09-04-2013 08:22 AM - edited 07-04-2021 12:45 AM
Hi!
At a customers site we (I) setup a "WLAN-bridge"as a backup-link/redundancy för a fiber-connection between the main office and the wharehouse, a distance of approximately 500 meters.
The bridge consists of two AP1240BG and external panel antennas and the customer wants to bridge 16 VLANS across the air in case of a broken fiber.
When we had installed the link and tested it, by disconnecting the fiber (Gi0/1) and connecting the Bridge-AP (Fa0/14) to the switch in the wharehouse we got problems. The switch in the wharehouse reported host flappimg between ports in several VLANs. Also The clients on the APs in wharehouse and the wired clients started to lose connections to the services/applications in the main office.
The idea is that it works like this: ..... Under normal condistions the fiber is the primary "traffic-channel", in this case the two ports connecting the "Bridge-APs" at the two buidings are in "shutdown"! If the fiber breaks it will be disconnected at the core-switch and the two ports connecitn the "Bridge-APs" will manually be brought to "NO shutdown" to enable traffic to use the backup WLAN-link.
I attach a picture of the setup and the config of the two bridges and the config of the two ports connecting the bridge-APs and a snippet of the error log
QUESTION: What have I done wrong???.... I hope I have explained the problem and setup properly ....
Best Regards
Göran
Configuration of "Bridge-1":
===============
SE01NBR1#sh ru
Building configuration...
Current configuration : 5800 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SE01NBR1
!
logging rate-limit console 9
enable secret ??????????????????????
!
no aaa new-model
clock timezone +0100 1
!
!
dot11 syslog
dot11 vlan-name Mgmnt vlan 100
dot11 vlan-name PSN vlan 200
!
dot11 ssid WLAN-BRIDGE
vlan 100
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii ???????????????????
!
power inline negotiation prestandard source
!
!
username Cisco password 7 01300F175804
username admin password 7 003033140F5E1F12
username tdc password 7 090F1F471A0A1A
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
encryption vlan 100 mode ciphers tkip
!
encryption vlan 200 mode ciphers tkip
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 6 mode ciphers tkip
!
encryption vlan 8 mode ciphers tkip
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 12 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
encryption vlan 24 mode ciphers tkip
!
encryption vlan 101 mode ciphers tkip
!
encryption vlan 150 mode ciphers tkip
!
encryption vlan 204 mode ciphers tkip
!
encryption vlan 211 mode ciphers tkip
!
encryption vlan 216 mode ciphers tkip
!
encryption vlan 603 mode ciphers tkip
!
ssid WLAN-BRIDGE
!
antenna transmit right-a
antenna receive right-a
antenna gain 3
channel 2437
station-role root bridge
!
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.8
encapsulation dot1Q 8
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.24
encapsulation dot1Q 24
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.204
encapsulation dot1Q 204
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.211
encapsulation dot1Q 211
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.216
encapsulation dot1Q 216
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.603
encapsulation dot1Q 603
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.8
encapsulation dot1Q 8
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.24
encapsulation dot1Q 24
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.204
encapsulation dot1Q 204
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.211
encapsulation dot1Q 211
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.216
encapsulation dot1Q 216
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface FastEthernet0.603
encapsulation dot1Q 603
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
!
interface BVI1
ip address 10.32.16.23 255.255.255.0
no ip route-cache
!
ip default-gateway 10.32.16.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
snmp-server community hund RO
bridge 1 protocol ieee
bridge 1 route ip
bridge 3 protocol ieee
!
!
banner motd ^CCThis access point should receive vlan 100 untagged for management purposes^C
!
line con 0
logging synchronous
login local
line vty 0 4
login local
!
end
SE01NBR1#
Connecting port in "Switch-1:
=====================
interface FastEthernet0/15
description Wireless bridge to warehouse.
switchport trunk native vlan 100
switchport mode trunk
Configuration of "Bridge-2":
====================
SE01NBR2#sh ru
Building configuration...
Current configuration : 7557 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SE01NBR2
!
logging rate-limit console 9
enable secret ???????????????????????
!
no aaa new-model
clock timezone +0100 1
!
!
dot11 syslog
dot11 vlan-name Mgmnt vlan 100
dot11 vlan-name PSN vlan 200
!
dot11 ssid WLAN-BRIDGE
vlan 100
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii ???????????????????????
!
power inline negotiation prestandard source
!
!
username Cisco password 7 096F471A1A0A
username admin password 7 09786E1B12000306
username tdc password 7 0150574A58040B
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers tkip
!
encryption vlan 100 mode ciphers tkip
!
encryption vlan 200 mode ciphers tkip
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 6 mode ciphers tkip
!
encryption vlan 8 mode ciphers tkip
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 12 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
encryption vlan 24 mode ciphers tkip
!
encryption vlan 101 mode ciphers tkip
!
encryption vlan 150 mode ciphers tkip
!
encryption vlan 204 mode ciphers tkip
!
encryption vlan 211 mode ciphers tkip
!
encryption vlan 216 mode ciphers tkip
!
encryption vlan 603 mode ciphers tkip
!
ssid WLAN-BRIDGE
!
antenna transmit right-a
antenna receive right-a
antenna gain 3
station-role non-root bridge
!
