cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
896
Views
0
Helpful
2
Replies

3750 VLAN routing problem and Access Point 1131 AG multiple SSID?

DejanMilicevic
Level 1
Level 1

PROBLEM 1: We have two Layer3 stacked switches acting as “Inter  Vlan Routing” device together with multiple Layer2 switches acting as  access switches. ASA 5530 firewall will be delivered soon but till then  we need routing between all VLANs. Here is part of the configuration:
Cisco 3750 L3 switch:
-     created  VLANs with appropriate addresses
-     its acting as VTP Server and propagates VLANs to others 2960 VTP  clients
-     configured as a DHCP server for some VLANs
-     STP globaly enabled because there are redundant links
-     Ip routing enabled and on show ip route all Vlans are (C) directly  connected
-     Interfaces are in trunk mode with allowed all VLANs

ip routing
ip dhcp pool AccessPool
network 10.1.103.0 255.255.255.0
default-router 10.1.103.1
ip dhcp pool Computers
network 10.1.101.0 255.255.255.0
default-router 10.1.101.1
spanning-tree mode pvst
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan101
description Computers
ip address 10.1.101.1 255.255.255.0
interface Vlan102
description Cameras
ip address 10.1.102.1 255.255.255.0
interface Vlan103
description AccessPoints
ip address 10.1.103.1 255.255.255.0
ip classless

Cisco 2960 switch:
-     as VTP client
-     STP globaly enabled because there are redundant links
-     Two Interfaces are in trunk mode with allowed all VLANs
interface FastEthernet0/2
switchport access vlan 101
switchport mode access
interface FastEthernet0/13
switchport access vlan 103
switchport mode access
interface GigabitEthernet0/1
switchport mode trunk
Everything is working fine: VTP propagates VLANs, DHCP is assigning  addresses (no dns for now) but routing between VLANs doesn’t working.  For example I can’t access from PC in vlan101 to Access Points in vlan  103, or any other vlan. From L3 switch I can ping all clients in all  subnets, but from L2 switch where are for example vlan 101,102 I can’t  ping clients on other L2 switch where is only vlan 103. All links to L3  switch are in trunk mode allowing all vlans.  HELP?

PROBLEM 2: On L2 switches in some access ports (vlan 103-dhcp  server is on L3 switch ) we have connected 1131 AG AccessPoints. We  didn't assigned vlan on SSID because it is working without it and  wireless clients get addresses. For now only one SSID is broadcasting,  but we want two SSIDs in two vlans (for example 103 and 107 both created  in L3 switch with dhcp parameters) to broadcast. Question is: do I have  to put ports on L2 switch attached to AP in trunk mode allowing vlan  103 and 107, and how to manage on AP to broadcast two visible SSIDs (one  for guests and one for employes). HELP?

1 Accepted Solution

Accepted Solutions

glen.grant
VIP Alumni
VIP Alumni

  I would first  check all the client nics you are trying to ping and verify the default gateway is set correctly.  Then if you are trying to ping those devices all software firewalls need to be turned off otherwise you will get no response .  Seeing they respond from the switch it sounds more like a gateway issue. As far as the ap goes yes you will have to trunk the vlans to it for the different ssids you want to run .

View solution in original post

2 Replies 2

glen.grant
VIP Alumni
VIP Alumni

  I would first  check all the client nics you are trying to ping and verify the default gateway is set correctly.  Then if you are trying to ping those devices all software firewalls need to be turned off otherwise you will get no response .  Seeing they respond from the switch it sounds more like a gateway issue. As far as the ap goes yes you will have to trunk the vlans to it for the different ssids you want to run .

For example I have VLAN 103 with ip address 10.1.103.1/24 and defined:

ip dhcp pool AccessPool
network 10.1.103.0 255.255.255.0
default-router 10.1.103.1

and wireless clients get ip address from pool with gateway and dhcp server: 10.1.103.1.I suppose this is the right way the clients will get exact parameters. When I put one port attached to AP in trunk mode allowing VLAN 103 and 107 (for each SSID) I can access the AP from my PC who is in vlan 101. I don't know where is the mistake. Read somewhere to clear all config and first enable ip routing and it should work, but I wouldn't try this yet ;-).

Firewall is turned off for shure in all devices.

Other issue with broadcasting multiple SSID so they can visible and assigning addresses for each subnet is still problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: