[c-nsp] 1130 AP + 3750 VLAN problems
ChrisSerafin
chris at chrisserafin.com
Mon Apr 23 20:37:30 EDT 2007
I'm trying to set up 1130 APs connected to a 3750 L3 switch. I set up 3
SSIDs : test,
internal and guest. For some reason, I can't access the APs when the
port is configured for trunking. I did the same on a 3560 switch with 2
SSIDs last week, and I'm getting
very different results.
Test: 10.10.10.x Native VLAN 1
Internal: 192.168.10.x VLAN 203
Guest : 192.168.100.x VLAN 202
I connect to the AP fine, but when I connect to 'internal' SSID, I can
only communicate
if my IP is on the 192.168.10.x range, even though the 'test'VLAN is set
to a different
subnet.
The switch port configs:
interface GigabitEthernet1/0/7 ! ---I can access the AP
switchport access vlan 203
!
interface GigabitEthernet1/0/8 ! ---no communication---
switchport trunk encapsulation dot1q
switchport mode trunk
The AP config:
The AP config:
dot11 vlan-name Client_VLAN vlan 201
dot11 vlan-name Guest_Internet_VLAN vlan 202
dot11 vlan-name Internal_VLAN vlan 1
dot11 vlan-name Printer_VLAN vlan 200
dot11 vlan-name Private_WIFI_VLAN vlan 203
!
dot11 ssid 230Guest
vlan 202
authentication open
authentication key-management wpa
wpa-psk ascii 7 14071Dx3E213B27
!
dot11 ssid internal
vlan 203
authentication open
authentication key-management wpa
wpa-psk ascii 7 090D7E06x03525E526B
dot11 ssid Test
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 1148290x5D5D787D65
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 203 mode ciphers tkip
!
encryption vlan 202 mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers tkip
!
ssid 230Guest
!
ssid internal
!
ssid Test
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
bridge-group 200 spanning-disabled
interface Dot11Radio0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
bridge-group 201 subscriber-loop-control
bridge-group 201 block-unknown-source
no bridge-group 201 source-learning
no bridge-group 201 unicast-flooding
bridge-group 201 spanning-disabled
!
interface Dot11Radio0.202
encapsulation dot1Q 202
no ip route-cache
bridge-group 202
bridge-group 202 subscriber-loop-control
bridge-group 202 block-unknown-source
no bridge-group 202 source-learning
no bridge-group 202 unicast-flooding
bridge-group 202 spanning-disabled
!
interface Dot11Radio0.203
encapsulation dot1Q 203
no ip route-cache
bridge-group 203
bridge-group 203 subscriber-loop-control
bridge-group 203 block-unknown-source
no bridge-group 203 source-learning
no bridge-group 203 unicast-flooding
bridge-group 203 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
no bridge-group 200 source-learning
bridge-group 200 spanning-disabled
!
interface FastEthernet0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
no bridge-group 201 source-learning
bridge-group 201 spanning-disabled
!
interface FastEthernet0.202
encapsulation dot1Q 202
no ip route-cache
bridge-group 202
no bridge-group 202 source-learning
bridge-group 202 spanning-disabled
!
interface FastEthernet0.203
encapsulation dot1Q 203
no ip route-cache
bridge-group 203
no bridge-group 203 source-learning
bridge-group 203 spanning-disabled
!
interface BVI1
ip address 192.168.10.107 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.10.4<-----L3 switch 3750
bridge 1 route ip
I'm stuck, I have no idea what I'm doing wrong, PLEASE HELP :)
Chris Serafin
cserafin at rkon.com
chris at chrisserafin.com
More information about the cisco-nsp
mailing list