My AP is connected into switch Trunk-link and its native vlan is vlan-1 bydefault. my AP is also using VLAN-1 ip range. but still it is not working

here is my Switch and AP config>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Switch tunk port config-

interface FastEthernet0/13

description WIFI

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,3,6

switchport mode trunk

no ip

AP config-

AP1#sho run
Building configuration...

Current configuration : 4266 bytes
!
! Last configuration change at 04:44:22 UTC Mon Mar 1 1993 by Cisco
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP1
!
!
logging rate-limit console 9
enable secret 5 $1$x2Fh$8ZhA/DZ3ETam1UrEnGDi10
!
no aaa new-model
ip cef
!
!
!
dot11 syslog
!
dot11 ssid FMFB 1st-Floor
   vlan 1
   authentication open
!
dot11 ssid FMFBGuest 1st-Floor
   vlan 6
   authentication open
   mbssid guest-mode
!
dot11 ssid FMFBHO 1st-Floor
   vlan 3
   authentication open
   mbssid guest-mode
!
!
crypto pki token default removal timeout 0
!
!
username Cisco password 7 00271A150754
!
!
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 6 key 1 size 40bit 7 CE6B241F0B93 transmit-key
encryption vlan 6 mode wep mandatory
!
encryption vlan 1 key 1 size 40bit 7 472EA7B5111B transmit-key
encryption vlan 1 mode wep mandatory
!
encryption vlan 3 key 1 size 40bit 7 4B1C6B676A07 transmit-key
encryption vlan 3 mode wep mandatory
!
ssid FMFB 1st-Floor
!
ssid FMFBGuest 1st-Floor
!
ssid FMFBHO 1st-Floor
!
antenna gain 0
stbc
mbssid
speed  basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8
. m9. m10. m11. m12. m13. m14. m15.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.3
encapsulation dot1Q 3
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.6
encapsulation dot1Q 6
bridge-group 6
bridge-group 6 subscriber-loop-control
bridge-group 6 spanning-disabled
bridge-group 6 block-unknown-source
no bridge-group 6 source-learning
no bridge-group 6 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption vlan 1 key 1 size 40bit 7 F704A8800A33 transmit-key
encryption vlan 1 mode wep mandatory
!
encryption vlan 3 key 1 size 40bit 7 A228C53B4E14 transmit-key
encryption vlan 3 mode wep mandatory
!
encryption vlan 6 key 1 size 40bit 7 EF0679277D81 transmit-key
encryption vlan 6 mode wep mandatory
!
ssid FMFB 1st-Floor
!
ssid FMFBGuest 1st-Floor
!
ssid FMFBHO 1st-Floor
!
antenna gain 0
no dfs band block
stbc
mbssid
speed  basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8
. m9. m10. m11. m12. m13. m14. m15.
power local -1
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.3
encapsulation dot1Q 3
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio1.6
encapsulation dot1Q 6
bridge-group 6
bridge-group 6 subscriber-loop-control
bridge-group 6 spanning-disabled
bridge-group 6 block-unknown-source
no bridge-group 6 source-learning
no bridge-group 6 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.3
encapsulation dot1Q 3
bridge-group 3
bridge-group 3 spanning-disabled
no bridge-group 3 source-learning
!
interface GigabitEthernet0.6
encapsulation dot1Q 6
bridge-group 6
bridge-group 6 spanning-disabled
no bridge-group 6 source-learning
!
interface BVI1
ip address 192.168.2.241 255.255.255.0
!
ip default-gateway 192.168.2.250
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
transport input all
!
end

AP1#

If you connect a laptop with an IP address in that vlan 1 range and connect it to that same port, can you ping the gateway?

Sent from Cisco Technical Support iPhone App

I have a similar issue. In my case, I am not using native vlan for  SSID. I can connect my laptop to other SSIDs, get the correct ip address  from DHCP server, defined on the switch. Problem is, I loose AP  management connectivity.

The switch and AP management IP are in same subnet.  the management vlan is allowed on the trunk link. but no remote  connectivity to ap!

