Inter-vlan ping to AP - AP does not respond from vlan 1!

Unanswered Question
Jul 5th, 2012
User Badges:

Hi all,


I am experiencing a very odd issue.


I have a switch 3550 with a very basic setup.


2 Vlans, one for data and another for Wireless

Vlan 1 is 192.168.1.x

vlan 30 is 192.168.30.x


I have assigned each Vlan 16 ports


I can ping back and forth devices on each vlan which means ip routing is working as expected.

A PC on VLAN 1 can ping a PC on VLAN30 and vice versa.



My access point is 192.168.30.210. I can manage the device and ping it from VLAN 30 but not from VLAN 1. The problem only happens with APs.

I have used a 3com and a netgear.. no joy...does not reply.

If i ping from the 192.168.30.x network it responds but not from the 192.168.1.x


ahh.. another oddity... i can ping the AP from the 3550!


The APs have the VLAN 1 ip as the gateway


Any ideas?


***************

core#ping 192.168.30.210


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.30.210, timeout is 2 seconds:

!!!!!

********************************************

core#sh run

Building configuration...


Current configuration : 4300 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname core

!

!

no aaa new-model

ip subnet-zero

ip routing

!

vtp domain SWLAB

vtp mode transparent

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 30

name WLAN

!

!

!

interface FastEthernet0/1

switchport mode dynamic desirable

!

interface FastEthernet0/2

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport mode dynamic desirable

!

interface FastEthernet0/4

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport mode dynamic desirable

!

interface FastEthernet0/6

switchport mode dynamic desirable

!

interface FastEthernet0/7

switchport mode dynamic desirable

!

interface FastEthernet0/8

switchport mode dynamic desirable

!

interface FastEthernet0/9

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport mode dynamic desirable

!

interface FastEthernet0/11

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport mode dynamic desirable

!

interface FastEthernet0/14

switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/22

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/24

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/25

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/26

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/27

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/28

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/29

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/30

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/31

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/32

switchport access vlan 30

switchport mode dynamic desirable

!

interface FastEthernet0/33

switchport mode dynamic desirable

!

interface FastEthernet0/34

switchport mode dynamic desirable

!

interface FastEthernet0/35

switchport mode dynamic desirable

!

interface FastEthernet0/36

switchport mode dynamic desirable

!

interface FastEthernet0/37

switchport mode dynamic desirable

!

interface FastEthernet0/38

switchport mode dynamic desirable

!

interface FastEthernet0/39

switchport mode dynamic desirable

!

interface FastEthernet0/40

switchport mode dynamic desirable

!

interface FastEthernet0/41

switchport mode dynamic desirable

!

interface FastEthernet0/42

switchport mode dynamic desirable

!

interface FastEthernet0/43

switchport mode dynamic desirable

!

interface FastEthernet0/44

switchport mode dynamic desirable

!

interface FastEthernet0/45

switchport mode dynamic desirable

!

interface FastEthernet0/46

switchport mode dynamic desirable

!

interface FastEthernet0/47

switchport mode dynamic desirable

!

interface FastEthernet0/48

switchport mode dynamic desirable

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

ip address 192.168.1.1 255.255.255.0

!

interface Vlan30

ip address 192.168.30.1 255.255.255.0

!

ip default-gateway 192.168.1.1

ip classless

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Reza Sharifi Thu, 07/05/2012 - 08:37
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

The ip default-gateway command should only be used when routing is disable on the switch..

so, can you remove ip default-gateway 192.168.1.1 from your config and test again?


HTH

rodolfogallego Thu, 07/05/2012 - 23:59
User Badges:

Hi Reza,


Thanks for looking into this.


I have followed your suggestion but it doesnt work... still does not reply to pings from a machine on VLAN 1.


However, I can connect to the Access point and can ping the server (on vlan 1) and all the other stuff.


I really dont understand Why it replies to a ping if I have a 192.168.30.x address but not to a 192.168.1.x address


I i plug a computer to the vlan 30 it will reply to pings from a 192.168.1.x... its just the AP that does not reply. Weird..


What I did was to setup a Windows server qith DHP role on 192.168.1.160 with 2 scopes. one for the wireless (192.168.30.x) and another for the LAN 192.168.1.x

With the ip helper address 192.168.1.160 with worlks perfectly...


