Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trouble with 1532I Getting Connected to Network

Hello,

I have two Aironet 1532I outdoor wireless bridges that are not linking up to my switches.  Here is the physical config:

 

                                                              Wireless Bridge ------> Power Injector -----> Switch Port

 

From the wireless bridge, I have my weatherproofed Cat5e cable connected to the PoE-In port (Gi0) and from there it connects to the PoE port of the power injector (model AIR-PWRINJ1500-2).  From the power injector, I have a Cat5e cable from the port labeled 'To AP' that runs to a port on my switch.  I can console into the root bridge and see that the non-root bridge has associated to it so I know the radios are working and seeing each other.  Here is the current config of my wireless bridge and the config of the switch port connecting the bridge with IP addresses replaced with X's as well as password and key information removed:

 

Switch Port Config:

interface GigabitEthernet7/2
 description *** SCPSCBRG01 - 1532I ***
 switchport trunk native vlan 206
 switchport trunk allowed vlan 1,3,7,30,60,206,600
 switchport mode trunk
 switchport nonegotiate
 power inline never  <-----Disabled power on this port since the the injector supplies power to the bridge; not sure if it's really needed.
 auto qos trust
 service-policy input AutoQos-4.0-Input-Policy
 service-policy output AutoQos-4.0-Output-Policy
 

Bridge Config:

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname scpscbrg01
!
!
logging buffered 50000
logging rate-limit console 9
!
aaa new-model
!
!
aaa group server radius rad_eap
 server <x.x.x.x>
 server <x.x.x.x>
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
 server <x.x.x.x>
 server <x.x.x.x>
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default group tac_admin local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default group tac_admin if-authenticated
aaa accounting exec default start-stop group tac_admin
aaa accounting commands 15 default start-stop group tac_admin
aaa accounting network acct_methods start-stop group rad_acct
!
!
!
!
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
no ip cef
ip domain name <DOMAIN>
ip name-server <x.x.x.x>
ip name-server <x.x.x.x>

