Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Aironet 1140G Gateway issues

Hallo Community!!!

I have a problem with my Aironet 1140G (autonomous).

1. i cannot ping the bvi1 interface ip (172.20.200.5)

2. the aironet doesnot use the default gateway

I would like to check the system status via snmp, the snmp server is in another subnet  (aironet ip: 172.20.200.6; snmpserver: 192.168.5.5) The snmp server cannot ping the Aironet. There are no acl on the way. The snmp server can ping a client (172.20.200.151).

Where is the problem can anybody help me?

My configuration:

hostname XXXXXXXXXXXXXXXX

!

logging console notifications

enable secret 5 $1XXXXXXXXXXXXXXXOK/

!

aaa new-model

!

!

aaa group server radius ADAUTH

server-private 192.168.XXX24 auth-port 1645 acct-port 1646 key 7 00XXXXXXXXXXXXXXX5E

server 192.168XXXX.24 auth-port 1645 acct-port 1646

!

aaa authentication login default local

!

aaa session-id common

clock timezone +0100 1

ip domain name XXXXXXXXXXXXX

ip name-server 192.168.5.11

ip name-server 192.168.5.10

!

!

dot11 syslog

!

dot11 ssid XXXXXXXXXXXXX

   vlan 993

   authentication open

   authentication key-management wpa version 2

   guest-mode

   mbssid guest-mode

   wpa-psk ascii 7 1XXXXXXXXXXXXXXXXXXXX9

!

dot11 ssid systemsXXX

   vlan 1220

   authentication open

   authentication key-management wpa version 2

   wpa-psk ascii 7 1456250EXXXXXXXXXXXXXXXXXX19

!

dot11 ssid systems.XXx

   vlan 1210

   authentication open

   authentication key-management wpa version 2

   wpa-psk ascii 7 145XXXXXXXXXXXXXXXXXXE12

!

dot11 ssid systemsXXXX

   vlan 1200

   authentication open

   authentication key-management wpa version 2

   wpa-psk ascii 7 0XXXXXXXXXXXXXXXXXXXXXXX72

!

dot11 ssid systeXXXX

   vlan 1230

   authentication open

   authentication key-management wpa version 2

   wpa-psk ascii 7 0247335E0705002C491C3A00160317061F4A27382769

!

dot11 network-map

!

crypto pki trustpoint TP-self-signed-38XXXX975

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-38XXXXX

revocation-check none

rsakeypair TP-self-signed-3850784975

!

!

crypto pki certificate chain TP-self-signed-385XXXX75

certificate self-signed 01

  3XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

quit

username Cisco password 7 09XXXXX

username admin privilege 15 password 7 XXXXXX

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 993 mode ciphers aes-ccm

!

encryption vlan 1200 mode ciphers aes-ccm

!

encryption vlan 1210 mode ciphers aes-ccm

!

encryption vlan 1220 mode ciphers aes-ccm

!

encryption vlan 1230 mode ciphers aes-ccm

!

ssid XXXXXXXXXXXXXXXXX

!

ssid systems.XX

!

ssid systems.XXX

!

ssid systems.XXXX

!

ssid systems.XXXXX

!

antenna gain 0

speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

power local 8

power client 8

packet retries 128 drop-packet

channel least-congested 2412 2437 2462

station-role root

no dot11 extension aironet

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.993

description fhbhotspot

encapsulation dot1Q 993

ip access-group XXXXXXXXXXX_acl in

no ip route-cache

bridge-group 7

bridge-group 7 subscriber-loop-control

bridge-group 7 block-unknown-source

no bridge-group 7 source-learning

no bridge-group 7 unicast-flooding

bridge-group 7 spanning-disabled

!

interface Dot11Radio0.1200

description systems.XXXX

encapsulation dot1Q 1200

no ip route-cache

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface Dot11Radio0.1210

description systems.XX

encapsulation dot1Q 1210

no ip route-cache

bridge-group 3

bridge-group 3 subscriber-loop-control

bridge-group 3 block-unknown-source

no bridge-group 3 source-learning

no bridge-group 3 unicast-flooding

bridge-group 3 spanning-disabled

!

interface Dot11Radio0.1220

description systems.XXX

encapsulation dot1Q 1220

no ip route-cache

bridge-group 4

bridge-group 4 subscriber-loop-control

bridge-group 4 block-unknown-source

no bridge-group 4 source-learning

no bridge-group 4 unicast-flooding

bridge-group 4 spanning-disabled

!

interface Dot11Radio0.1230

description systems.XXXX

encapsulation dot1Q 1230

ip access-group systems.XXXX_acl in

no ip route-cache

bridge-group 5

bridge-group 5 subscriber-loop-control

bridge-group 5 block-unknown-source

no bridge-group 5 source-learning

no bridge-group 5 unicast-flooding

bridge-group 5 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 993 mode ciphers aes-ccm

!

encryption vlan 1200 mode ciphers aes-ccm

!

