Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3550 Switch and 1130 Access Point using Q-in-Q results in one-way traffic - why?

I have a standalone Cisco 1130 running 12.4(10b)JA3 configured like this (excluding the WPA2-Enterprise authentication stuff, which works fine):

dot11 ssid Maintenance-WORKSTATION2

   vlan 102

   authentication open eap EAP_WS02

   authentication network-eap EAP_WS02

   authentication key-management wpa version 2

interface Dot11Radio0

encryption vlan 102 mode ciphers aes-ccm

ssid Maintenance-WORKSTATION2

interface Dot11Radio0.102

encapsulation dot1Q 102

no ip route-cache

bridge-group 102

bridge-group 102 subscriber-loop-control

bridge-group 102 block-unknown-source

no bridge-group 102 source-learning

no bridge-group 102 unicast-flooding

bridge-group 102 spanning-disabled

interface FastEthernet0.102

encapsulation dot1Q 802 second-dot1q 220

no ip route-cache

bridge-group 102

no bridge-group 102 source-learning

bridge-group 102 spanning-disabled

interface BVI102

no ip address

no ip route-cache

FastEthernet0 on the 1130 is connected to a 3550 switch on port fa0/46...

system mtu 1504

interface FastEthernet0/46

switchport trunk encapsulation dot1q

switchport trunk native vlan 40

switchport trunk allowed vlan 40,801-813

switchport mode trunk

...and I have a Linux server port eth0 attached to this same 3550 on port fa0/2:

interface FastEthernet0/2

switchport access vlan 802

switchport mode dot1q-tunnel

no cdp enable

spanning-tree portfast

end

The Linux server has these interfaces:

eth0: 10.128.1.19/29

eth0.220: 172.20.30.1/24 

I can authenticate a laptop to SSID Maintenance-WORKSTATION2 with no problem.  The laptop has static IP address 172.20.30.201/24.  I cannot ping 172.20.30.1 from the laptop.  Wireshark on the laptop shows ARP requests for 172.20.30.1 going out, but no replies.  When I attempt to ping 172.20.30.201 from the Linux server, I see the ARPs go out eth0.220 through the switch and AP and arrive at the laptop, and the laptop replies with an ARP response, but the response does not reach the Linux server.  So, traffic seems to flow in only one direction.  Why would this be?

Thanks and regards,

Steve

Everyone's tags (4)
133
Views
0
Helpful
0
Replies