!
!
!
!
dot11 syslog
!
dot11 ssid <SSID>
   vlan 206
   authentication open
   authentication key-management <KEY MGMT>
   wpa-psk ascii <KEY>
!
!
dot11 network-map
dot11 guest
!
ipv6 spd queue min-threshold 78
ipv6 spd queue max-threshold 79
!
crypto pki trustpoint TP-self-signed-1851827670
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1851827670
 revocation-check none
 rsakeypair TP-self-signed-1851827670
!
!
crypto pki certificate chain TP-self-signed-1851827670
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31383531 38323736 3730301E 170D3933 30333031 30303130
  34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353138
  32373637 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B7E1 B10108A8 3D0EB2E8 B718838E 37B6FE37 69FA6617 6A7315D4 E2370A8B
  FDFD2AC9 4165CA11 EDB18B31 80FF68F6 E04E8E4D 74F9EEB6 DAA9E5E7 DB9BEAEE
  89F5110A D49E24E0 9980386C 1C4728DD A650FCA2 847BBC5B 11C1FA28 9893E1EC
  0258FEB3 33B84927 BC92CC4A 413B170A BF1F42DD 54AD1430 29933835 A114145B
  D5DF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14FB990A 41E0088E 412DF7A5 F8F536C5 F29B4ECC C1301D06
  03551D0E 04160414 FB990A41 E0088E41 2DF7A5F8 F536C5F2 9B4ECCC1 300D0609
  2A864886 F70D0101 05050003 81810066 DC4806D2 BBFDFC2B 5E8BBBFE 654AF63C
  B3AC3E97 18B9EB86 A82D3940 04D3B81D 544B4202 51AD7B4E A0721EA2 BB999CEC
  661B686B 03092614 98F76C12 FD33AD89 45B634A0 CE1D7C53 E85608BC F77B3905
  17809971 7A0FDEDA 33D9E510 764EBBC6 3BDF2447 B64F9A99 517E8159 C1871A67
  7FFD7338 44E17A95 942F18E6 AC7EBF
      quit
!
!
!
class-map match-all _class_SHEPHERD-VOIP-QOS0
 match ip dscp ef
!
policy-map SHEPHERD-VOIP-QOS
 class _class_SHEP
  set cos 6
 class class-default
  set cos 0
!
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 shutdown
 !
 encryption mode ciphers aes-ccm
 !
 encryption vlan 206 mode ciphers aes-ccm
 !
 encryption vlan 60 mode ciphers aes-ccm
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 encryption vlan 3 mode ciphers aes-ccm
 !
 encryption vlan 30 mode ciphers aes-ccm
 !
 encryption vlan 7 mode ciphers aes-ccm
 !
 encryption vlan 600 mode ciphers aes-ccm
 !
 ssid <SSID>
 !
 antenna gain 0
 speed  basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
 packet retries 64 drop-packet
 station-role root bridge
!
interface Dot11Radio0.1
 encapsulation dot1Q 1
 no ip route-cache
 shutdown
 service-policy input SHEPHERD-VOIP-QOS
 service-policy output SHEPHERD-VOIP-QOS
!
interface Dot11Radio0.3
 encapsulation dot1Q 3
 no ip route-cache
 shutdown
 bridge-group 4
 service-policy input SHEPHERD-VOIP-QOS
 service-policy output SHEPHERD-VOIP-QOS
!
interface Dot11Radio0.7
 encapsulation dot1Q 7
 no ip route-cache
 shutdown
 bridge-group 6
!
interface Dot11Radio0.30
 encapsulation dot1Q 30
 no ip route-cache
 shutdown
 bridge-group 5
 service-policy input SHEPHERD-VOIP-QOS
 service-policy output SHEPHERD-VOIP-QOS
!
interface Dot11Radio0.60
 encapsulation dot1Q 60
 no ip route-cache
 shutdown
 bridge-group 2
!
interface Dot11Radio0.206
 encapsulation dot1Q 206 native
 no ip route-cache
 shutdown
 bridge-group 1
!
interface Dot11Radio0.600
 encapsulation dot1Q 600
 no ip route-cache
 shutdown
 bridge-group 7
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm
 !
 encryption vlan 206 mode ciphers aes-ccm
 !
 encryption vlan 60 mode ciphers aes-ccm
 !
 encryption vlan 1 mode ciphers aes-ccm
 !
 encryption vlan 3 mode ciphers aes-ccm
 !
 encryption vlan 30 mode ciphers aes-ccm
 !
 encryption vlan 7 mode ciphers aes-ccm
 !
 encryption vlan 600 mode ciphers aes-ccm
 !
 ssid <SSID>
 !
 antenna gain 0
 peakdetect
 dfs band 3 block
 speed  basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
 packet retries 64 drop-packet
 channel width 40-above
 channel dfs
 station-role root bridge
!
interface Dot11Radio1.1
 encapsulation dot1Q 1
 no ip route-cache
 service-policy input SHEPHERD-VOIP-QOS
 service-policy output SHEPHERD-VOIP-QOS
!
interface Dot11Radio1.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 4
 service-policy input SHEPHERD-VOIP-QOS
 service-policy output SHEPHERD-VOIP-QOS
!
interface Dot11Radio1.7
 encapsulation dot1Q 7
 no ip route-cache
 bridge-group 6
!
interface Dot11Radio1.30
 encapsulation dot1Q 30
 no ip route-cache
 bridge-group 5
 service-policy input SHEPHERD-VOIP-QOS
 service-policy output SHEPHERD-VOIP-QOS
!
interface Dot11Radio1.60
 encapsulation dot1Q 60
 no ip route-cache
 bridge-group 2
!
interface Dot11Radio1.206
 encapsulation dot1Q 206 native
 no ip route-cache
 bridge-group 1
!
interface Dot11Radio1.600
 encapsulation dot1Q 600
 no ip route-cache
 bridge-group 7
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 hold-queue 80 in
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1
 no ip route-cache
!
interface GigabitEthernet0.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 4
 service-policy output SHEPHERD-VOIP-QOS
!
interface GigabitEthernet0.7
 encapsulation dot1Q 7
 no ip route-cache
 bridge-group 6
!
interface GigabitEthernet0.30
 encapsulation dot1Q 30
 no ip route-cache
 bridge-group 5
 service-policy output SHEPHERD-VOIP-QOS
!
interface GigabitEthernet0.60
 encapsulation dot1Q 60
 no ip route-cache
 bridge-group 2
!
interface GigabitEthernet0.206
 encapsulation dot1Q 206 native
 no ip route-cache
 bridge-group 1
!
interface GigabitEthernet0.600
 encapsulation dot1Q 600
 no ip route-cache
 bridge-group 7
!
interface GigabitEthernet1
 no ip address
 shutdown
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address x.x.x.3 255.255.255.0
 no ip route-cache
!
ip default-gateway <x.x.x.1>
ip forward-protocol nd
no ip http server
ip http authentication aaa
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
logging history size 500
logging host <x.x.x.x>
!
snmp-server community snmpsux RO
snmp-server location Woodruff Residential Building Roof
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps syslog
snmp-server enable traps cpu threshold
snmp-server enable traps aaa_server
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
tacacs-server host <x.x.x.x> timeout 5
tacacs-server host <x.x.x.x> timeout 5
tacacs-server directed-request
tacacs-server <key>
radius-server attribute 32 include-in-access-req format %h
radius-server host <x.x.x.x> key <key>
radius-server host <x.x.x.x> key <key>
radius-server vsa send accounting
!
bridge 1 route ip
!
!
banner motd ^C


