«

I have the following setup and am having problems figuring out how to
tag VLAN traffic over it.

************************************************** ******
* Layer 2 switch with Vlan tagged ports *
************************************************** ******
*
*
*********************
* Root AP1200 *
*********************

*********************
* WGB 1200 *
*********************
*
*
************************************************** ******
* Layer 2 switch with Vlan Tagged ports *
************************************************** ******

The two access points and switches are all on the same vlan for
management. I can ping through all 4 so I know the bridge is up and
working. When i tag another vlan to the access points however I can't
ping a workstation on the bridged side. Do I have to define that vlan
on the APs?

It is supported to trunk VLANs thru a WGB link, but not well documented
or well exercised. I would recommend instead configuring the "Root AP1200"
as a "Root bridge" with clients" and the "WGB 1200" as a "nonroot bridge"
(i.e. using the link role flexibility feature in 12.3(7)JA2.)

This should give you the idea, sort of:

http://www.cisco.com/univercd/cc/td/...cg/o13vlan.htm

I.e. configure a FastEthernet0.blah subinterface on each end for each
VLAN. Note that the wireless link will NOT really use multiple SSIDs;
traffic for all VLANs will be carried via the one "native" SSID.

Regards,

Aaron

---


~ I have the following setup and am having problems figuring out how to
~ tag VLAN traffic over it.
~
~ ************************************************** ******
~ * Layer 2 switch with Vlan tagged ports *
~ ************************************************** ******
~ *
~ *
~ *********************
~ * Root AP1200 *
~ *********************
~
~ *********************
~ * WGB 1200 *
~ *********************
~ *
~ *
~ ************************************************** ******
~ * Layer 2 switch with Vlan Tagged ports *
~ ************************************************** ******
~
~ The two access points and switches are all on the same vlan for
~ management. I can ping through all 4 so I know the bridge is up and
~ working. When i tag another vlan to the access points however I can't
~ ping a workstation on the bridged side. Do I have to define that vlan
~ on the APs?

Okay, upgraded APs to the recommended software release and now my
bridge is broken. I was using WEP encryption before (yes I know about
the security risks) and was getting an error on the WGB1200 about not
being able to associate no wpa-v1 v2 check needed. So I unconfigured
wep and configured both ap's for WPA on that SSID according to the
directions in my Cisco LAB book from the Cisco Wireless LAN course.
Now I just get an error message on the WGB side that says it cannot
associate and received a response from the Root AP. The root ap has no
error messages in its log. Any ideas? I get the same no wpa-v1 v2
check needed message if i try to connect them with no security
configured.

Sorry if I led you down the garden path a bit ...

This 'no wpa-v1 v2 chk needed' message is bogus - it just means that
the uplink association failed. (We will fix this via CSCsb31178.)

I would do the following:

1. get the configs (the dot11 ssid and interface dot11radio 0 configs
are the significant part), and let's make sure that they're ok

2. I would turn on this debug on both ends: debug dot11 do0 trace print mgmt".

Regards,

Aaron

---

~ Okay, upgraded APs to the recommended software release and now my
~ bridge is broken. I was using WEP encryption before (yes I know about
~ the security risks) and was getting an error on the WGB1200 about not
~ being able to associate no wpa-v1 v2 check needed. So I unconfigured
~ wep and configured both ap's for WPA on that SSID according to the
~ directions in my Cisco LAB book from the Cisco Wireless LAN course.
~ Now I just get an error message on the WGB side that says it cannot
~ associate and received a response from the Root AP. The root ap has no
~ error messages in its log. Any ideas? I get the same no wpa-v1 v2
~ check needed message if i try to connect them with no security
~ configured.

Okay here is the config information from the Root Bridge....

!
dot11 ssid MunsonWirelessNet1011
vlan 1011
authentication open
authentication key-management wpa
infrastructure-ssid optional
mobility network-id 1011
wpa-psk ascii 7 000F1E0E0649020208241D

!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1011 mode ciphers tkip
!
ssid MunsonWirelessNet1011
!
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
power local 2
power client 2
channel 5805
station-role root bridge wireless-clients
antenna receive right
antenna transmit right
no cdp enable
!
interface Dot11Radio1.1011
encapsulation dot1Q 1011 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 spanning-disabled

And the config on the Non-Root side.....

!
dot11 ssid MunsonWirelessNet1011
vlan 1011
authentication open
authentication key-management wpa
infrastructure-ssid
mobility network-id 1011
wpa-psk ascii 7 1212081F101905002D2E75

!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption vlan 1011 mode ciphers tkip
!
ssid MunsonWirelessNet1011
!
speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
power local 2
power client 2
station-role non-root bridge
antenna receive right
antenna transmit right
no cdp enable
!
interface Dot11Radio1.1011
encapsulation dot1Q 1011 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 spanning-disabled

I enabled the debug messages to be sent to the event log and ran the
command you provided but I am not seeing any new error messages.

The only thing I see is this:

The "mobility network-id 1011" configuration is used only with WLSM, so remove it.

If that's not the problem, I don't know what is.

Aaron

---


~ Okay here is the config information from the Root Bridge....
~
~ !
~ dot11 ssid MunsonWirelessNet1011
~ vlan 1011
~ authentication open
~ authentication key-management wpa
~ infrastructure-ssid optional
~ mobility network-id 1011
~ wpa-psk ascii 7 000F1E0E0649020208241D
~
~ !
~ interface Dot11Radio1
~ no ip address
~ no ip route-cache
~ !
~ encryption vlan 1011 mode ciphers tkip
~ !
~ ssid MunsonWirelessNet1011
~ !
~ speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
~ power local 2
~ power client 2
~ channel 5805
~ station-role root bridge wireless-clients
~ antenna receive right
~ antenna transmit right
~ no cdp enable
~ !
~ interface Dot11Radio1.1011
~ encapsulation dot1Q 1011 native
~ no ip route-cache
~ no cdp enable
~ bridge-group 1
~ bridge-group 1 spanning-disabled
~
~ And the config on the Non-Root side.....
~
~ !
~ dot11 ssid MunsonWirelessNet1011
~ vlan 1011
~ authentication open
~ authentication key-management wpa
~ infrastructure-ssid
~ mobility network-id 1011
~ wpa-psk ascii 7 1212081F101905002D2E75
~
~ !
~ interface Dot11Radio1
~ no ip address
~ no ip route-cache
~ !
~ encryption vlan 1011 mode ciphers tkip
~ !
~ ssid MunsonWirelessNet1011
~ !
~ speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
~ power local 2
~ power client 2
~ station-role non-root bridge
~ antenna receive right
~ antenna transmit right
~ no cdp enable
~ !
~ interface Dot11Radio1.1011
~ encapsulation dot1Q 1011 native
~ no ip route-cache
~ no cdp enable
~ bridge-group 1
~ bridge-group 1 spanning-disabled
~
~ I enabled the debug messages to be sent to the event log and ran the
~ command you provided but I am not seeing any new error messages.

Okay, that fixed the bridge. It must have added that in when I did the
upgrade. I still however am not able to get packets tagged across the
link I created the vlan on the ethernet interface on both sides and i
can see that vlan getting packets from the wire side but it isn't
getting any packets from the radio side.

Thanks for all your help so far.....