Radius assigned Vlans on Cisco AP1200

Hi

When assigning vlans via radius on Cisco Ap1200's is it possible to drop a user into the native vlan the same way you would with a tagged vlan?

example :-

My ap has several vlans tagged into the ethernet interface lets call them vlan id's 10, 20 and 30. I want to set up the access point so that the native (untagged) is id 40 and assign it via radius in the same way as it would for the others. Also I want to manage my access point on a tagged vlan, lets call this id 50.

Cheers

Ben

Hi Ben,

OK, I'm glad to hear that you got this working ... however it's not supported to have the BVI IP address in a non-native VLAN. So, if you should encounter any problems and should need to open a TAC case, I'd recommend that temporarily put on a "kosher" config while we work in your issue. (Configuring BVI1 in a non-native VLAN *won't* void your warranty ;-)

Cheers,

Aaron

I have have managed to get this working. Here is a snippet from my config :-

! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.1 encapsulation dot1Q 50 no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.40 encapsulation dot1Q 40 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.10 encapsulation dot1Q 10 no ip route-cache bridge-group 255 no bridge-group 255 source-learning bridge-group 255 spanning-disabled ! interface BVI1 ip address x.x.x.x y.y.y.y no ip route-cache !

Does it matter that I have a tagged interface as well as a native interface both being members of bridge group 1 ?

Thanks, Ben

Hi Aaron

Thanks again for the info. I might just abandon this idea if it's not supported. I'm not quite clear about exactly what is a bridge group and what they are used for in a Cisco context. Does the fact that I have more than one Ethernet interface in the same group mean that I might get some unwanted results such as traffic being able to pass between VLAN's?

Cheers

Ben

~ > OK, I'm glad to hear that you got this working ... however it's ~ > not supported to have the BVI IP address in a non-native VLAN. ~ > So, if you should encounter any problems and should need to open a ~ > TAC case, I'd recommend that temporarily put on a "kosher" config ~ > while we work in your issue. (Configuring BVI1 in a non-native ~ > VLAN *won't* void your warranty ;-)

~ Thanks again for the info. I might just abandon this idea if it's not ~ supported. I'm not quite clear about exactly what is a bridge group and ~ what they are used for in a Cisco context. Does the fact that I have more ~ than one Ethernet interface in the same group mean that I might get some ~ unwanted results such as traffic being able to pass between VLAN's? ~ ~ Cheers ~ ~ Ben

Well, that is correct ... a bridge-group is a set of interfaces that the IOS device bridges together. So if you have configured say FastEthernet0.10 in one VLAN and FastEthernet0.20 in another VLAN, and then put them in the same bridge-group, then the AP will (I believe) bridge those two VLANs together.

(Note that I've set Followup-to: comp.dcom.sys.cisco as this is really Cisco-specific stuff rather than stuff that would be of general wireless interest.)

Cheers,

Aaron