AP1231G and guest ssid

Unanswered Question
Dec 16th, 2008

standalone AP1231G running c1200-k9w7-mx.123-8.JEC2 setup with internal SSID (VLAN 24)and guest SSID (VLAN 124). Here's the problem


Both SSID picks up the native VLAN 1 dhcp address and not it's respective VLAN. I verify that dhcp server is working on vlan 24 and 124 on the switch but on the AP it always stays with Vlan 1. The AP can ping all vlan interface on the router. DHCP server hangs off the router.


topology is 3725(with NMD-36-ESW port 2/2) trunk to AP. Below is the relevant configs:


*************3725***************


interface FastEthernet2/2

switchport trunk native vlan 9

switchport mode trunk


interface Vlan1

description Data

ip address 10.7.1.254 255.255.255.0


interface Vlan9

description MANAGEMENT

ip address 10.7.9.1 255.255.255.0

ip helper-address 10.7.1.10

ip helper-address 10.7.1.11


interface Vlan24

description WIRELESS

ip address 10.7.24.1 255.255.255.0

ip helper-address 10.7.1.10

ip helper-address 10.7.1.11


interface Vlan124

description *****WIRELESS GUEST*****

ip address 10.7.124.1 255.255.255.0

ip helper-address 10.7.1.10

ip helper-address 10.7.1.11


**************AP CONFIGS***********


aaa group server radius rad_eap

server 10.0.21.121 auth-port 1812 acct-port 1813

!

aaa group server radius rad_acct

server 10.0.21.121 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

aaa accounting network acct_methods start-stop group rad_acct


dot11 vlan-name rms-guest vlan 124

dot11 vlan-name wavenet vlan 24

!

dot11 ssid rms-guest

vlan 124

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 <removed>

!

dot11 ssid wavenet

vlan 24

authentication open eap eap_methods

authentication network-eap eap_methods

accounting acct_methods

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 124 mode ciphers tkip

!

encryption vlan 24 mode wep mandatory

!

broadcast-key vlan 124 change 360

!

ssid rms-guest

!

ssid wavenet

!

interface Dot11Radio0.1

description MANAGEMENT AND NATIVE

encapsulation dot1Q 9 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.24

description WAVENET SSID

encapsulation dot1Q 24

no ip route-cache

bridge-group 24

bridge-group 24 subscriber-loop-control

bridge-group 24 block-unknown-source

no bridge-group 24 source-learning

no bridge-group 24 unicast-flooding

bridge-group 24 spanning-disabled

!

interface Dot11Radio0.124

description RMS-GUEST SSID

encapsulation dot1Q 124

no ip route-cache

bridge-group 124

bridge-group 124 subscriber-loop-control

bridge-group 124 block-unknown-source

no bridge-group 124 source-learning

no bridge-group 124 unicast-flooding

bridge-group 124 spanning-disabled

!

interface FastEthernet0.1

description MANAGEMENT AND NATIVE

encapsulation dot1Q 9 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.24

description WAVENET SSID

encapsulation dot1Q 24

no ip route-cache

bridge-group 24

no bridge-group 24 source-learning

bridge-group 24 spanning-disabled

!

interface FastEthernet0.124

description RMS-GUEST SSID

encapsulation dot1Q 124

no ip route-cache

bridge-group 124

no bridge-group 124 source-learning

bridge-group 124 spanning-disabled

!

interface BVI1

ip address 10.7.9.10 255.255.255.0

no ip route-cache

!

ip default-gateway 10.7.9.1

ip radius source-interface BVI1

!

radius-server host 10.0.21.121 auth-port 1812 acct-port 1813 key 7 <removed>

bridge 1 route ip

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jeff.kish Wed, 12/17/2008 - 07:21

Is it possible that you're VLAN hopping? VLAN 1 is normally the native VLAN, and you have VLAN 9 configured. Check your config carefully and make sure that your native VLAN on all your uplinks is consistent, assuming there are any uplinks. What you posted appears correct, though.


Honestly, I don't see a problem with the configuration your posted. You might want to reset the device to factory defaults or upgrade the IOS to ensure it's not a bug.


You aren't using dynamic VLAN assignment, are you?


Let us know if you figure it out, I'm curious what's going on here :D

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode