Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Bug on 3560? Management VLAN

Hello

I have a 3560 switch and there is a WLAN AP connected.

Port is configured as below.

interface FastEthernet0/43

description * WLAN *

switchport trunk encapsulation dot1q

switchport trunk native vlan 5

switchport trunk allowed vlan 5,10,15

switchport mode trunk

Now I'm not able to ping the AP.

If I insert the command:

no switchport trunk native vlan 5

and then

switchport trunk native vlan 5

Then I'm able to ping.

If I disconnect the AP and connect again I have the same problem.

Is this a bug or do I have a wrong config?

Thanks for your help

6 REPLIES
New Member

Re: Bug on 3560? Management VLAN

It doesn't seem to be a bug. Normally thin APs should go into a access port ,not to trunk port. Could you please tell me the AP type and model ?

Purple

Re: Bug on 3560? Management VLAN

Please post the ap config.. Have seen any bug like that .

New Member

Re: Bug on 3560? Management VLAN

AP: Cisco 1242

Here is the config:

Current configuration : 3989 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap1

!

enable secret 5 12345

!

ip subnet-zero

no ip domain lookup

ip domain name domain.local

!

!

ip ssh version 2

no aaa new-model

!

dot11 ssid MA

vlan 10

authentication open

authentication key-management wpa

wpa-psk ascii 7 12345

!

dot11 ssid guest

vlan 15

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii 7 12345

!

power inline negotiation prestandard source

!

!

username wid privilege 15 password 7 12345

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 15 mode ciphers aes-ccm

!

encryption vlan 10 mode ciphers aes-ccm tkip

!

ssid MA

!

ssid guest

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.10

encapsulation dot1Q 10

no ip route-cache

no cdp enable

bridge-group 10

bridge-group 10 subscriber-loop-control

bridge-group 10 port-protected

bridge-group 10 block-unknown-source

no bridge-group 10 source-learning

no bridge-group 10 unicast-flooding

bridge-group 10 spanning-disabled

!

interface Dot11Radio0.15

encapsulation dot1Q 15

no ip route-cache

no cdp enable

bridge-group 15

bridge-group 15 subscriber-loop-control

bridge-group 15 port-protected

bridge-group 15 block-unknown-source

no bridge-group 15 source-learning

no bridge-group 15 unicast-flooding

bridge-group 15 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 15 mode ciphers aes-ccm

!

encryption vlan 10 mode ciphers aes-ccm tkip

!

ssid MA

!

ssid guest

!

no dfs band block

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

channel dfs

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.10

encapsulation dot1Q 10

no ip route-cache

no cdp enable

bridge-group 10

bridge-group 10 subscriber-loop-control

bridge-group 10 port-protected

bridge-group 10 block-unknown-source

no bridge-group 10 source-learning

no bridge-group 10 unicast-flooding

bridge-group 10 spanning-disabled

!

interface Dot11Radio1.15

encapsulation dot1Q 15

no ip route-cache

no cdp enable

bridge-group 15

bridge-group 15 subscriber-loop-control

bridge-group 15 port-protected

bridge-group 15 block-unknown-source

no bridge-group 15 source-learning

no bridge-group 15 unicast-flooding

bridge-group 15 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.5

encapsulation dot1Q 5 native

no ip route-cache

no cdp enable

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.10

encapsulation dot1Q 10

no ip route-cache

no cdp enable

bridge-group 10

no bridge-group 10 source-learning

bridge-group 10 spanning-disabled

!

interface FastEthernet0.15

encapsulation dot1Q 15

no ip route-cache

no cdp enable

bridge-group 15

no bridge-group 15 source-learning

bridge-group 15 spanning-disabled

!

interface BVI1

ip address 192.135.91.202 255.255.255.0

no ip route-cache

!

ip default-gateway 192.135.91.254

ip http server

ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

control-plane

!

bridge 1 route ip

!

!

alias exec c conf t

alias exec w cop run sta

alias exec v sh run

alias exec b sh ip int brie

alias exec a show dot11 associations

!

line con 0

line vty 0 4

login local

!

end

Bronze

Re: Bug on 3560? Management VLAN

Hi.

Weird. As I see it your config is fine. You have "encapsulation dot1Q 5 native" and "bridge-group 1" and the IP of the AP on BVI1 and it all corresponds fine with the native vlan 5 on the switchport, so it _should_ all be fine.

That said, I actually had a problem that looked like this at a customer. As they were preparing to convert from autonomous AP to lightweight we did not pursue the problem further so unfortunately I do not have a solution. I'd be pleased to learn a solution if anybody else has one.

HTH, Ingolf

New Member

Re: Bug on 3560? Management VLAN

Hi

Does may be a firmware update helps?

Yours sincerely

New Member

Re: Bug on 3560? Management VLAN

I did a firmware update and now my workaround with the no switchport.... doesn't work anymore.

So now I have no possibility to access the AP.

Looks like the configuration is not correct?

Yours sincerely

384
Views
0
Helpful
6
Replies
CreatePlease login to create content