07-01-2013 02:54 AM - edited 07-04-2021 12:19 AM
Hi.
I am helping a customer with setting up multiple SSIDs on their wireless APs. I have created two SSIDs which use different VLANs. There is also a third VLAN for management. Everything works fine when connected to a trunk port on a Cisco switch. The customer, however, has HP switches, and I am not getting the trunk port to work there. Do you know if I need to configure anything different on the AP when using an HP switch?
AP conf:
hostname wpa-test
!
enable secret xxxxxx
!
aaa new-model
!
!
aaa group server radius rad_eap
server x.x.x.x auth-port 1645 acct-port 1646
!
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
!
aaa session-id common
!
!
!
dot11 ssid Personal
vlan 4
authentication open eap eap_methods
authentication key-management wpa
guest-mode
mbssid guest-mode dtim-period 75
!
dot11 ssid Public
vlan 3
authentication open
mbssid guest-mode dtim-period 75
!
dot11 aaa csid ietf
!
!
username Cisco password xxxxxxxx
!
bridge irb
!
!
interface Dot11Radio0
no shutdown
no ip address
no ip route-cache
!
encryption vlan 4 mode ciphers tkip
!
encryption mode ciphers tkip
!
ssid Personal
!
ssid Public
!
mbssid
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
bridge-group 4 spanning-disabled
!
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 12 in
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
no bridge-group 4 source-learning
bridge-group 4 spanning-disabled
!
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface BVI1
ip address x.x.x.x 255.255.255.0
no ip route-cache
!
ip default-gateway x.x.x.x
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key xxxxxxxxxxxxx
radius-server key xxxxxxxxxxxx
radius-server vsa send accounting
bridge 1 route ip
!
!
wlccp wds aaa csid ietf
!
line con 0
line vty 0 4
!
end
HP switch conf
1# show running-config
Running configuration:
; J4903A Configuration Editor; Created on release #I.10.101
hostname "1"
time timezone 60
time daylight-time-rule Western-Europe
exit
ip default-gateway x.x.x.x
sntp server x.x.x.x
timesync sntp
sntp unicast
snmp-server community "nonono" Unrestricted
snmp-server community "public" Operator Unrestricted
vlan 1
name "DEFAULT_VLAN"
no ip address
no untagged 1-24
exit
vlan 2
name "HK"
untagged 1,5-24
ip address x.x.x.x 255.255.255.0
tagged 4
exit
vlan 3
name "Public"
untagged 2
tagged 4
exit
vlan 4
name "Personal"
untagged 3
tagged 4
exit
spanning-tree
password manager
Solved! Go to Solution.
07-01-2013 04:51 AM
Well the AP management should be untagged and should be defined as native on the AP.
Sent from Cisco Technical Support iPhone App
07-01-2013 04:38 AM
The AP is the same, which basically means that the only untagged vlan should be the management of the AP. The other vlans need to be tagged. I have had issues in the past with HP switches and I'm not an expert in those... I had to make sure that I defined the try k port vlan properly before it started working. I would ask around on the HP side of the house.
Sent from Cisco Technical Support iPhone App
07-01-2013 04:48 AM
Currently all VLANs are tagged, on both sides. I have asked on HP forums as well.
07-01-2013 04:51 AM
Well the AP management should be untagged and should be defined as native on the AP.
Sent from Cisco Technical Support iPhone App
07-01-2013 05:57 AM
Don't understand why, but it seems to work when the management VLAN is untagged/native.
07-01-2013 06:09 AM
This is the default and only way to configure autonomous access points. Management requires to be untagged. Glad you got it working.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-01-2013 06:11 AM
Here is a link sort of expalining it:
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: