1130 AP + VLANs + 3750-L3 = no VLAN communication :(

by **cisco80211** » Mon Apr 23, 2007 1:16 pm

I'm trying to set up 1130 APs connected to a 3750 L3 switch. I set up 3 SSIDs : test,

internal and guest. For some reason, I can't access the APs when the port is configured

for trunking. I did the same on a 3560 switch with 2 SSIDs last week, and I'm getting

very different results.

Test: 10.10.10.x Native VLAN 1
Internal: 192.168.10.x VLAN 203
Guest : 192.168.100.x VLAN 202

I connect to the AP fine, but when I connect to 'internal' SSID, I can only communicate

if my IP is on the 192.168.10.x range, even though the 'test'VLAN is set to a different

subnet.

The switch port configs:

interface GigabitEthernet1/0/7 ! ---I can access the AP
switchport access vlan 203
!
interface GigabitEthernet1/0/8 ! ---no communication---
switchport trunk encapsulation dot1q
switchport mode trunk

The AP config:

The AP config:
dot11 vlan-name Client_VLAN vlan 201
dot11 vlan-name Guest_Internet_VLAN vlan 202
dot11 vlan-name Internal_VLAN vlan 1
dot11 vlan-name Printer_VLAN vlan 200
dot11 vlan-name Private_WIFI_VLAN vlan 203
!
dot11 ssid 230Guest
vlan 202
authentication open
authentication key-management wpa
wpa-psk ascii 7 14071D6E213B27

dot11 ssid internal
vlan 203
authentication open
authentication key-management wpa
wpa-psk ascii 7 090D7E060E25E526B
dot11 ssid Test
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 1148290A19587D65
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 203 mode ciphers tkip
!
encryption vlan 202 mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers tkip
!
ssid 230Guest
!
ssid internal
!
ssid Test
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
bridge-group 200 spanning-disabled
interface Dot11Radio0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
bridge-group 201 subscriber-loop-control
bridge-group 201 block-unknown-source
no bridge-group 201 source-learning
no bridge-group 201 unicast-flooding
bridge-group 201 spanning-disabled
!
interface Dot11Radio0.202
encapsulation dot1Q 202
no ip route-cache
bridge-group 202
bridge-group 202 subscriber-loop-control
bridge-group 202 block-unknown-source
no bridge-group 202 source-learning
no bridge-group 202 unicast-flooding
bridge-group 202 spanning-disabled
!
interface Dot11Radio0.203
encapsulation dot1Q 203
no ip route-cache
bridge-group 203
bridge-group 203 subscriber-loop-control
bridge-group 203 block-unknown-source
no bridge-group 203 source-learning
no bridge-group 203 unicast-flooding
bridge-group 203 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
dfs band 3 block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled

interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
no bridge-group 200 source-learning
bridge-group 200 spanning-disabled
!
interface FastEthernet0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
no bridge-group 201 source-learning
bridge-group 201 spanning-disabled
!
interface FastEthernet0.202
encapsulation dot1Q 202
no ip route-cache
bridge-group 202
no bridge-group 202 source-learning
bridge-group 202 spanning-disabled
!
interface FastEthernet0.203
encapsulation dot1Q 203
no ip route-cache
bridge-group 203
no bridge-group 203 source-learning
bridge-group 203 spanning-disabled
!
interface BVI1
ip address 192.168.10.107 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.10.4<-----L3 switch 3750

bridge 1 route ip

I'm stuck, I have no idea what I'm doing wrong, PLEASE HELP

Chris Serafin
cserafin@rkon.com
chris@chrisserafin.com

by **chicagotech** » Mon Apr 23, 2007 9:16 pm

Can you ping the swicth from the AP? Also have check this page?

Cisco configuration samplesCisco Router and Firewall Configuration Samples. Sample of ASA VPN, Site to Site VPN and Webvpn. Sample of Cisco PIX 515E Configuration ...
http://www.howtonetworking.com/cisco/configsamples.htm

by **cisco80211** » Tue Apr 24, 2007 9:20 am

When the switch port is trunked, I cannot ping the AP or access it. I have compared configs all over the 'net and everyone says i'm doing it right..... This sucks

thoughts?

Chris Serafin
cserafin@rkon.com

by **chicagotech** » Wed Apr 25, 2007 3:10 pm

What do I want is ping from the AP. I just post anotehr case for yourt review.

Can't ping Ap with "Unrecognized host or address"
http://www.chicagotech.net/netforums/vi ... .php?t=703

by **cisco80211** » Wed May 02, 2007 8:12 pm

RESOLVED: The native VLAN needed to be changed on the switchports utilized by the APs

by **chicagotech** » Thu May 03, 2007 12:04 am

Thank you for the update.

	Home \| Site Map \| Cisco How To \| Net How To \| Wireless \|Search \| Forums \| Services \| Donations \| Careers \| About Us \| Contact Us\|

1130 AP + VLANs + 3750-L3 = no VLAN communication :(

1130 AP + VLANs + 3750-L3 = no VLAN communication :(

Who is online