What could be wrong?

Regards,

Girish

Yes i can even ping the Gateway from the AP itself aswell.  but the problem is that i can not ping any other vlans. intervlan routings are working fine, and clients which connect through this ap can communicate with any vlans. only from the AP itself i can not ping other vlans and from other vlans i can not ping the AP  maangement ip-address

That is usually an issue with the default gateway. Is this default gateway correct

ip default-gateway 192.168.2.250

Sent from Cisco Technical Support iPhone App

There is not an issue with Default-Gateway, and that is a correct GW address.

Post "show run int vlan1 " & "show ip route" output of the switch you have defined vlan 1 SVI. Also what is the switch model & IOS version ?

Dear Rasikanayanajith,

It is my switch model-

C3550-I9Q3L2-M), Version 12.1(19)EA1c

and here is my show command outputs-

VTP#sho ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 10.1.1.1 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, Vlan8
     192.168.102.0/27 is subnetted, 1 subnets
C       192.168.102.0 is directly connected, Vlan5
C    192.168.2.0/24 is directly connected, Vlan1
C    192.168.100.0/24 is directly connected, Vlan3
     192.168.101.0/28 is subnetted, 1 subnets
C       192.168.101.192 is directly connected, Vlan4
S*   0.0.0.0/0 [1/0] via 10.1.1.1

------

VTP#sho ip int vlan 1

Vlan1 is up, line protocol is up

  Internet address is 192.168.2.250/24

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP CEF Fast switching turbo vector

  IP multicast fast switching is disabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Probe proxy name replies are disabled

  Policy routing is disabled

  Network address translation is disabled

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

  BGP Policy Mapping is disabled

VTP#VTP#sho ip int vlan 1
Vlan1 is up, line protocol is up
  Internet address is 192.168.2.250/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Fast switching turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
  BGP Policy Mapping is disabled
VTP#

Dear Leo,

No one can ping Default-GW of vlan-1.  

If i connect my wireless pc to this ap and give it ip-address range from other VLANs (vlan2,3..) then i can ping its related vlan GW address, and traffic normaly passes.  but if i give my wirelss pc ip-add from VLAN-1 then i can not ping anything, No access at all,  even i can not ping VLAN-1 GW and can not ping AP Management ip.

So your saying from another switch, you can't pings the vlan 1 interface also?

Sent from Cisco Technical Support iPhone App

It is recommended best practice that vlan 1 be shut down. I tried below configuration and it worked.

I can put my laptop in vlan 10 subnet and can access the switch  and the AP for management purposes. But when I connect to the 3 SSIDs, I  cannot ping the AP management IP address. Though I can reach the  switch.

I believe, this as some kind of AP management restriction via wireless vlans in the new aIOS.

Same is true if you replace vlan 10 with vlan 1.

on the switch (3560G-48TS),

Vlan10

name Management

!

Vlan100

name RED_SSID

!

Vlan101

name GREEN_SSID

!

Vlan102

name YELLOW_SSID

!

interface Vlan10

ip address 10.10.10.1 255.255.255.0

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport trunk allowed vlan 10,100-102

switchport mode trunk

switchport nonegotiate

!

on the AP ( i used 3502I and also 1042I Auto AP)

interface Dot11Radio0.10

encapsulation dot1Q 10 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface GigabitEthernet0.10

encapsulation dot1Q 10 native

bridge-group 1

bridge-group 1 spanning-disabled

no bridge-group 1 source-learning

!

interface BVI1

ip address 10.10.10.3 255.255.255.0

!

ip default-gateway 10.10.10.1

!

bridge irb

bridge 1 route ip

!

Just my few cents.

HTH.

Your configuration is fine.  I have tested it with 3750 switch & 1142 AP & everything work as expected (I can ping from .241 IP to any vlan on my 3750). If you have any other layer 3 switch I would suggest you to test this AP with that. Or else try with upgrading IOS to a later version.

If you really want to see what's going on at packet level, you could do a packet capture while pinging from your AP to any other vlan.