1250AP VLAN config

Unanswered Question
Mar 9th, 2009

I am trying to configure VLANs on my 1250 autonomous AP. I have the sub-interfaces setup but still cannot connect to the LAN. I use 432 for my native vlan and then want to assign clients to vlan 543. Being a security guy, I do not use vlan 1, nor do I trunk vlan 1. Here's a snippet of my config, so tell me what I am missing. All interfaces are showing up-up.



int d0

no ip add

int d0.432

encap dot1q 432 native

bridge-group 1

int d0.543

encap dot1q 543

bridge-group 2

int g0

no ip add

int g0.432

encap dot1q 432 native

bridge-group 1

int g0.543

encap dot1q 543

bridge-group 2

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jeff.kish Mon, 03/09/2009 - 14:53

The partial config looks good. Would you be able to post the entire config? Maybe there's a problem with the SSID configuration. Your SSID should show something like:

dot11 ssid SSID_NAME

authentication open

vlan 543


Make sure you have "bridge irb" and "bridge 1 route ip" configured. They should be in there by default, but just in case they were removed.

mcvosi Mon, 03/09/2009 - 15:14

I'd prefer to not post the entire config as it would take a lot of editing. :-)

Both statements are there, and there is no issue with the SSID config. I'm just trying to get a connection to my RADIUS server, which the AP cannot connect to. I am not able to ping the server from the AP, so it has something to do with the vlan config, but I don't know where. The switch where the AP is connected is trunking and allows all vlans (at this point) except for 1.

This is a head scratcher. :-)

mcvosi Mon, 03/09/2009 - 15:39

Something else of note. I did a sh int g0 on the AP's physical interface and noticed this:

Encapsulation 802.1Q Virtual LAN, Vlan ID 1.

Does this mean that I must TRUNK VLAN 1 on the other end of the switch???

edit: I also noticed the same on the d0 int.

mcvosi Mon, 03/09/2009 - 15:53

Just found this in the AP documentation:

Under Configuration a VLAN:

"When you configure VLANs on access points, the Native VLAN must be VLAN1"

This puzzles me why you would even be able to specify another vlan as the native vlan if this is the restriction!

Can someone from Cisco clarify this?


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode