Trunking issue with autonomous AP

Unanswered Question
Aug 4th, 2009

I was at a customers that wanted a new ssid configured on his 20 1252 AP's and to stand up a new one with the olds and new SSID on it. Added the vlans, trunked them down and configured the interfaces and SSID's on the existing AP's no biggie. The new AP(not really new been kicking around in a lab) is giving me some weird issues. I deleted the exisiting config from it and took one of the running configs fromm the others that are working, modified the name and ip and pasted it in. This should have worked just fine. However the trunk port on the 4507 will not come up. The radio's are up and so is the BVI, however I cannot ping to it since the trunk is down. I started looking at the config and the thing I notice is that the AP's are in vlan 2, and the native vlan is set for vlan 2 on all the working trunk ports on the switch. However the AP's do not have vlan 2 on them, and their native vlan is 1. This should not work! I always thought the native had to match on both sides?? In any case I am probably missing something stupid, I have been up since 4am it was a 4 hour drive to get here. Oh and I have to go back and make firewall changes at midnight. Here is the relavent configs please let me know if its something stupid I usually do a lot of controller based installs havnet done a autonomous one in years. Thanks!

Here is a port on the switch

interface GigabitEthernet3/9

description AP 1 - SMT

switchport access vlan 2

switchport trunk native vlan 2

switchport trunk allowed vlan 2,9,15

switchport mode trunk

end

Here is the AP hanging off that works fine

cstwap01#sh vlans

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interfaces: Dot11Radio0

Dot11Radio1

GigabitEthernet0

This is configured as native Vlan for the following interface(s) :

Dot11Radio0

Dot11Radio1

GigabitEthernet0

show run on the AP

dot11 mbssid

dot11 vlan-name VoIPVLan vlan 9

dot11 vlan-name Wireless-101-Legacy vlan 15

!

dot11 ssid 101

vlan 15

authentication open

mbssid guest-mode

!

dot11 ssid VoIPVLan

vlan 9

authentication open

mbssid guest-mod

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid 101

!

ssid VoIPVLan

!

!

interface Dot11Radio0.9

encapsulation dot1Q 9

no ip route-cache

bridge-group 9

bridge-group 9 subscriber-loop-control

bridge-group 9 block-unknown-source

no bridge-group 9 source-learning

no bridge-group 9 unicast-flooding

bridge-group 9 spanning-disabled

!

interface Dot11Radio0.15

encapsulation dot1Q 15

no ip route-cache

bridge-group 15

bridge-group 15 subscriber-loop-control

bridge-group 15 block-unknown-source

no bridge-group 15 source-learning

no bridge-group 15 unicast-flooding

bridge-group 15 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.9

encapsulation dot1Q 9

no ip route-cache

bridge-group 9

no bridge-group 9 source-learning

bridge-group 9 spanning-disabled

!

interface GigabitEthernet0.15

encapsulation dot1Q 15

no ip route-cache

bridge-group 15

no bridge-group 15 source-learning

bridge-group 15 spanning-disabled

!

interface BVI1

ip address 10.190.2.51 255.255.255.0

no ip route-cache

!

ip default-gateway 10.190.2.1

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Roman Rodichev Tue, 08/04/2009 - 19:33

Hello Mike,

actually, native VLAN doesn't have to match on two sides of a trunk, in fact it's quite common with autonomous APs. Your BVI1 is usually tied to a native VLAN 1, but switch port native VLAN is usually configured for whatever VLAN you want AP's management IP to belong to, in your case VLAN 2.

When you connect two catalyst switches together with a trunk that has different native VLAN configured on two sides, you will keep getting logging messages warning you about it. It's not recommended, but some scenarios require such setup.

Something else is wrong, maybe a physical issue. When you say the trunk is down, do you mean the interface is down ? Can you paste config of bad switch port and bad AP?

Regards,

Roman

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode