Strange looping like behavior on aeronet 1300 link

Discussion in 'Cisco' started by Stuart Gall, Aug 31, 2009.

  1. Stuart Gall

    Stuart Gall Guest

    Hello,
    I have set up a point to point WiFi link using two aeronet 1300 Access
    point / bridges.
    At each end the 1300 is connected to a catalist switch.

    For testing I had a single SSID no dot1q encapulation, and the switch
    ports on each side set to access. This allowed me to bridge a single
    VLAN, the one configured on the switch.

    Now I have reconfigured the 1300 to bridge 3 vlans, set the switch
    ports to trunk mode.

    I have followed the configuration guides e.g.
    http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html
    OR
    https://www.cisco.com/en/US/docs/wi...00/12.3_7_JA/configuration/guide/b37vlan.html

    With

    either dot11radio shutdown so there is no traffic I have access to the
    BVI1 via the approprate VLAN so trunking is working on both sides.
    Then when I bring the wireless link up, I see it associate with the
    other bridge.
    Then all hell breaks lose.
    I see huge traffic on the switches, I lose communication with the
    1300's (I suspect simply because of the flooding of the switch ports.

    On the switch I see things like
    vlan 99 is flapping between port ...
    One port will be the correct port for the macaddress and the other will
    be the port with the wireless link.

    So some how the link is acting like a mirror, some how an ethernet loop
    is being created.
    N.B On the root side there is nothing except the 1200 bridge connected
    to the switch so there can not be a physical loop. Some how a virtual
    network loop has been created.

    I do not understand how this is possible, let alone how to fix it.

    My Configurations follow -- HELP Please.


    ============= ROOT BRIDGE ===================

    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname Magikon-root-bridge
    !
    enable secret 5 <CUT>
    !
    ip subnet-zero
    !
    dot11 vlan-name VOIP vlan 9
    dot11 vlan-name infrastructure vlan 99
    dot11 vlan-name main vlan 11
    !
    no aaa new-model
    !
    dot11 ssid MGK-LINK-9
    vlan 9
    authentication open
    authentication key-management wpa
    wpa-psk ascii 0 <CUT>
    !
    dot11 ssid MGK-LINK-11
    vlan 11
    authentication open
    authentication key-management wpa
    wpa-psk ascii 0 <CUT>
    !
    dot11 ssid MGK-LINK-99
    vlan 99
    authentication open
    authentication key-management wpa
    wpa-psk ascii 0 <CUT>
    !
    !
    !
    username stuart privilege 15 password 7 <CUT>
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption vlan 9 mode ciphers aes-ccm
    !
    encryption vlan 11 mode ciphers aes-ccm
    !
    encryption vlan 99 mode ciphers aes-ccm
    !
    ssid MGK-LINK-9
    ssid MGK-LINK-11
    ssid MGK-LINK-99
    !
    speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0
    basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
    no power client local
    power client 5
    power local cck 1
    power local ofdm 1
    channel 2412
    station-role root bridge
    !
    interface Dot11Radio0.99
    encapsulation dot1Q 99
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.9
    encapsulation dot1Q 9
    no ip route-cache
    bridge-group 9
    bridge-group 9 subscriber-loop-control
    bridge-group 9 block-unknown-source
    no bridge-group 9 source-learning
    no bridge-group 9 unicast-flooding
    bridge-group 9 spanning-disabled
    !
    interface Dot11Radio0.11
    encapsulation dot1Q 11
    no ip route-cache
    bridge-group 11
    bridge-group 11 subscriber-loop-control
    bridge-group 11 block-unknown-source
    no bridge-group 11 source-learning
    no bridge-group 11 unicast-flooding
    bridge-group 11 spanning-disabled
    !
    interface FastEthernet0
    no ip address
    no ip route-cache
    hold-queue 80 in
    !
    interface FastEthernet0.99
    encapsulation dot1Q 99
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0.9
    encapsulation dot1Q 9
    no ip route-cache
    bridge-group 9
    no bridge-group 9 source-learning
    bridge-group 9 spanning-disabled
    !
    interface FastEthernet0.11
    encapsulation dot1Q 11
    no ip route-cache
    bridge-group 11
    no bridge-group 11 source-learning
    bridge-group 11 spanning-disabled
    !
    interface BVI1
    ip address 172.17.5.10 255.255.255.0
    no ip route-cache
    !
    dot11 arp-cache
    !
    ip http server
    no ip http secure-server
    ip http help-path
    http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    !
    !
    control-plane
    !
    bridge 1 route ip
    !
    !
    !
    line con 0
    line vty 0 4
    login local
    !
    end