             *********************************************************
             *                                                       *
             *                      WARNING!!!!!                     *
             *                                                       *
             *     This system is restricted to Shepherd Center      *
             *         authorized users for business purposes.       *
             *                                                       *
             *     Unauthorized access is a violation of the law.    *
             *   This service may be monitored for administrative    *
             *                  and security reasons.                *
             *    By proceeding, you consent to this monitoring.     *
             *                                                       *
             *                      WARNING!!!!!                     *
             *                                                       *
             *********************************************************

 

^C
!
line con 0
 logging synchronous
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
!
sntp server <x.x.x.x>
end

Thanks,

Terence

2 REPLIES
VIP Purple

interface BVI1 ip address x.x

interface BVI1
 ip address x.x.x.3 255.255.255.0

 

Is this on vlan 206 ?

If I understand your question, you cannot ping your Root AP & Not-Root AP from your switch network,but when you console onto Root AP you see the dot11 association with Non-ROOT. is that correct ?

Here is a reference post for a Bridge Configuration (not specific to 1532, but basic config should not differ based on the model)

http://mrncciew.com/2013/11/09/wireless-bridge-with-eap-fast/

 

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Yes I can't ping it because

Yes I can't ping it because interface Gi0 isn't coming up on either bridge.  However, if I console to either bridge, I can ping the BVI interface which is an IP address on vlan 206.  We have two 1310s that we're trying to replace these with and the config has basically been copied and pasted to the 1532s with the only changes being that we're using the 5Ghz band instead of the 2.4Ghz band.  Also, I'm not sure if I'm supposed to use both Gig interfaces or just the PoE-In interface since I have it connected to the power injector.  I had the cable run from the injector to the switch checked and no problems there.  I did notice that when I connect the bridge to the switch, after about 5 seconds, the link light comes on and then goes off.  I checked to ensure that both the switch port and bridge are matching on speed/duplex.  Any other ideas or suggestions???

Thanks,

Terence

117
Views
0
Helpful
2
Replies
CreatePlease login to create content