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.8
encapsulation dot1Q 8
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.24
encapsulation dot1Q 24
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.204
encapsulation dot1Q 204
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.211
encapsulation dot1Q 211
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.216
encapsulation dot1Q 216
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.603
encapsulation dot1Q 603
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.8
encapsulation dot1Q 8
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.12
encapsulation dot1Q 12
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.24
encapsulation dot1Q 24
no ip route-cache
bridge-group 3
!
interface FastEthernet0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 3
!
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.204
encapsulation dot1Q 204
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.211
encapsulation dot1Q 211
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.216
encapsulation dot1Q 216
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface FastEthernet0.603
encapsulation dot1Q 603
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
!
interface BVI1
ip address 10.32.16.24 255.255.255.0
no ip route-cache
!
ip default-gateway 10.32.16.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
snmp-server community hund RO
bridge 1 protocol ieee
bridge 1 route ip
bridge 3 protocol ieee
!
!
banner motd ^CThis access point should receive vlan 100 untagged for management purposes^C
!
line con 0
logging synchronous
login local
line vty 0 4
logging synchronous
login local
transport input telnet
!
end
SE01NBR2#
Connecting port in "Switch-2:
=====================
interface FastEthernet0/14
description Wireless bridge to office building.
switchport trunk native vlan 100
switchport trunk allowed vlan 1,6,8,10,12,20,24,100,101,150,200,204,211,216
switchport trunk allowed vlan add 603
switchport mode trunk
Error messages in "Switch-2":
======================
se01nlg2#
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.267f in vlan 10 is flapping between port F a0/14 and port Gi0/1
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.267f in vlan 12 is flapping between port F a0/14 and port Gi0/1
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.267f in vlan 6 is flapping between port Gi 0/1 and port Fa0/14
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.267f in vlan 1 is flapping between port Gi 0/1 and port Fa0/14
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.709c.3b0d in vlan 8
se01nlg2#is flapping between port Gi0/1 and port Fa0/14
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.267f in vlan 8 is flapping between port Gi 0/1 and port Fa0/14
se01nlg2#
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.709c.3b0d in vlan 20 is flapping between port F a0/14 and port Gi0/1
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.2abf in vlan 211 is flapping between port Gi0/1 and port Fa0/14
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.2abf in vlan 603 is flapping between port Gi0/1 and port Fa0/14
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.2abf in vlan 8 is flapping between port Gi 0/1 and port Fa0/14
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.7080.6889 in vlan
se01nlg2# 20 is flapping between port Fa0/14 and port Gi0/1
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.7080.6889 in vlan 8 is flapping between port Gi 0/1 and port Fa0/14
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.2abf in vlan 10 is flapping between port G i0/1 and port Fa0/14
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.2abf in vlan 12 is flapping between port F a0/14 and port Gi0/1
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.2abf in vlan 1 is flapping between port Gi 0/1 and port Fa0/14
4d01h: %SW_MA
se01nlg2#TM-4-MACFLAP_NOTIF: Host 649e.f363.2abf in vlan 6 is flapping between port Gi0/1 and port Fa0/14
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.2abf in vlan 216 is flapping between port Gi0/1 and port Fa0/14
se01nlg2#
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.2abf in vlan 101 is flapping between port Gi0/1 and port Fa0/14
se01nlg2#
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 00a0.f865.b529 in vlan 20 is flapping between port F a0/14 and port Gi0/1
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 00a0.f865.b529 in vlan 8 is flapping between port Gi 0/1 and port Fa0/14
se01nlg2#
4d01h: %SW_MATM-4-MACFLAP_NOTIF: Host 649e.f363.267f in vlan 211 is flapping between port Gi0/1 and port Fa0/14
09-04-2013 09:19 AM
You have all the vlan you are sending across the link dumped into one bridge-group.
Each radio sub interface needs to be linked to a unique wired interface.
Fixing that, it should work.
Steve
Sent from Cisco Technical Support iPhone App
09-04-2013 11:18 PM
Hmm... that was one of my concerns but the doc's I found didn't convince me which way to go. So with a 50/50 chance.....
I will make the adjustments and try again...
Oh, by the way.... There are no limitations to the numbering of Bridge-groups?... I mean; Can I use the numbering scheme of radio0.123 -> eth 0.123 -> bridge-group 123??...
Best Regards
Göran
Edit. .....
Oh!!... As you see the VLAN/IP-adress of the BVI1-interface is VLAN 100... Will cause any troubles? With CDP, VTP or something else...?? Should I try to move this to VLAN 1??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide