Changing native VLAN on non-root bridges

Similar Messages

• Wireless Root Bridge - Non Root Bridge

  I've been reading a lot about bridge configuration for wireless AP but i cannot make it work the following scenario:
  PC -- ethernet port --> Non-Root-Bridge -----------> Root Bridge ---------> Switch
  vlan111                     native 18 - vlan111           native 18 - vlan111      vlan native 18,111
  Its pinging fine between switch and Non-Root. But when i put vlan111 on Non-Root the two AP's stop responding to the network.
  What am i doing wrong? Plz i need some help!! I have two 1242.
  ------------------------ Root Config ----------------------
  dot11 syslog
  dot11 vlan-name JGS111 vlan 111
  dot11 vlan-name JGS18 vlan 18
  dot11 ssid WGB
     vlan 18
     authentication open
     guest-mode
     infrastructure-ssid
  username Cisco password 7 047802150C2E
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid WGB
  station-role root bridge
  infrastructure-client
  interface Dot11Radio0.18
  encapsulation dot1Q 18 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.111
  encapsulation dot1Q 111
  no ip route-cache
  bridge-group 111
  bridge-group 111 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  dfs band 3 block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  interface FastEthernet0.18
  encapsulation dot1Q 18 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0.111
  encapsulation dot1Q 111
  no ip route-cache
  bridge-group 111
  bridge-group 111 spanning-disabled
  interface BVI1
  ip address 10.1.8.50 255.255.255.0
  no ip route-cache
  ip default-gateway 10.1.8.254
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  ------------- Non-Root-Bridge -------------
  ot11 syslog
  dot11 vlan-name JGS111 vlan 111
  dot11 vlan-name JGS18 vlan 18
  dot11 ssid WGB
     vlan 18
     authentication open
     guest-mode
     infrastructure-ssid
  username Cisco password 7 14341B180F0B
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid WGB
  station-role non-root bridge
  infrastructure-client
  interface Dot11Radio0.18
  encapsulation dot1Q 18 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.111
  encapsulation dot1Q 111
  no ip route-cache
  bridge-group 111
  bridge-group 111 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  dfs band 3 block
  channel dfs
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  interface FastEthernet0.18
  encapsulation dot1Q 18 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface FastEthernet0.111
  encapsulation dot1Q 111
  no ip route-cache
  bridge-group 111
  bridge-group 111 spanning-disabled
  interface BVI1
  ip address 10.1.8.51 255.255.255.0
  no ip route-cache
  ip default-gateway 10.1.8.254
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip

  Try this:
  interface Dot11Radio0.18
  encapsulation dot1Q 18 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.111
  encapsulation dot1Q 111
  no ip route-cache
  bridge-group 111
  bridge-group 111 subscriber-loop-control
  bridge-group 111 block-unknown-source
  no bridge-group 111 source-learning
  no bridge-group 111 unicast-flooding
  bridge-group 111 spanning-disabled
  interface FastEthernet0.18
  encapsulation dot1Q 10 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface FastEthernet0.111
  encapsulation dot1Q 111
  no ip route-cache
  bridge-group 111
  no bridge-group 111 source-learning
  bridge-group 111 spanning-disabled
  Make sure your switchort is setup similar
  interface GigabitEthernet0/7
  description 1242 AP Bridge
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 18
  switchport trunk allowed vlans 18,111
  switchport mode trunk
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• SAP 1602 Wireless bridge issue. Non root bridge loses it's configuration

  Hi guys,
  Today I tried to configure wireless link between two autonomous AP 1602 APs.
  There is a problem with Non-root bridge. I configured it with this command:
  AP2(config-if)#station-role non-root wireless-clients
  Non-root bridge successfully joins the root bridge (root AP). Anyway, this configuration does not work, if I reload my non-root bridge. Even without reload, If I check my non-root bridge configuration it looks like this:
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption vlan 1 mode ciphers aes-ccm
  ssid WiFi-Bridge
  antenna gain 0
  stbc
  beamform ofdm
  Command "station-role non-root wireless-clients" is missing here. But I just configured it few seconds ago... Does anyone know, where could be a problem?