encryption vlan 1210 mode ciphers aes-ccm

!

encryption vlan 1220 mode ciphers aes-ccm

!

encryption vlan 1230 mode ciphers aes-ccm

!

ssid XXXXXXXXXXXXXX

!

ssid systems.XXXX

!

ssid systems.XXXX

!

antenna gain 0

dfs band 1 2 block

speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

power local 8

power client 8

packet retries 128 drop-packet

channel dfs

station-role root

no dot11 extension aironet

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.993

encapsulation dot1Q 993

ip access-group fhbhotspot_acl in

no ip route-cache

bridge-group 7

bridge-group 7 subscriber-loop-control

bridge-group 7 block-unknown-source

no bridge-group 7 source-learning

no bridge-group 7 unicast-flooding

bridge-group 7 spanning-disabled

!

interface Dot11Radio1.1200

description systems.XXXXX

encapsulation dot1Q 1200

no ip route-cache

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface Dot11Radio1.1210

description systems.XXX

encapsulation dot1Q 1210

no ip route-cache

bridge-group 3

bridge-group 3 subscriber-loop-control

bridge-group 3 block-unknown-source

no bridge-group 3 source-learning

no bridge-group 3 unicast-flooding

bridge-group 3 spanning-disabled

!

interface Dot11Radio1.1220

description systems.XX

encapsulation dot1Q 1220

no ip route-cache

bridge-group 4

bridge-group 4 subscriber-loop-control

bridge-group 4 block-unknown-source

no bridge-group 4 source-learning

no bridge-group 4 unicast-flooding

bridge-group 4 spanning-disabled

!

interface Dot11Radio1.1230

description systems.XXXX

encapsulation dot1Q 1230

ip access-group systems.msc_acl in

no ip route-cache

no keepalive

bridge-group 5

bridge-group 5 subscriber-loop-control

bridge-group 5 block-unknown-source

no bridge-group 5 source-learning

no bridge-group 5 unicast-flooding

bridge-group 5 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex full

speed 100

no keepalive

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.993

encapsulation dot1Q 993

ip address 172.20.100.6 255.255.255.0

no ip route-cache

bridge-group 7

no bridge-group 7 source-learning

bridge-group 7 spanning-disabled

!

interface GigabitEthernet0.1200

encapsulation dot1Q 1200

ip address 172.20.200.6 255.255.255.0

no ip route-cache

bridge-group 2

no bridge-group 2 source-learning

bridge-group 2 spanning-disabled

!

interface GigabitEthernet0.1210

encapsulation dot1Q 1210

ip address 172.20.210.6 255.255.255.0

no ip route-cache

bridge-group 3

no bridge-group 3 source-learning

bridge-group 3 spanning-disabled

!

interface GigabitEthernet0.1220

encapsulation dot1Q 1220

ip address 172.20.220.6 255.255.255.0

no ip route-cache

bridge-group 4

no bridge-group 4 source-learning

bridge-group 4 spanning-disabled

!

interface GigabitEthernet0.1230

encapsulation dot1Q 1230

ip address 172.20.230.6 255.255.255.0

no ip route-cache

bridge-group 5

no bridge-group 5 source-learning

bridge-group 5 spanning-disabled

!

interface GigabitEthernet0.1255

encapsulation dot1Q 1255

ip address 172.20.255.6 255.255.255.0

no ip route-cache

bridge-group 6

no bridge-group 6 source-learning

bridge-group 6 spanning-disabled

!

interface BVI1

ip address 172.20.200.5 255.255.255.0

no ip route-cache

!

ip default-gateway 172.20.200.1

no ip http server

ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

!

