1200 Access Points as Bridged Network

Discussion in 'Cisco' started by Eric, Feb 23, 2006.

  1. Eric

    Eric Guest

    I have the following setup and am having problems figuring out how to
    tag VLAN traffic over it.

    ********************************************************
    * Layer 2 switch with Vlan tagged ports *
    ********************************************************
    *
    *
    *********************
    * Root AP1200 *
    *********************

    *********************
    * WGB 1200 *
    *********************
    *
    *
    ********************************************************
    * Layer 2 switch with Vlan Tagged ports *
    ********************************************************

    The two access points and switches are all on the same vlan for
    management. I can ping through all 4 so I know the bridge is up and
    working. When i tag another vlan to the access points however I can't
    ping a workstation on the bridged side. Do I have to define that vlan
    on the APs?
     
    Eric, Feb 23, 2006
    #1
    1. Advertising

  2. It is supported to trunk VLANs thru a WGB link, but not well documented
    or well exercised. I would recommend instead configuring the "Root AP1200"
    as a "Root bridge" with clients" and the "WGB 1200" as a "nonroot bridge"
    (i.e. using the link role flexibility feature in 12.3(7)JA2.)

    This should give you the idea, sort of:

    http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1300/brscg/o13vlan.htm

    I.e. configure a FastEthernet0.blah subinterface on each end for each
    VLAN. Note that the wireless link will NOT really use multiple SSIDs;
    traffic for all VLANs will be carried via the one "native" SSID.

    Regards,

    Aaron

    ---


    ~ I have the following setup and am having problems figuring out how to
    ~ tag VLAN traffic over it.
    ~
    ~ ********************************************************
    ~ * Layer 2 switch with Vlan tagged ports *
    ~ ********************************************************
    ~ *
    ~ *
    ~ *********************
    ~ * Root AP1200 *
    ~ *********************
    ~
    ~ *********************
    ~ * WGB 1200 *
    ~ *********************
    ~ *
    ~ *
    ~ ********************************************************
    ~ * Layer 2 switch with Vlan Tagged ports *
    ~ ********************************************************
    ~
    ~ The two access points and switches are all on the same vlan for
    ~ management. I can ping through all 4 so I know the bridge is up and
    ~ working. When i tag another vlan to the access points however I can't
    ~ ping a workstation on the bridged side. Do I have to define that vlan
    ~ on the APs?
     
    Aaron Leonard, Feb 23, 2006
    #2
    1. Advertising

  3. Eric

    Eric Guest

    Okay, upgraded APs to the recommended software release and now my
    bridge is broken. I was using WEP encryption before (yes I know about
    the security risks) and was getting an error on the WGB1200 about not
    being able to associate no wpa-v1 v2 check needed. So I unconfigured
    wep and configured both ap's for WPA on that SSID according to the
    directions in my Cisco LAB book from the Cisco Wireless LAN course.
    Now I just get an error message on the WGB side that says it cannot
    associate and received a response from the Root AP. The root ap has no
    error messages in its log. Any ideas? I get the same no wpa-v1 v2
    check needed message if i try to connect them with no security
    configured.
     
    Eric, Feb 28, 2006
    #3
  4. Sorry if I led you down the garden path a bit ...

    This 'no wpa-v1 v2 chk needed' message is bogus - it just means that
    the uplink association failed. (We will fix this via CSCsb31178.)

    I would do the following:

    1. get the configs (the dot11 ssid and interface dot11radio 0 configs
    are the significant part), and let's make sure that they're ok

    2. I would turn on this debug on both ends: debug dot11 do0 trace print mgmt".

    Regards,

    Aaron

    ---

    ~ Okay, upgraded APs to the recommended software release and now my
    ~ bridge is broken. I was using WEP encryption before (yes I know about
    ~ the security risks) and was getting an error on the WGB1200 about not
    ~ being able to associate no wpa-v1 v2 check needed. So I unconfigured
    ~ wep and configured both ap's for WPA on that SSID according to the
    ~ directions in my Cisco LAB book from the Cisco Wireless LAN course.
    ~ Now I just get an error message on the WGB side that says it cannot
    ~ associate and received a response from the Root AP. The root ap has no
    ~ error messages in its log. Any ideas? I get the same no wpa-v1 v2
    ~ check needed message if i try to connect them with no security
    ~ configured.
     
    Aaron Leonard, Feb 28, 2006
    #4
  5. Eric

    Eric Guest

    Okay here is the config information from the Root Bridge....

