Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

1240 AP does not honor native vlan diffent then 1

Hi,

 

I stumple with a cracy issue and hope someone have an idea what is going wrong.


I have an older 1240 Autonomous AP where I cannot figure out why the device is using vlan1 instead the required vlan 1616 for management traffic.

Anyway clients can connect, getting IP adresses and traffic is routed but the ap can be managed only via serial console cable or temp. by configuring

the port on the 3750 from trunk to an access port.

 

1240 config.

 

version 12.4

 

!
hostname ap
!
dot11 mbssid
!
dot11 ssid vlan1621
   vlan 1621
   ...
!
dot11 ssid vlan1630
   vlan 1630
   ...
!
bridge irb
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 1621 mode ciphers aes-ccm
 encryption vlan 1630 mode ciphers aes-ccm tkip
 !
 ssid vlan1621
 ssid vlan1630
 !
 station-role root
 no cdp enable
!
interface Dot11Radio0.21
 encapsulation dot1Q 1621
 no ip route-cache
 bridge-group 21
!
interface Dot11Radio0.30
 encapsulation dot1Q 1630
 no ip route-cache
 bridge-group 30
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet0.16
 encapsulation dot1Q 1616 native
 no ip route-cache
 bridge-group 1
!
interface FastEthernet0.21
 encapsulation dot1Q 1621
 no ip route-cache
 bridge-group 21
!
interface FastEthernet0.30
 encapsulation dot1Q 1630
 no ip route-cache
 bridge-group 30
!
interface BVI1
 ip address 192.168.16.11 255.255.255.0
 ip helper-address 192.168.18.20
 no ip route-cache
!
ip default-gateway 192.168.16.1
bridge 1 route ip

 

3750g config:

interface GigabitEthernet1/0/39
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1616
 switchport trunk allowed vlan 1616-1630
 switchport mode trunk
 switchport nonegotiate

 

Changing the bridge-group on the fa0.16 subinterface from 1 to anything different was also without success.

tested 1240 firmware: c1240-k9w7- 123-8.JA2 / 124-25d.JA1 / 124-25d.JA2

 

6 REPLIES
VIP Purple

Autonomous AP management

Autonomous AP management always should be on a un-tagged vlan. Management can be on vlan 1616, but you cannot tag that vlan.

That's why you have to use always "bridge-group 1" command under sub-interface configured for management (fa0.16 in this case) where you use "native" key word in dot1q configuration.

With the given configuration can you ping 192.168.16.1 from your AP ?

 

HTH

Rasika

**** Pls rate all useful responses ****

 

New Member

Hi Rasika,no, ping 192.168.16

Hi Rasika,

no, ping 192.168.16.1 or ping 192.168.16.1 source bvi1is not working.

VIP Purple

HiI have applied your config

Hi

I have applied your config onto 1252 AP directly connect to 3560 switch as shown below & config works as expected.

+++++++ Switch Config ++++++

vlan 1616,1621,1630

!
interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1616
 switchport trunk allowed vlan 1616-1630
 switchport mode trunk

!

interface Vlan1616
 ip address 192.168.16.1 255.255.255.0

++++++++++ AP Config ++++++++++

dot11 ssid vlan1621
   vlan 1621
dot11 ssid vlan1630
   vlan 1630
!
interface Dot11Radio0
 encryption vlan 1621 mode ciphers aes-ccm
 encryption vlan 1630 mode ciphers aes-ccm tkip
 ssid vlan1621
 ssid vlan1630
interface Dot11Radio0.21
 encapsulation dot1Q 1621
 bridge-group 21
!
interface Dot11Radio0.30
 encapsulation dot1Q 1630
 bridge-group 30
!
interface GigabitEthernet0.16
 encapsulation dot1Q 1616 native
 bridge-group 1
!
interface GigabitEthernet0.21
 encapsulation dot1Q 1621
 bridge-group 21
!
interface GigabitEthernet0.30
 encapsulation dot1Q 1630
 bridge-group 30
!
interface BVI1
 ip address 192.168.16.11 255.255.255.0
ip default-gateway 192.168.16.1

AAP1#ping 192.168.16.1                                                       
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.16.1, timeout is 2 seconds:
!!!!!

 

If it does not work for you, I would check vlan 1616 is available in all your switches upto where SVI for vlan 1616 defined.

In your case interface vlan 1616 defined on AP directly connected switch ?

HTH

Rasika

**** Pls rate all useful resposnes ****

 

New Member

Hi Rasika,after going line by

Hi Rasika,

after going line by line over the switch config I found the culprit.

On the client access stack the following parameter was set

vlan dot1q tag native

removing the line and everything started to work.

Anyway I think Native Vlan Tagging is quite useful on client access switches.

The following port configuration on the stack was also working but not stable, after some time packes where dropped so it is no solution.

! not stable workaround for WAP if param. "vlan dot1q tag native" is set on the stack
interface GigabitEthernet1/0/39
 switchport access vlan 1616
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 999
 switchport trunk allowed vlan 1616-1630

 

Is there a possible working solution with "Native Vlan Tagging" and Wireless ?

--

Thanks

olli

VIP Purple

Hi Great, you found the issue

Hi 

Great, you found the issue & fixed it.

In AP, there is no way to get management working with tag vlan.

HTH

Rasika

*** Pls rate all useful responses ****

New Member

Strange, I got your reply and

Strange, I got your reply and see it until I'm logged in ...

Yes vlan1616 is aviable on that stack, indeed there is a second backup server in vlan1616 connected to this stack.

Will post the relevant stack config later if I'm back in the office
 

30
Views
5
Helpful
6
Replies