Bridge Group in Access Point

Unanswered Question
May 4th, 2009

I'm configuring an AP1130 AG with two vlans: one for the managemement and one for the WiFi users. The customer does not want to use the VLAN 1. I created radio interface 0.<management vlan> and 0.<WiFi VLAN> using two specific bridge-groups (different from 1). My question is the following: under the main radio interface there are the references of the bridge group 1 that I did not use. Can I leave it or must I replace it with the bridge group that I used for the management vlan?

Thank you very much

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jeff.kish Mon, 05/04/2009 - 04:53

Yes, you should remove all references to bridge-groups on your actual Dot0 and Fa0 interfaces. It's also necessary to create subinterfaces on your Fa0 interface, just in case you didn't do that.

Keep in mind that you should use bridge-group 1 on your native VLAN, so if your management VLAN is the native then it should be on bridge-group 1. Either way, you should have a subinterface on Fa0 for your native VLAN, otherwise you won't be able to telnet to the AP.

If you want to post your configuration, we can probably be of more help. Hopefully that works for you though.

Jeff

mperduca Mon, 05/04/2009 - 05:07

Thank you.

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname

!

enable secret 5 $1$cCq2$xiXU5xj9FOzWTNvhpmvVr.

!

aaa new-model

!

!

aaa group server radius rad_eap

server 192.168.0.1 auth-port 1812 acct-port 1813

server 192.168.0.2 auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

!

aaa session-id common

!

!

!

dot11 ssid XYZ

vlan 117

authentication open eap eap_methods

authentication network-eap eap_methods

authentication key-management wpa

!

power inline negotiation prestandard source

!

!

username cisco password cisco

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 117 mode ciphers tkip

!

encryption vlan 102 key 1 size 128bit 7 D27D726E54606C44B67B17586243 transmit-key

encryption vlan 102 mode wep mandatory

!

ssid XYZ

!

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.102

encapsulation dot1Q 102 native

no ip route-cache

bridge-group 102

bridge-group 102 subscriber-loop-control

bridge-group 102 block-unknown-source

no bridge-group 102 source-learning

no bridge-group 102 unicast-flooding

bridge-group 102 spanning-disabled

!

interface Dot11Radio0.117

encapsulation dot1Q 117

no ip route-cache

bridge-group 117

bridge-group 117 subscriber-loop-control

bridge-group 117 block-unknown-source

no bridge-group 117 source-learning

no bridge-group 117 unicast-flooding

bridge-group 117 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 117 mode ciphers tkip

!

encryption vlan 102 key 1 size 128bit 7 D27D726E54606C44B67B17586243 transmit-key

encryption vlan 102 mode wep mandatory

!

ssid XYZ

!

no dfs band block

channel dfs

station-role root

bridge-group 102

bridge-group 102 subscriber-loop-control

bridge-group 102 block-unknown-source

no bridge-group 102 source-learning

no bridge-group 102 unicast-flooding

bridge-group 102 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.102

encapsulation dot1Q 102 native

ip address 10.10.10.1 255.255.255.0

no ip route-cache

bridge-group 102

no bridge-group 102 source-learning

bridge-group 102 spanning-disabled

!

interface FastEthernet0.117

encapsulation dot1Q 117

ip address 10.11.10.1 255.255.255.0

no ip route-cache

bridge-group 117

no bridge-group 117 source-learning

bridge-group 117 spanning-disabled

!

interface BVI1

no ip address

no ip route-cache

!

ip default-gateway 10.11.10.254

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 key 7 dsdsd

radius-server host 192.168.0.2 auth-port 1812 acct-port 1813 key 7 deafsgtggfsgfsgv

bridge 1 route ip

SO I must to remove under the dot11 radio 0 and 1 the references for the bridge-group1? if under the fast ethernet 0.102 I put bridge group 1 I lose the connection from the switch. It seems a link between bridge group 1 and vlan 1

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode