[c-nsp] Access Point & 2 SSID's Trunked to Vlan's
Dan Letkeman
danletkeman at gmail.com
Tue Dec 18 16:00:54 EST 2007
Well I ran into my first problem. I tried to add an ssid to the ap, then
added a sub interface on f0 and on dot11radio0, and now it seems as if the
radio is not bridging the traffic correctly and the trunk is not working on
the switch.
Here is my config
Switch configuration:
interface FastEthernet0/1
switchport access vlan 500
switchport trunk native vlan 500
switchport trunk allowed vlan 160,200,500
switchport mode trunk
The trunk is only showing 200 in forwarding state. I need 160 and 500
forwarded.
AP configuration:
!
dot11 ssid blsd
vlan 500
authentication open
authentication shared
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 xxxxxxxxxx
!
dot11 ssid raec
vlan 160
authentication open
authentication shared
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 xxxxxxxxxx
!
dot11 network-map
power inline negotiation injector override
power inline negotiation prestandard source
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 500 mode ciphers aes-ccm
!
encryption vlan 160 mode ciphers aes-ccm
!
ssid blsd
!
ssid raec
!
mbssid
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.160
encapsulation dot1Q 160
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.500
encapsulation dot1Q 500
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface FastEthernet0.160
encapsulation dot1Q 160
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface FastEthernet0.500
encapsulation dot1Q 500
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface BVI1
ip address 192.168.50.151 255.255.255.0
no ip route-cache
!
bridge 1 route ip
!
I'm guessing there is something wrong with the bridge configuration.
Dan.
On Dec 17, 2007 9:22 PM, Tom Storey <tom at snnap.net> wrote:
> > Thanks Tom! Everything worked great. I have a couple of questions:
>
> Not a worry :-)
>
> >
> > If I copy this configuration to my other ap's in the building will a
> > client(notebook) automatically roam from ap to ap without getting
> > disconnected?
>
> That I am unsure of.
>
> > Do you have 802.11a clients or is the 802.11a radio used for something
> > else?
>
> I dont have any 11a clients just yet, only 11b.
>
> > How would I setup the AP so there is a minimum signal level that is
> > allowed? eg, if a user is outside the building and still connected that
> > it
> > won't work if the users device is say past -75db...
> >
>
> Transmit power of the interface can be adjusted using the "power local x"
> command, where x is the level of power to be run at. Best perform that on
> your APs and see what they offer.
>
> > Also, I accidentally ordered LWAPP's and I have converted them back to
> > autonomous ap's. Is there any difference between a converted one vs a
> > bought autonomous ap?
>
> They are exactly the same, the only difference is the software running on
> them.
>
> >
> > Thanks,
> > Dan.
> >
> > On Dec 5, 2007 6:23 PM, Tom Storey <tom at snnap.net> wrote:
> >
> >> > Hello,
> >> >
> >> > I'm new to using access points and what I would like to do is setup
> an
> >> > 1131ag with a trunk to a 2960 switch, then have two different ssid's
> >> which
> >> > would be mapped to two different vlan's on the 2960. Does anyone
> have
> >> an
> >> > example config for something like this?
> >> >
> >> > Thanks,
> >> > Dan.
> >>
> >> This is the config Im currently using between a 3524XL and 1242AG, the
> >> config should be fairly similar if not exactly the same for a 1131AG.
> >>
> >>
> >> Switch port:
> >>
> >> interface FastEthernet0/4
> >> description ** Trunk to Fa0 on ap1 **
> >> duplex full
> >> speed 100
> >> switchport trunk encapsulation dot1q
> >> switchport multi vlan 3,5
> >> switchport mode trunk
> >> !
> >>
> >>
> >> AP specifics:
> >>
> >> dot11 vlan-name open-vlan vlan 5
> >> dot11 vlan-name closed-vlan vlan 3
> >> !
> >> dot11 ssid open-wlan
> >> vlan open-vlan
> >> authentication open
> >> mbssid guest-mode
> >> !
> >> dot11 ssid closed-wlan
> >> vlan closed-vlan
> >> authentication open
> >> authentication key-management wpa
> >> mbssid guest-mode
> >> wpa-psk ascii xxxxxxxxxx
> >> !