  Okay... Everything works with OPEN ssid. Not with my WPA 2 configuration.
  On both APs configuration looks like this:
  dot11 ssid Private
     vlan 10
     authentication open
     authentication key-management wpa version 2
     guest-mode
     wpa-psk ascii 7 01100F175804575D72
  interface Dot11Radio0
  encryption vlan 10 mode ciphers aes-ccm
  ssid Private
  infrastructure-client ( on Root AP)
  station-role root bridge wireless-clients ( on Root AP)
  Few debugs:
  *Mar  2 09:57:30.554: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  9c02.986d.9675 Reassociated KEY_MGMT[WPAv2 PSK]
  *Mar  2 09:57:30.938: dot11_auth_client_abort: Received abort request for client 9c02.986d.9675
  *Mar  2 09:57:30.938: dot11_auth_client_abort: No client entry to abort: 9c02.986d.9675 for application 0x1
  *Mar  2 09:57:30.938: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 9c02.986d.9675 Reason: Sending station has left the BSS
  *Mar  2 09:57:30.986: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  9c02.986d.9675 Reassociated KEY_MGMT[WPAv2 PSK]
  *Mar  2 09:57:31.350: dot11_auth_client_abort: Received abort request for client 9c02.986d.9675
  *Mar  2 09:57:31.350: dot11_auth_client_abort: No client entry to abort: 9c02.986d.9675 for application 0x1
  *Mar  2 09:57:31.350: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 9c02.986d.9675 Reason: Sending station has left the BSS
  *Mar  2 09:57:31.398: %DOT11-6-ASSOC: Interface Dot11Radio0, Station  9c02.986d.9675 Reassociated KEY_MGMT[WPAv2 PSK]
  *Mar  2 09:57:31.766: dot11_auth_client_abort: Received abort request for client 9c02.986d.9675
  Everything works with android device and WPA2 if I change configuration to this:
  dot11 ssid Private
     vlan 10
     authentication open
     authentication key-management wpa version 2
     mbssid guest-mode
     wpa-psk ascii 7 01100F175804575D72
  interface Dot11Radio0
  encryption vlan 10 mode ciphers aes-ccm
  ssid Private
  station-role root
  mbssid

• Native VLAN and Trunks on Bridges

  I have a need for different Native VLANs on the radio side and the ethernet side. Can this be done on the non-root 1410 bridge?
  The radio native VLAN is to support the management on teh 1410 bridges. I also need to attach a single device from another VLAN on the non-root bridge and I do not want to have to put in a switch just to break out that needed VLAN.

  The bridge supports only one SSID. You should assign the SSID to the native VLAN
  1.Create subinterfaces on the radio and Ethernet interfaces.
  2. Enable 802.1q encapsulation on the subinterfaces and assign one subinterface as the native VLAN.
  3. Assign a bridge group to each VLAN.
  4. (Optional) Enable WEP on the native VLAN.
  5. Assign the bridge's SSID to the native VLAN.
  To assign an SSID to a VLAN and how to enable a VLAN on the bridge radio and Ethernet ports
  For further information click this link.
  http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.3_8_JA/configuration/guide/p38vlan.html

• Can one Root Bridge support multiple non-root bridges?