Devices connects to the AP willl get and ip of 192.168.30.x and can access the server happilly on 192.168.1.160

Devices connected to LAN get IPs of 192.168.1.x


How odd is this?


Thanks!

Reza Sharifi Fri, 07/06/2012 - 06:17
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi,


What port from your the switch is connected to the AP?  Can you make that port a trunk port on both the switch and AP and test again?

Is "IP routing" enabled on on the switch?


HTH

Alessio Andreoli Fri, 07/06/2012 - 03:10
User Badges:
  • Silver, 250 points or more

Hi rodolfo,

this is not inter-vlan routing. Until you do not start a routing process and advertise the vlan subnets below this process you will not be able to ping an AP from Vlan 1 to an AP in Vlan 30.



conf t

ip routing

router ospf 1

network 192.168.1.0 0.0.0.255 area X

network 192.168.30.0 0.0.0.255 area X

log



a process similar to this is telling to Vlan 30 that at Layer 3 there is Vlan 1 to speak with. Inter-Vlan routing is involving layer 3 decisions despite the confusing name.


One thing more. For your verification use


ping 1.1.1.1 source 2.2.2.2


it is helpful to understand which network is properly advertised on the current routing table.



HTH

Alessio

Reza Sharifi Fri, 07/06/2012 - 06:03
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Alessio,


There is only one switch and the subnets/vlans are connected interfaces, therefore there is no need to run a routing protocol.


HTH

Alessio Andreoli Fri, 07/06/2012 - 06:20
User Badges:
  • Silver, 250 points or more

Hi Reza,

to let two different vlans speak you need a layer 3 decision. Now, my partial config was just an example of a layer 3 decision but whatever you implement you need a layer 3 point which will put in contact the two different broadcast domains.



this if you want to do INTER-vlan routing. Maybe i misundertood your goal.


actually a classical config would be:


interface g0/1

encapsulation dot1q

switchport mode trunk

switchpor vlan allowed 1,30


on the switch

and


int g0/1

no shut

!

interface g0/1.1

encapsulation dot1q 1

ip address 192.168.1.1 255.255.255.0

!

interface g0/1.30

encapsulation dot1q 30

ip address 192.168.30.1 255.255.255.0

!


!whatever routing process required for these two subnets.


on the router. On the router (Layer 3 point) these vlans would be able to speak each other.



HTH

Alessio

sajid_m123 Fri, 07/06/2012 - 06:30
User Badges:

The APs have the VLAN 1 ip as the gateway????????


Make Vlan30's IP address the DG. Moreover, for some APs. a trunk interface is created between the switch and the AP. An IP add is assigned to the BVI interface and this IP address belong to the subnet of native vlan.

sajid_m123 Fri, 07/06/2012 - 06:40
User Badges:

Alessio,

As Reza mentioned, all you need is "ip routing" statement on the L3 switch and it will take care of all routing in this case. Even in your case, you don't need any specific routing protocol to route packets within the same box, router knows how to route packets for two connected interfaces.

Alessio Andreoli Fri, 07/06/2012 - 06:56
User Badges:
  • Silver, 250 points or more

Hi guys,

here the command:


http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdipadr.html#wp1020435


This command is only enabling IP routing. It does not route anything itself.


Infact, issuing no ip routing is a very useful command to work with a layer 2 only switch


Alessio

      


Please read this too:


http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml


HTH


Alessio

nkarthikeyan Fri, 07/06/2012 - 07:06
User Badges:
  • Gold, 750 points or more

Hi,


Can u make switchport mode access and try..... since u enabled ip routing this should work when it is within the switch.....

rodolfogallego Mon, 07/09/2012 - 06:08
User Badges:

Hi, I will try to make the AP access port a trunk, but wouldn't that be a security concern? And once I make it a trunk port will it assign a 192.168.30.x address?


Thanks!

glen.grant Wed, 07/18/2012 - 13:57
User Badges:
  • Purple, 4500 points or more

As previous poster said if the ap's are in vlan 30 then the gateway must be the vlan 30 SVI address on the 3550  to get off its own subnet.

Actions

This Discussion

Related Content