ip access-list extended fXXXXXXXXXXXXt_acl

permit tcp 0.0.0.0 255.255.255.0 host 192.168.4.20 eq 443

permit udp any eq bootpc host 255.255.255.255 eq bootps

permit icmp 172.20.100.0 0.0.0.255 host 172.20.100.1 echo

permit tcp 172.20.100.0 0.0.0.255 host 192.168.4.17 eq 443

permit tcp 172.20.100.0 0.0.0.255 host 192.168.4.20 eq 443

permit tcp 172.20.100.0 0.0.0.255 host 192.168.5.10 eq domain

permit tcp 172.20.100.0 0.0.0.255 host 192.168.5.11 eq domain

permit udp 172.20.100.0 0.0.0.255 host 192.168.5.10 eq domain

permit udp 172.20.100.0 0.0.0.255 host 192.168.5.11 eq domain

deny   ip 172.20.100.0 0.0.0.255 10.0.0.0 0.255.255.255

deny   ip 172.20.100.0 0.0.0.255 172.16.0.0 0.15.255.255

deny   ip 172.20.100.0 0.0.0.255 192.168.0.0 0.0.255.255

permit ip 172.20.100.0 0.0.0.255 any

ip access-list extended systemsXXXXX_acl

permit udp any eq bootpc host 255.255.255.255 eq bootps

permit udp 172.20.230.0 0.0.0.255 eq bootpc host 192.168.5.11 eq bootps

permit icmp 172.20.230.0 0.0.0.255 host 172.20.230.1 echo

permit icmp 172.20.230.0 0.0.0.255 host 192.168.5.10 echo

permit icmp 172.20.230.0 0.0.0.255 host 192.168.5.11 echo

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq domain

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq domain

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq domain

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq domain

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 88

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 88

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 88

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 88

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq ntp

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq ntp

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 135

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 135

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq netbios-ns

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq netbios-ns

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq netbios-dgm

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq netbios-dgm

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 139

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 139

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 389

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 389

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 389

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 389

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 445

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 445

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 445

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 445

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 464

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 464

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 464

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 464

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 636

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 636

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 3268

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 3268

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 3269

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 3269

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 6201

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 6201

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 6202

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 6202

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 6203

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 6203

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 6204

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 6204

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.10 eq 9389

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.11 eq 9389

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.17 eq 8080

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.27 eq www

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.15 eq 445

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.16 eq 445

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.150 eq 135

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.151 eq 135

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.152 eq 135

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.153 eq 135

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.154 eq 135

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.155 eq 135

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.156 eq 135

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.157 eq 135

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.150 eq 443

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.151 eq 443

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.152 eq 443

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.153 eq 443

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.154 eq 443

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.155 eq 443

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.156 eq 443

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.157 eq 443

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.150 eq 60001 60002 60003

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.151 eq 60001 60002 60003

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.152 eq 60001 60002 60003

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.153 eq 60001 60002 60003

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.154 eq 60001 60002 60003

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.155 eq 60001 60002 60003

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.156 eq 60001 60002 60003

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.157 eq 60001 60002 60003

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.25 eq 135

permit udp 172.20.230.0 0.0.0.255 host 192.168.5.25 eq snmp

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.25 eq 445

permit tcp 172.20.230.0 0.0.0.255 host 192.168.5.25 eq 9100

deny   ip 172.20.230.0 0.0.0.255 10.0.0.0 0.255.255.255

deny   ip 172.20.230.0 0.0.0.255 172.16.0.0 0.15.255.255

deny   ip 172.20.230.0 0.0.0.255 192.168.0.0 0.0.255.255

permit ip 172.20.230.0 0.0.0.255 any

snmp-server community XXXXX RO

snmp-server location XXXXXX

snmp-server contact XXXXX

snmp-server chassis-id XXXXX

radius-server attribute 32 include-in-access-req

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

transport input ssh

!

sntp server 192.168.5.10

sntp broadcast client

end

Regards

Markus

Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

Aironet 1140G Gateway issues

Create an additional sub-interface for management & put it into bridge group 1 (which needs to be on native vlan) like below. Assuming 172.20.200.x is on vlan 200 (if not replace 200 in below config with correct vlan number belongs to that subnet)

On the AP do the following

int d0.200

en do 200 native

bridge-group 1

!

int g0.200

en do 200 native

bridge-group 1

On the switch port where you connected this AP make sure vlan 200 would be the native

interface gx/x

sw tr na vl 200

That should give you the reachability to your AP management IP which is configured under BVI.

HTH

Rasika

Aironet 1140G Gateway issues

The management interface of the autonomous APs can only be on the native VLAN.

If you don't have a native VLAN then the management of the AP is not possible through the network.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
6 REPLIES
Hall of Fame Super Gold

Aironet 1140G Gateway issues

Wrong forum, post in "Wireless". You can move your posting with the Actions panel on the right.

Aironet 1140G Gateway issues

Hello Mark,

You must use the default VLAN for management.

The BVI interface must belong to the default VLAN. Otherwise it will not work.

Assign one of the VLANs to be the native:

encapsulation dot1Q native

apply the above command to the sub-interface that represents the default VLAN in all interfaces (d0, d1 and Fa0).

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
VIP Purple

Aironet 1140G Gateway issues

Create an additional sub-interface for management & put it into bridge group 1 (which needs to be on native vlan) like below. Assuming 172.20.200.x is on vlan 200 (if not replace 200 in below config with correct vlan number belongs to that subnet)

On the AP do the following

int d0.200

en do 200 native

bridge-group 1

!

int g0.200

en do 200 native

bridge-group 1

On the switch port where you connected this AP make sure vlan 200 would be the native

interface gx/x

sw tr na vl 200

That should give you the reachability to your AP management IP which is configured under BVI.

HTH

Rasika

New Member

Re: Aironet 1140G Gateway issues

Hi @ all,

the aironet has a connection to the switch, on the trunkung is vlan 1 as native configured.

in our company must the native vlan as unused.

Aironet 1140G Gateway issues

The management interface of the autonomous APs can only be on the native VLAN.

If you don't have a native VLAN then the management of the AP is not possible through the network.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
New Member

Re: Aironet 1140G Gateway issues

Hi,

ok thank you, i will check it ....

352
Views
5
Helpful
6
Replies
CreatePlease to create content