Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

SSID Connection Problems with multiple VLANs

Hello all,

I'm having a bit of a problem getting a device to associate to an access point and grab an IP via DHCP on a particular SSID. This access point has two VLANs, with two different SSIDs configured. Enclosed is the configuration. For some reason I cannot connect to SSID 2 on my wireless device, but SSID works just fine. I see the authentication go through the log, so I know that the pre-shared key is correct, but it can't grab an IP (which makes me think I have a problem in the bridge group). Any thoughts?

Also, I have tried both a trunk port and an access port on the switch that is connected to the access point. With both, I can connect and grab an IP from VLAN 20 (SSID 1), but not VLAN 10 (SSID 2).

dot11 ssid 1

vlan 20

authentication open

authentication key-management wpa

wpa-psk ascii "key"

!

dot11 ssid 2

vlan 10

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii "key"

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

encryption vlan 20 mode ciphers tkip

!

encryption vlan 10 mode ciphers tkip

!

ssid 1

!

ssid 2

!

antenna transmit right

antenna receive right

station-role root

bridge-group 1

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.10

encapsulation dot1Q 10

no ip route-cache

bridge-group 10

bridge-group 10 subscriber-loop-control

bridge-group 10 block-unknown-source

no bridge-group 10 source-learning

no bridge-group 10 unicast-flooding

bridge-group 10 spanning-disabled

!

interface Dot11Radio0.20

encapsulation dot1Q 20

no ip route-cache

bridge-group 20

bridge-group 20 subscriber-loop-control

bridge-group 20 block-unknown-source

no bridge-group 20 source-learning

no bridge-group 20 unicast-flooding

bridge-group 20 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.10

encapsulation dot1Q 10 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.20

encapsulation dot1Q 20

no ip route-cache

bridge-group 20

no bridge-group 20 source-learning

bridge-group 20 spanning-disabled

!

interface BVI1

ip address 192.168.0.210 255.255.255.0

no ip route-cache

ip default-gateway 192.168.0.1

bridge 1 route ip

Thanks for your help!

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: SSID Connection Problems with multiple VLANs

Your bridge-groups are not lining up. You have VLAN 10 mapped to bridge-group 1 on the FastEthernet interface but mapped to bridge-group 10 on the radio. Just remove bridge-group 1 from the main radio interface and apply it to the dot0.10 subinterface.

2 REPLIES
Gold

Re: SSID Connection Problems with multiple VLANs

Your bridge-groups are not lining up. You have VLAN 10 mapped to bridge-group 1 on the FastEthernet interface but mapped to bridge-group 10 on the radio. Just remove bridge-group 1 from the main radio interface and apply it to the dot0.10 subinterface.

New Member

Re: SSID Connection Problems with multiple VLANs

That did it.

Thanks for your help.

It's funny because they did originally line up. Bridge-group 1 was on the main interface and the radio interface, with 10 on vlan 10 and 20 on vlan 20. But when I set the 0.10 subinterface to native it must have trumped the #1 bridge-group and I didn't realize it.

I was held up on this originally because I couldn't remove bridge-group 1 from the start, but now I can connect on both SSIDs and grab DHCP IPs from the different subnets. Thanks again.

257
Views
0
Helpful
2
Replies
CreatePlease to create content