cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
705
Views
0
Helpful
6
Replies

Bug on 3560? Management VLAN

supportwagner
Level 1
Level 1

Hello

I have a 3560 switch and there is a WLAN AP connected.

Port is configured as below.

interface FastEthernet0/43

description * WLAN *

switchport trunk encapsulation dot1q

switchport trunk native vlan 5

switchport trunk allowed vlan 5,10,15

switchport mode trunk

Now I'm not able to ping the AP.

If I insert the command:

no switchport trunk native vlan 5

and then

switchport trunk native vlan 5

Then I'm able to ping.

If I disconnect the AP and connect again I have the same problem.

Is this a bug or do I have a wrong config?

Thanks for your help

6 Replies 6

trdheeraj
Level 1
Level 1

It doesn't seem to be a bug. Normally thin APs should go into a access port ,not to trunk port. Could you please tell me the AP type and model ?

glen.grant
VIP Alumni
VIP Alumni

Please post the ap config.. Have seen any bug like that .

AP: Cisco 1242

Here is the config:

Current configuration : 3989 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap1

!

enable secret 5 12345

!

ip subnet-zero

no ip domain lookup

ip domain name domain.local

!

!

ip ssh version 2

no aaa new-model

!

dot11 ssid MA

vlan 10

authentication open

authentication key-management wpa

wpa-psk ascii 7 12345

!

dot11 ssid guest

vlan 15

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 12345

!

power inline negotiation prestandard source

!

!

username wid privilege 15 password 7 12345

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 15 mode ciphers aes-ccm

!

encryption vlan 10 mode ciphers aes-ccm tkip

!

ssid MA

!

ssid guest

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.10

encapsulation dot1Q 10

no ip route-cache

no cdp enable

bridge-group 10

bridge-group 10 subscriber-loop-control

bridge-group 10 port-protected

bridge-group 10 block-unknown-source

no bridge-group 10 source-learning

no bridge-group 10 unicast-flooding

bridge-group 10 spanning-disabled

!

interface Dot11Radio0.15

encapsulation dot1Q 15

no ip route-cache

no cdp enable

bridge-group 15

bridge-group 15 subscriber-loop-control

bridge-group 15 port-protected

bridge-group 15 block-unknown-source

no bridge-group 15 source-learning

no bridge-group 15 unicast-flooding

bridge-group 15 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 15 mode ciphers aes-ccm

!

encryption vlan 10 mode ciphers aes-ccm tkip

!

ssid MA

!

ssid guest

!

no dfs band block

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

channel dfs

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.10

encapsulation dot1Q 10

no ip route-cache

no cdp enable

bridge-group 10

bridge-group 10 subscriber-loop-control

bridge-group 10 port-protected

bridge-group 10 block-unknown-source

no bridge-group 10 source-learning

no bridge-group 10 unicast-flooding

bridge-group 10 spanning-disabled

!

interface Dot11Radio1.15

encapsulation dot1Q 15

no ip route-cache

no cdp enable

bridge-group 15

bridge-group 15 subscriber-loop-control

bridge-group 15 port-protected

bridge-group 15 block-unknown-source

no bridge-group 15 source-learning

no bridge-group 15 unicast-flooding

bridge-group 15 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.5

encapsulation dot1Q 5 native

no ip route-cache

no cdp enable

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.10

encapsulation dot1Q 10

no ip route-cache

no cdp enable

bridge-group 10

no bridge-group 10 source-learning

bridge-group 10 spanning-disabled

!

interface FastEthernet0.15

encapsulation dot1Q 15

no ip route-cache

no cdp enable

bridge-group 15

no bridge-group 15 source-learning

bridge-group 15 spanning-disabled

!

interface BVI1

ip address 192.135.91.202 255.255.255.0

no ip route-cache

!

ip default-gateway 192.135.91.254

ip http server

ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

control-plane

!

bridge 1 route ip

!

!

alias exec c conf t

alias exec w cop run sta

alias exec v sh run

alias exec b sh ip int brie

alias exec a show dot11 associations

!

line con 0

line vty 0 4

login local

!

end

Hi.

Weird. As I see it your config is fine. You have "encapsulation dot1Q 5 native" and "bridge-group 1" and the IP of the AP on BVI1 and it all corresponds fine with the native vlan 5 on the switchport, so it _should_ all be fine.

That said, I actually had a problem that looked like this at a customer. As they were preparing to convert from autonomous AP to lightweight we did not pursue the problem further so unfortunately I do not have a solution. I'd be pleased to learn a solution if anybody else has one.

HTH, Ingolf

Hi

Does may be a firmware update helps?

Yours sincerely

I did a firmware update and now my workaround with the no switchport.... doesn't work anymore.

So now I have no possibility to access the AP.

Looks like the configuration is not correct?

Yours sincerely

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: