×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Getting error about VLAN not existing on radio

Unanswered Question
Jan 28th, 2014
User Badges:

When I try to enable the 5ghz radio on my AIR-AP1142N-A-K9 I get the following error:


VLAN '100' doesn't exist on 'Radio1-802.11N 5GHz' (see Services>VLAN)


In the vlan it is enabled.  What gives?


Config below:




!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap-1140-southwing

!

logging rate-limit console 9

enable secret xxxxxxxxxxxxxxxxxxxx

!

aaa new-model

!

!

aaa group server radius rad_eap

server 192.168.1.187 auth-port 1812 acct-port 1813

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

server 192.168.1.187 auth-port 1812 acct-port 1813

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

!

aaa session-id common

clock timezone CST -6

clock summer-time CDT recurring

!

!

dot11 syslog

dot11 vlan-name 5gwifi vlan 300

dot11 vlan-name jchcenterprise vlan 130

dot11 vlan-name public vlan 100

!

dot11 ssid jchccorp

   vlan 120

   authentication open

   authentication key-management wpa version 2

   mbssid guest-mode

   wpa-psk ascii 7 115A4A50461808040778797478

!

dot11 ssid jchcpublic

   vlan 100

   authentication open

   mbssid guest-mode

!

!

!

username Cisco password 7 10640C1C15435C5B

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 120 mode ciphers aes-ccm tkip

!

encryption vlan 130 mode ciphers aes-ccm tkip

!

ssid jchccorp

!

ssid jchcpublic

!

antenna gain 0

mbssid

channel width 40-below

channel 2422

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.100

encapsulation dot1Q 100

no ip route-cache

bridge-group 100

bridge-group 100 subscriber-loop-control

bridge-group 100 block-unknown-source

no bridge-group 100 source-learning

no bridge-group 100 unicast-flooding

bridge-group 100 spanning-disabled

!

interface Dot11Radio0.120

encapsulation dot1Q 120

no ip route-cache

bridge-group 120

bridge-group 120 subscriber-loop-control

bridge-group 120 block-unknown-source

no bridge-group 120 source-learning

no bridge-group 120 unicast-flooding

bridge-group 120 spanning-disabled

!

interface Dot11Radio0.130

encapsulation dot1Q 130

no ip route-cache

bridge-group 130

bridge-group 130 subscriber-loop-control

bridge-group 130 block-unknown-source

no bridge-group 130 source-learning

no bridge-group 130 unicast-flooding

bridge-group 130 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 120 mode ciphers aes-ccm tkip

!

encryption vlan 300 mode ciphers aes-ccm tkip

!

ssid jchccorp

!

antenna gain 0

dfs band 3 block

mbssid

speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

channel width 40-above

channel 5180

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.100

encapsulation dot1Q 100

no ip route-cache

bridge-group 100

bridge-group 100 subscriber-loop-control

bridge-group 100 block-unknown-source

no bridge-group 100 source-learning

no bridge-group 100 unicast-flooding

bridge-group 100 spanning-disabled

!

interface Dot11Radio1.120

encapsulation dot1Q 120

no ip route-cache

bridge-group 120

bridge-group 120 subscriber-loop-control

bridge-group 120 block-unknown-source

no bridge-group 120 source-learning

no bridge-group 120 unicast-flooding

bridge-group 120 spanning-disabled

!

interface Dot11Radio1.300

encapsulation dot1Q 300

no ip route-cache

bridge-group 255

bridge-group 255 subscriber-loop-control

bridge-group 255 block-unknown-source

no bridge-group 255 source-learning

no bridge-group 255 unicast-flooding

bridge-group 255 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.100

encapsulation dot1Q 100

no ip route-cache

bridge-group 100

no bridge-group 100 source-learning

bridge-group 100 spanning-disabled

!

interface GigabitEthernet0.120

encapsulation dot1Q 120

no ip route-cache

bridge-group 120

no bridge-group 120 source-learning

bridge-group 120 spanning-disabled

!

interface GigabitEthernet0.130

encapsulation dot1Q 130

no ip route-cache

bridge-group 130

no bridge-group 130 source-learning

bridge-group 130 spanning-disabled

!

interface GigabitEthernet0.300

encapsulation dot1Q 300

no ip route-cache

bridge-group 255

no bridge-group 255 source-learning

bridge-group 255 spanning-disabled

!

interface BVI1

ip address 192.168.1.195 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.1.35

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

radius-server attribute 32 include-in-access-req format %h

radius-server host 192.168.1.187 auth-port 1812 acct-port 1813 key 7 002E161650155B

radius-server vsa send accounting

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

!

end


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Tue, 01/28/2014 - 14:20
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 120 mode ciphers aes-ccm tkip

!

encryption vlan 300 mode ciphers aes-ccm tkip <--should be vlan 100


Also since your using WPA version 2, don't use tkip


config t

interface Dot11Radio0

no ip address

no ip route-cache

encryption vlan 120 mode ciphers aes-ccm!

encryption vlan 100 mode ciphers aes-ccm



interface Dot11Radio1

no ip address

no ip route-cache

encryption vlan 120 mode ciphers aes-ccm

encryption vlan 100 mode ciphers aes-ccm


Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Scott Fella Tue, 01/28/2014 - 14:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

dot11 ssid jchccorp

   vlan 120

   authentication open

   authentication key-management wpa version 2

   mbssid guest-mode

   wpa-psk ascii 7 115A4A50461808040778797478

!

dot11 ssid jchcpublic

   vlan 100

   authentication open

   mbssid guest-mode


You have 2 SSID's defined using vlan 120 and vlan 100, if you need another SSID, you need to define the vlan also.  If you just want jchcorp on the 5ghz:


interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 120 mode ciphers aes-ccm tkip

!

ssid jchccorp

!

interface Dot11Radio1.100

encapsulation dot1Q 100

no ip route-cache

bridge-group 100

bridge-group 100 subscriber-loop-control

bridge-group 100 block-unknown-source

no bridge-group 100 source-learning

no bridge-group 100 unicast-flooding

bridge-group 100 spanning-disabled

!

interface Dot11Radio1.120

encapsulation dot1Q 120

no ip route-cache

bridge-group 120

bridge-group 120 subscriber-loop-control

bridge-group 120 block-unknown-source

no bridge-group 120 source-learning

no bridge-group 120 unicast-flooding

bridge-group 120 spanning-disabled


Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Scott Fella Tue, 01/28/2014 - 15:29
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Probably better to let us know what ssid's you want on what radio... you have defined vlan 300, but you don't have an ssid setup for vlan 300, then on your 5ghz, you only have one SSID, but then you have to vlans defined.  It's best to make changes on the CLI and not the gui also.


Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

andyr354r Wed, 01/29/2014 - 03:20
User Badges:

Sorry, posted in a hurry at end of day.

As far as using the CLI I don't know any of the commands.  Would need the beginner course there.


Need to add 5GHz to vlan100, the open network for visitors.


Any recomendations on a better way to best secure vlan 120 appreciated to.


I don't use vlan 300 anymore, need to delete them.


Thanks, Andy

Scott Fella Thu, 01/30/2014 - 15:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Actions

This Discussion

Related Content

 

 

Trending Topics - Security & Network