    ==================== CLIENT BRIDGE =================
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname Magikon-client-bridge
    !
    enable secret 5 <CUT>
    !
    ip subnet-zero
    !
    dot11 vlan-name VOIP vlan 9
    dot11 vlan-name infrastructure vlan 99
    dot11 vlan-name main vlan 11
    !
    no aaa new-model
    !
    dot11 ssid MGK-LINK-9
    vlan 9
    authentication open
    authentication key-management wpa
    wpa-psk ascii 0 <CUT>
    !
    dot11 ssid MGK-LINK-11
    vlan 11
    authentication open
    authentication key-management wpa
    wpa-psk ascii 0 <CUT>
    !
    dot11 ssid MGK-LINK-99
    vlan 99
    authentication open
    authentication key-management wpa
    wpa-psk ascii 0 <CUT>
    !
    !
    !
    username stuart privilege 15 password 7 1<CUT>
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption vlan 9 mode ciphers aes-ccm
    !
    encryption vlan 11 mode ciphers aes-ccm
    !
    encryption vlan 99 mode ciphers aes-ccm
    !
    ssid MGK-LINK-9
    ssid MGK-LINK-11
    ssid MGK-LINK-99
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    36.0 48.0 54.0
    no power client local
    power client 5
    power local cck 1
    power local ofdm 1
    station-role non-root bridge
    !
    interface Dot11Radio0.99
    encapsulation dot1Q 99
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.9
    encapsulation dot1Q 9
    no ip route-cache
    bridge-group 9
    bridge-group 9 subscriber-loop-control
    bridge-group 9 block-unknown-source
    no bridge-group 9 source-learning
    no bridge-group 9 unicast-flooding
    bridge-group 9 spanning-disabled
    !
    interface Dot11Radio0.11
    encapsulation dot1Q 11
    no ip route-cache
    bridge-group 11
    bridge-group 11 subscriber-loop-control
    bridge-group 11 block-unknown-source
    no bridge-group 11 source-learning
    no bridge-group 11 unicast-flooding
    bridge-group 11 spanning-disabled
    !
    interface FastEthernet0
    no ip address
    no ip route-cache
    hold-queue 80 in
    !
    interface FastEthernet0.99
    encapsulation dot1Q 99
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0.9
    encapsulation dot1Q 9
    no ip route-cache
    bridge-group 9
    no bridge-group 9 source-learning
    bridge-group 9 spanning-disabled
    !
    interface FastEthernet0.11
    encapsulation dot1Q 11
    no ip route-cache
    bridge-group 11
    no bridge-group 11 source-learning
    bridge-group 11 spanning-disabled
    !
    interface BVI1
    ip address 172.17.5.11 255.255.255.0
    no ip route-cache
    !
    ip http server
    no ip http secure-server
    ip http help-path
    http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    !
    !
    control-plane
    !
    bridge 1 route ip
    !
    !
    !
    line con 0
    line vty 0 4
    login local
    !
    end



    TIA
    --
    Stuart.
    Stuart Gall, Aug 31, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Pharmacy

    MAC authentication on Aeronet 340

    Pharmacy, Dec 10, 2003, in forum: Cisco
    Replies:
    0
    Views:
    465
    Pharmacy
    Dec 10, 2003
  2. Pharmacy
    Replies:
    1
    Views:
    467
    Jim Matthews
    Dec 16, 2003
  3. Axel Werner
    Replies:
    0
    Views:
    646
    Axel Werner
    Mar 7, 2005
  4. jayjwa

    Yet Another IE Vulnerability??- Frame Looping

    jayjwa, Nov 12, 2003, in forum: Computer Security
    Replies:
    5
    Views:
    603
    @micro$oft.com
    Nov 13, 2003
  5. Rick F
    Replies:
    4
    Views:
    11,349
    headsetadapter.com
    Nov 13, 2007
Loading...

Share This Page