Bug on 3560? Management VLAN

Unanswered Question
Nov 4th, 2009
User Badges:

Hello


I have a 3560 switch and there is a WLAN AP connected.

Port is configured as below.

interface FastEthernet0/43

description * WLAN *

switchport trunk encapsulation dot1q

switchport trunk native vlan 5

switchport trunk allowed vlan 5,10,15

switchport mode trunk


Now I'm not able to ping the AP.

If I insert the command:

no switchport trunk native vlan 5

and then

switchport trunk native vlan 5


Then I'm able to ping.


If I disconnect the AP and connect again I have the same problem.


Is this a bug or do I have a wrong config?


Thanks for your help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
trdheeraj Wed, 11/04/2009 - 11:25
User Badges:

It doesn't seem to be a bug. Normally thin APs should go into a access port ,not to trunk port. Could you please tell me the AP type and model ?

glen.grant Wed, 11/04/2009 - 15:57
User Badges:
  • Purple, 4500 points or more

Please post the ap config.. Have seen any bug like that .

supportwagner Thu, 11/05/2009 - 07:06
User Badges:

AP: Cisco 1242


Here is the config:


Current configuration : 3989 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap1

!

enable secret 5 12345

!

ip subnet-zero

no ip domain lookup

ip domain name domain.local

!

!

ip ssh version 2

no aaa new-model

!

dot11 ssid MA

vlan 10

authentication open

authentication key-management wpa

wpa-psk ascii 7 12345

!

dot11 ssid guest

vlan 15

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 12345

!

power inline negotiation prestandard source

!

!

username wid privilege 15 password 7 12345

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 15 mode ciphers aes-ccm

!

encryption vlan 10 mode ciphers aes-ccm tkip

!

ssid MA

!

ssid guest

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.10

encapsulation dot1Q 10

no ip route-cache

no cdp enable

bridge-group 10

bridge-group 10 subscriber-loop-control

bridge-group 10 port-protected

bridge-group 10 block-unknown-source

no bridge-group 10 source-learning

no bridge-group 10 unicast-flooding

bridge-group 10 spanning-disabled

!

interface Dot11Radio0.15

encapsulation dot1Q 15

no ip route-cache

no cdp enable

bridge-group 15

bridge-group 15 subscriber-loop-control

bridge-group 15 port-protected

bridge-group 15 block-unknown-source

no bridge-group 15 source-learning

no bridge-group 15 unicast-flooding

bridge-group 15 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 15 mode ciphers aes-ccm

!

encryption vlan 10 mode ciphers aes-ccm tkip

!

ssid MA

!

ssid guest

!

no dfs band block

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

channel dfs

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.10

encapsulation dot1Q 10

no ip route-cache

no cdp enable

bridge-group 10

bridge-group 10 subscriber-loop-control

bridge-group 10 port-protected

bridge-group 10 block-unknown-source

no bridge-group 10 source-learning

no bridge-group 10 unicast-flooding

bridge-group 10 spanning-disabled

!

interface Dot11Radio1.15

encapsulation dot1Q 15

no ip route-cache

no cdp enable

bridge-group 15

bridge-group 15 subscriber-loop-control

bridge-group 15 port-protected

bridge-group 15 block-unknown-source

no bridge-group 15 source-learning

no bridge-group 15 unicast-flooding

bridge-group 15 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.5

encapsulation dot1Q 5 native

no ip route-cache

no cdp enable

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.10

encapsulation dot1Q 10

no ip route-cache

no cdp enable

bridge-group 10

no bridge-group 10 source-learning

bridge-group 10 spanning-disabled

!

interface FastEthernet0.15

encapsulation dot1Q 15

no ip route-cache

no cdp enable

bridge-group 15

no bridge-group 15 source-learning

bridge-group 15 spanning-disabled

!

interface BVI1

ip address 192.135.91.202 255.255.255.0

no ip route-cache

!

ip default-gateway 192.135.91.254

ip http server

ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

control-plane

!

bridge 1 route ip

!

!

alias exec c conf t

alias exec w cop run sta

alias exec v sh run

alias exec b sh ip int brie

alias exec a show dot11 associations

!

line con 0

line vty 0 4

login local

!

end



iyde Thu, 11/05/2009 - 12:39
User Badges:
  • Silver, 250 points or more

Hi.


Weird. As I see it your config is fine. You have "encapsulation dot1Q 5 native" and "bridge-group 1" and the IP of the AP on BVI1 and it all corresponds fine with the native vlan 5 on the switchport, so it _should_ all be fine.

That said, I actually had a problem that looked like this at a customer. As they were preparing to convert from autonomous AP to lightweight we did not pursue the problem further so unfortunately I do not have a solution. I'd be pleased to learn a solution if anybody else has one.


HTH, Ingolf


supportwagner Sun, 11/08/2009 - 05:00
User Badges:

I did a firmware update and now my workaround with the no switchport.... doesn't work anymore.

So now I have no possibility to access the AP.

Looks like the configuration is not correct?


Yours sincerely

Actions

This Discussion