation dot1Q 10 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled


interface FastEthernet0.20

encapsulation dot1Q 20

no ip route-cache

bridge-group 2

no bridge-group 2 source-learning

bridge-group 2 spanning-disabled


interface BVI1

ip address 172.16.152.5 255.255.252.128

no ip route-cache


The port on the 3750 switch onsite is set as a trunk port:


interface FastEthernet1/0/45

switchport trunk encapsulation dot1q

switchport mode trunk


The problem that i'm having is that I can only get one VLAN to work at one time. The IP address/Subnet mask for the BVI interface correspond to the VLAN 10 subnetting scheme. I also played around with the trunk settings on the switch (by adding the voice vlan 20 command to push voice in that direction). But no matter what, if VLAN 10 is working (and laptops are authenticating against RADIUS) the phones will not work and vice versa.


Any help would be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bbxie Mon, 06/09/2008 - 22:29
User Badges:
  • Silver, 250 points or more

You do not need to configure a bridge group on the subinterface that you set up as the native VLAN. This bridge group is moved to the native subinterface automatically to maintain the link to BVI 1, which represents both the radio and Ethernet interfaces; bridge-group number should be the same as vlan number; 3750 need to use same native vlan as AP. so make following changes:

1. delete bridge-group 1 under int f0.10,

2. change bridge-group 2 under int f0.20 to bridge-group 20.

3. in 3750, under int f1/0/45, add: switchport trunk native vlan 10



Farrukh Haroon Mon, 06/09/2008 - 22:31
User Badges:
  • Red, 2250 points or more

You need to set the native vlan to match your management vlan (subnet 172.16.152.5). Also you have a pretty weird subnet mask configured 255.255.252.128?


This is a working config, for vlans 222 and 208:



interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

hold-queue 160 in

!

interface FastEthernet0.222

encapsulation dot1Q 222

no ip route-cache

bridge-group 222

no bridge-group 222 source-learning

bridge-group 222 spanning-disabled

!

interface FastEthernet0.208

encapsulation dot1Q 208

no ip route-cache

bridge-group 208

no bridge-group 208 source-learning

bridge-group 208 spanning-disabled


Also it is better to restrict you trunk port like this:


switchport trunk encapsulation dot1q

switchport trunk native vlan 300

switchport trunk allowed vlan 222,208,300

switchport mode trunk


Assuming 300 is the Mgmt. VLAN and the others are for the Wireless USers.


Regards


Farrukh

pradeepk_123 Tue, 06/10/2008 - 00:37
User Badges:

Hi,

Could you provide the entire configuration. Check the below template.. It might help


dot11 ssid data

vlan 20

authentication open

guest-mode

mbssid guest-mode

!

dot11 ssid voice

vlan 10

authentication open

mbssid guest-mode

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.10

encapsulation dot1Q 10

no ip route-cache

bridge-group 10

bridge-group 10 subscriber-loop-control

bridge-group 10 block-unknown-source

no bridge-group 10 source-learning

no bridge-group 10 unicast-flooding

bridge-group 10 spanning-disabled

!

interface Dot11Radio0.20

encapsulation dot1Q 20

no ip route-cache

bridge-group 20

bridge-group 20 subscriber-loop-control

bridge-group 20 block-unknown-source

no bridge-group 20 source-learning

no bridge-group 20 unicast-flooding

bridge-group 20 spanning-disabled


interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 10 key 1 size 40bit 7 E7898F31C4BE transmit-key

encryption vlan 10 mode wep mandatory

!

encryption mode wep mandatory

!

encryption vlan 20 key 1 size 40bit 7 32B4B7CFE0F6 transmit-key

encryption vlan 20 mode wep mandatory

!

ssid data

!

ssid voice

!

mbssid

station-role root

!


Actions

This Discussion