> >> bridge irb
> >> !
> >> interface Dot11Radio0
> >> description ** 802.11b/g Radio **
> >> no ip address
> >> no ip route-cache
> >> load-interval 30
> >> !
> >> encryption vlan closed-vlan mode ciphers aes-ccm
> >> !
> >> ssid open-wlan
> >> !
> >> ssid closed-wlan
> >> !
> >> mbssid
> >> speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
> >> 36.0 48.0 54.0
> >> station-role root
> >> bridge-group 1
> >> bridge-group 1 block-unknown-source
> >> no bridge-group 1 source-learning
> >> no bridge-group 1 unicast-flooding
> >> bridge-group 1 spanning-disabled
> >> !
> >> interface Dot11Radio0.3
> >> encapsulation dot1Q 3
> >> no ip route-cache
> >> bridge-group 3
> >> bridge-group 3 subscriber-loop-control
> >> bridge-group 3 block-unknown-source
> >> no bridge-group 3 source-learning
> >> no bridge-group 3 unicast-flooding
> >> bridge-group 3 spanning-disabled
> >> !
> >> interface Dot11Radio0.5
> >> encapsulation dot1Q 5
> >> no ip route-cache
> >> bridge-group 5
> >> bridge-group 5 subscriber-loop-control
> >> bridge-group 5 block-unknown-source
> >> no bridge-group 5 source-learning
> >> no bridge-group 5 unicast-flooding
> >> bridge-group 5 spanning-disabled
> >> !
> >> interface Dot11Radio1
> >> description ** 802.11a Radio **
> >> no ip address
> >> no ip route-cache
> >> load-interval 30
> >> !
> >> encryption vlan closed-vlan mode ciphers aes-ccm
> >> !
> >> ssid open-wlan
> >> !
> >> ssid closed-wlan
> >> !
> >> no dfs band block
> >> mbssid
> >> speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
> >> channel dfs
> >> station-role root
> >> bridge-group 1
> >> bridge-group 1 block-unknown-source
> >> no bridge-group 1 source-learning
> >> no bridge-group 1 unicast-flooding
> >> bridge-group 1 spanning-disabled
> >> !
> >> interface Dot11Radio1.3
> >> encapsulation dot1Q 3
> >> no ip route-cache
> >> bridge-group 3
> >> bridge-group 3 subscriber-loop-control
> >> bridge-group 3 block-unknown-source
> >> no bridge-group 3 source-learning
> >> no bridge-group 3 unicast-flooding
> >> bridge-group 3 spanning-disabled
> >> !
> >> interface Dot11Radio1.5
> >> encapsulation dot1Q 5
> >> no ip route-cache
> >> bridge-group 5
> >> bridge-group 5 subscriber-loop-control
> >> bridge-group 5 block-unknown-source
> >> no bridge-group 5 source-learning
> >> no bridge-group 5 unicast-flooding
> >> bridge-group 5 spanning-disabled
> >> !
> >> interface FastEthernet0
> >> description ** Trunk to Fa0/4 on sw1 **
> >> no ip address
> >> no ip route-cache
> >> load-interval 30
> >> speed 100
> >> full-duplex
> >> bridge-group 1
> >> no bridge-group 1 source-learning
> >> bridge-group 1 spanning-disabled
> >> hold-queue 160 in
> >> !
> >> interface FastEthernet0.3
> >> encapsulation dot1Q 3
> >> no ip route-cache
> >> bridge-group 3
> >> no bridge-group 3 source-learning
> >> bridge-group 3 spanning-disabled
> >> !
> >> interface FastEthernet0.5
> >> encapsulation dot1Q 5
> >> no ip route-cache
> >> bridge-group 5
> >> no bridge-group 5 source-learning
> >> bridge-group 5 spanning-disabled
> >> !
> >> interface BVI1
> >> description ** Management Interface **
> >> ip address 172.25.84.8 255.255.255.240
> >> no ip route-cache
> >> !
> >> bridge 1 route ip
> >> !
> >>
> >>
> >
>
>
More information about the cisco-nsp
mailing list