[c-nsp] Aironet 1230 and multiple VLANs

Reuben Farrelly reuben-cisco-nsp at reub.net
Wed Jun 8 04:52:55 EDT 2005 

Hi Peter,

Peter Hicks wrote, On 8/06/2005 8:38 p.m.:
> Hello
> 
> When running multiple VLANs to an Aironet AP, where do I set the IP address?

On the BVI interface.

> I've used Fa0.8 (management VLAN) but I have periodic errors in the log:
> 
>   Jun  8 08:29:57.966: %IP_SNMP-3-SOCKET: can't open UDP socket
>   Jun  8 08:29:57.966: Unable to open socket on port 161
> 
> Is the FastEthernet sub-interface the right one to set an address on? 
> Should I be setting an address on the BVI interface instead?

Yes.  Remove all IP addresses not on the BVI interface, my understanding is 
that they are not supported and arguably not neccesary either since you should 
be having the sub Dot interface and FastEthernet interface in the same bridge 
group(s).  As the thing doesn't route (it only bridges), it doesn't need an IP 
address for anything other than management via the BVI1.

Don't bridge your management VLAN through to a Dot sub interface - unless you 
want to be able to manage the devices via the radio.  Generally this is a bad 
idea for security reasons.

Seems that you could almost get away with IP addresses on the FastEthernet 
subs earlier, but latest versions of IOS for these devices grok on it and 
you'll get that message you are seeing.

Two other gotchas for these devices:

1. Your BVI1 must have the management IP address and must be on your 
native/untagged VLAN.  The device expects that to be VLAN1.  If however, your 
management VLAN on the network is vlan 8, then set the native VLAN on the 
switch port feeding this device to be vlan 8, so that VLAN8/management traffic 
is untagged and therefore on the same layer 2 network as BVI1.

2. You can only have 1 BVI1, or rather, only one is supported.  I think it 
allows you to set more than one up, but you're not supposed to do this.

They are two slightly annoying gotchas which trick young players, especially 
if like me the first time I configured one, you had an expectation that 
because it's IOS it must be easy to configure and that if it lets you do 
things then they must be supported or at least semi-useful........

Reuben

More information about the cisco-nsp mailing list