[c-nsp] BVI Configuration on 1600 Access Points

Wed Aug 26 15:14:18 EDT 2015

Hi Emille,

thanks for your input! 

I tried your suggestions before writing to the list, but unfortunately the
AP does not allow this configuration. The reason is that the physical
Interface GigabitEthernet0 belongs (in the default configuration) to
bridge-group 1 and I can't put the subinterface in the same bridge-group
(which make sense). Trying to move the physical interface to a different
bridge-group is not allowed.

(config-if)#int g0
(config-if)#no bridge-group 1
%command not allowed, cannot remove bridge-group 1

and just configuring another brdige-group is also not possible:

ap7(config)#int g0
ap7(config-if)#bridge-group 150

Interface already configured within Bridge Group 1.

I am really scratching my head as I have a couple of 1242 APs where your
suggested configuration (moving the mgmt interface to bridge-group 1 and use
bvi1) works without a problem.

Any hints are appreciated. 

Thanks,
Christopher

-----Original Message-----
From: Emille Blanc [mailto:emille at abccomm.com] 
Sent: Mittwoch, 26. August 2015 20:27
To: Christopher Werny <cwerny at ernw.de>; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] BVI Configuration on 1600 Access Points

In my experience, 'bridge foo route ip' on BVI's other than bridge '1', 
is broken on all Aironet products that have come across my desk, since 
the 1200 series.
Moving bridge-group 1 to the VLAN you wish to use for management - 
though goofy to look at - works.
This comes with the caveat of your management VLAN having to be dot1q 
native on your subinterfaces.

Eg;
interface GigabitEthernet0.232
  encapsulation dot1Q 232 native
  no ip proxy-arp
  no ip route-cache
  no cdp enable
  bridge-group 1
  bridge-group 1 spanning-disabled
  no bridge-group 1 source-learning

interface BVI1
  ip address 172.30.99.207 255.255.255.0
  no ip proxy-arp
  no ip route-cache
  no keepalive

bridge 1 route ip

In attempts to work this out, I always run into issues with CEF dropping 
traffic citing "wrong cable, interface BVIfoo"
Removing the old BVI once configured, still leaves some stale oddness in 
CEF which has required a reboot to clean up.

If you find another way around this, I'd be interested to hear it!

-----Original Message-----
 From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of 
Christopher Werny
Sent: August-26-15 9:39 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] BVI Configuration on 1600 Access Points

Good Evening,

I am currently in the process of setting up three new (autonomous) 
access
points for our office and running into an issue with the configuration 
of
the BVI interface.

What I want to achieve is creating a BVI Interface in separate VLAN (our
Management VLAN 232 in this specific case) so that the AP is tagging all
packets with the respective VLAN 232. However, after doing the 
configuration
the AP is not reachable on the configured IP address. The AP is 
connected to
a 2960 switch and the port configured as trunk. As soon as I configure 
the
native vlan to 232 on the trunk port the management IP of the AP becomes
reachable. This indicates that the AP is not tagging the packets at all.

The access points are running:

Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.2(2)JB2,
RELEASE SOFTWARE (fc1)

Relevant config snippets below:

interface GigabitEthernet0.232
  encapsulation dot1Q 232
  no ip proxy-arp
  no ip route-cache
  no cdp enable
  bridge-group 232
  bridge-group 232 spanning-disabled
  no bridge-group 232 source-learning

interface BVI232
  ip address 172.30.99.207 255.255.255.0
  no ip proxy-arp
  no ip route-cache
  no keepalive

bridge 232 route ip

So, what am I missing?  It might be something completely trivial, and 
feel
free to slap me if this is the case ;)

Thanks for your time!

Best,
Christopher

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/