1200 Access Points as Bridged Network

I have the following setup and am having problems figuring out how to tag VLAN traffic over it.

********************************************************
  • Layer 2 switch with Vlan tagged ports *
******************************************************** * * ********************* * Root AP1200 * ********************* ********************* * WGB 1200 * ********************* * * ********************************************************
  • Layer 2 switch with Vlan Tagged ports *
********************************************************

The two access points and switches are all on the same vlan for management. I can ping through all 4 so I know the bridge is up and working. When i tag another vlan to the access points however I can't ping a workstation on the bridged side. Do I have to define that vlan on the APs?

Reply to
Eric
Loading thread data ...

It is supported to trunk VLANs thru a WGB link, but not well documented or well exercised. I would recommend instead configuring the "Root AP1200" as a "Root bridge" with clients" and the "WGB 1200" as a "nonroot bridge" (i.e. using the link role flexibility feature in 12.3(7)JA2.)

This should give you the idea, sort of:

formatting link
I.e. configure a FastEthernet0.blah subinterface on each end for each VLAN. Note that the wireless link will NOT really use multiple SSIDs; traffic for all VLANs will be carried via the one "native" SSID.

Regards,

Aaron

Reply to
Aaron Leonard

Okay, upgraded APs to the recommended software release and now my bridge is broken. I was using WEP encryption before (yes I know about the security risks) and was getting an error on the WGB1200 about not being able to associate no wpa-v1 v2 check needed. So I unconfigured wep and configured both ap's for WPA on that SSID according to the directions in my Cisco LAB book from the Cisco Wireless LAN course. Now I just get an error message on the WGB side that says it cannot associate and received a response from the Root AP. The root ap has no error messages in its log. Any ideas? I get the same no wpa-v1 v2 check needed message if i try to connect them with no security configured.

Reply to
Eric

Sorry if I led you down the garden path a bit ...

This 'no wpa-v1 v2 chk needed' message is bogus - it just means that the uplink association failed. (We will fix this via CSCsb31178.)

I would do the following:

  1. get the configs (the dot11 ssid and interface dot11radio 0 configs are the significant part), and let's make sure that they're ok

  1. I would turn on this debug on both ends: debug dot11 do0 trace print mgmt".

Regards,

Aaron

Reply to
Aaron Leonard

Okay here is the config information from the Root Bridge....

! dot11 ssid MunsonWirelessNet1011 vlan 1011 authentication open authentication key-management wpa infrastructure-ssid optional mobility network-id 1011 wpa-psk ascii 7 000F1E0E0649020208241D

! interface Dot11Radio1 no ip address no ip route-cache ! encryption vlan 1011 mode ciphers tkip ! ssid MunsonWirelessNet1011 ! speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 power local 2 power client 2 channel 5805 station-role root bridge wireless-clients antenna receive right antenna transmit right no cdp enable ! interface Dot11Radio1.1011 encapsulation dot1Q 1011 native no ip route-cache no cdp enable bridge-group 1 bridge-group 1 spanning-disabled

And the config on the Non-Root side.....

! dot11 ssid MunsonWirelessNet1011 vlan 1011 authentication open authentication key-management wpa infrastructure-ssid mobility network-id 1011 wpa-psk ascii 7 1212081F101905002D2E75

! interface Dot11Radio1 no ip address no ip route-cache ! encryption vlan 1011 mode ciphers tkip ! ssid MunsonWirelessNet1011 ! speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 power local 2 power client 2 station-role non-root bridge antenna receive right antenna transmit right no cdp enable ! interface Dot11Radio1.1011 encapsulation dot1Q 1011 native no ip route-cache no cdp enable bridge-group 1 bridge-group 1 spanning-disabled

I enabled the debug messages to be sent to the event log and ran the command you provided but I am not seeing any new error messages.

Reply to
Eric

The only thing I see is this:

The "mobility network-id 1011" configuration is used only with WLSM, so remove it.

If that's not the problem, I don't know what is.

Aaron

Reply to
Aaron Leonard

Okay, that fixed the bridge. It must have added that in when I did the upgrade. I still however am not able to get packets tagged across the link I created the vlan on the ethernet interface on both sides and i can see that vlan getting packets from the wire side but it isn't getting any packets from the radio side.

Thanks for all your help so far.....

Reply to
Eric

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.