    !
    dot11 ssid MunsonWirelessNet1011
    vlan 1011
    authentication open
    authentication key-management wpa
    infrastructure-ssid optional
    mobility network-id 1011
    wpa-psk ascii 7 000F1E0E0649020208241D

    !
    interface Dot11Radio1
    no ip address
    no ip route-cache
    !
    encryption vlan 1011 mode ciphers tkip
    !
    ssid MunsonWirelessNet1011
    !
    speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
    power local 2
    power client 2
    channel 5805
    station-role root bridge wireless-clients
    antenna receive right
    antenna transmit right
    no cdp enable
    !
    interface Dot11Radio1.1011
    encapsulation dot1Q 1011 native
    no ip route-cache
    no cdp enable
    bridge-group 1
    bridge-group 1 spanning-disabled

    And the config on the Non-Root side.....

    !
    dot11 ssid MunsonWirelessNet1011
    vlan 1011
    authentication open
    authentication key-management wpa
    infrastructure-ssid
    mobility network-id 1011
    wpa-psk ascii 7 1212081F101905002D2E75

    !
    interface Dot11Radio1
    no ip address
    no ip route-cache
    !
    encryption vlan 1011 mode ciphers tkip
    !
    ssid MunsonWirelessNet1011
    !
    speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
    power local 2
    power client 2
    station-role non-root bridge
    antenna receive right
    antenna transmit right
    no cdp enable
    !
    interface Dot11Radio1.1011
    encapsulation dot1Q 1011 native
    no ip route-cache
    no cdp enable
    bridge-group 1
    bridge-group 1 spanning-disabled

    I enabled the debug messages to be sent to the event log and ran the
    command you provided but I am not seeing any new error messages.
     
    Eric, Mar 1, 2006
    #5
  6. The only thing I see is this:

    The "mobility network-id 1011" configuration is used only with WLSM, so remove it.

    If that's not the problem, I don't know what is.

    Aaron

    ---


    ~ Okay here is the config information from the Root Bridge....
    ~
    ~ !
    ~ dot11 ssid MunsonWirelessNet1011
    ~ vlan 1011
    ~ authentication open
    ~ authentication key-management wpa
    ~ infrastructure-ssid optional
    ~ mobility network-id 1011
    ~ wpa-psk ascii 7 000F1E0E0649020208241D
    ~
    ~ !
    ~ interface Dot11Radio1
    ~ no ip address
    ~ no ip route-cache
    ~ !
    ~ encryption vlan 1011 mode ciphers tkip
    ~ !
    ~ ssid MunsonWirelessNet1011
    ~ !
    ~ speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
    ~ power local 2
    ~ power client 2
    ~ channel 5805
    ~ station-role root bridge wireless-clients
    ~ antenna receive right
    ~ antenna transmit right
    ~ no cdp enable
    ~ !
    ~ interface Dot11Radio1.1011
    ~ encapsulation dot1Q 1011 native
    ~ no ip route-cache
    ~ no cdp enable
    ~ bridge-group 1
    ~ bridge-group 1 spanning-disabled
    ~
    ~ And the config on the Non-Root side.....
    ~
    ~ !
    ~ dot11 ssid MunsonWirelessNet1011
    ~ vlan 1011
    ~ authentication open
    ~ authentication key-management wpa
    ~ infrastructure-ssid
    ~ mobility network-id 1011
    ~ wpa-psk ascii 7 1212081F101905002D2E75
    ~
    ~ !
    ~ interface Dot11Radio1
    ~ no ip address
    ~ no ip route-cache
    ~ !
    ~ encryption vlan 1011 mode ciphers tkip
    ~ !
    ~ ssid MunsonWirelessNet1011
    ~ !
    ~ speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
    ~ power local 2
    ~ power client 2
    ~ station-role non-root bridge
    ~ antenna receive right
    ~ antenna transmit right
    ~ no cdp enable
    ~ !
    ~ interface Dot11Radio1.1011
    ~ encapsulation dot1Q 1011 native
    ~ no ip route-cache
    ~ no cdp enable
    ~ bridge-group 1
    ~ bridge-group 1 spanning-disabled
    ~
    ~ I enabled the debug messages to be sent to the event log and ran the
    ~ command you provided but I am not seeing any new error messages.
     
    Aaron Leonard, Mar 1, 2006
    #6
  7. Eric

    Eric Guest

    Okay, that fixed the bridge. It must have added that in when I did the
    upgrade. I still however am not able to get packets tagged across the
    link I created the vlan on the ethernet interface on both sides and i
    can see that vlan getting packets from the wire side but it isn't
    getting any packets from the radio side.

    Thanks for all your help so far.....
     
    Eric, Mar 2, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David
    Replies:
    1
    Views:
    533
    Phillip Remaker
    Dec 5, 2003
  2. Chris Davies
    Replies:
    6
    Views:
    1,505
    Chris Davies
    Jun 15, 2004
  3. Replies:
    0
    Views:
    526
  4. Replies:
    5
    Views:
    4,428
  5. C1266OCDSB
    Replies:
    1
    Views:
    492
Loading...

Share This Page