  Hey gang,
  I have a pretty simple question here I think
  I have a wireless bridge currently setup to support a separate office building on our property about 200 yards away from the main building.  The wireless bridge has been working great and was a much cheaper solution when compared to the cost of making a fiber drop to this building.  The needs of our business have changed (go figure), to include a warehouse building also on the backside of the property.  It's not feasible to run a cable between these two building either.  So I need to create another wireless bridge to this back warehouse as well.  My question is can I just use another non-root bridge to link to the root bridge already in place, or does each wireless bridge require one root bridge and one non-root bridge?
  I have good LoS to both buildings from where the current root bridge is, so if two non-root bridges can talk to one root bridge I should be able to just an additional non-root bridge and be good to go.  But if wireless bridges are meant to be a one to one setup, then I'll need to setup an additional root bridge to link to the new non-root bridge?
  It seems like you should be able to have one root bridge link to multiple non-root bridges but I haven't been able to find any clear examples of this being done.
  Thanks in advance for the help!

  That was just too easy.
  I copied the configuration from the working non-root bridge to my laptop.  I changed out the ip address of the BVI interface.  I uploaded the configuration to the new 1300 bridge.  I plugged it in and pointed the yagi antenna in the general direction of the original root bridge and started pinging the new 1300.  Success!
  I'll use my spare 1300 to get service up and running in the warehouse by the end of the week and I'll just need to order one more 1300 to make sure I have spare on hand if needed.
  Thanks again!

• 1310 Root with two non-root bridges

  I have a Cisco 1310 root bridge and a 1310 non-root bridge . it worked fine for a year, I then installed one more 1310 as a non-root bridge now I?m seeing both of my non-root bridges dropping offline more and more. I checked my first non-root bridge today and the radio is down and I can?t seem to bring it back up. I have recently upgraded the tar to see if that would fix the problem. This problem started when I added my second non-root bridge. Did I miss some setting or something

  Make sure the spanning tree protocol is disabled on Vlan interfaces

• Root-bridge non-root bridge security

  Using AP1231, I have a point-to-point configuration with the option "without wireless clients". I have enabled WPA2-PSK/AES-CCMP to the infrastructureSSID/nativeVLAN.
  Does this security automatically apply to the other SSID/VLAN I have configured? Or do I need to configure additional security on the other SSID/VLAN? Please advise. Thanks!

  From your diagram, AP3 is the root bridge because it is connected to ISP, so AP2 will be a repeater, but 1242 can't work both as repeater and AP. So the diagram won't work. you have 3 alternative options:
  1. not let AP2 to connect wireless clients, only configure AP2 as a repeater.
  2. If AP1 can connect to AP3 directly, then configure AP3 as root-bridge with wireless clients, configure both AP1 and AP2 as non-root bridge withe wireless clients.
  3. If AP1 can't connect to AP3 directly, you need to add an additional AP4 to have back-to-back connection with AP2, configure AP1 and AP4 as non-root bridge with wireless clients, configure AP2 and AP3 as root-bridge with wireless clients; ap1 peered with AP2, AP4 peered with AP3, AP2 and AP4 are interconnected by ethernet port.

• 1300 Root-Bridge and Non-Root Bridge setup

  I have two 1300s that I am trying to set up as Root Bridge and Non-Root Bridge, however, everytime i specify one of them as a Non-Root bridge, the radio0 interface becomes disabled. The only option that i am able to pick that enables the radio0 interface is "Access Point", which is what am trying to avoid it being.
  Can anybody help me figure out how to go about this

  A non-root's radio will show as disabled if it cannot find the root AP to associate to. Make sure you have "infrastructure-ssid" configured under the SSID on both the root and non-root bridges. Also depending on code versions you may have to configure the distance command under the radio interface on the root.

• 7920 associates to root bridge but not to non-root bridge

  I have 7920s using open authentication with WEP128 cipher. I have two 1300 root AP's (with client support) and three non-root AP's (also client support) in the same lab area. The root AP's and non-Root AP's associate and link to each other no problem. However, the 7920's will only associate with the Root APs. If I power down the root APs, the 7920s show "no AP found". I've verified SSID and WEP128 keys. I've also noted that the root AP does have a channel specified under dot11radio0 but the non-roots do not. Do the 7920's just scan for any channel until it finds an association or do I need to specify a channel in the non-root bridges?
  Thanks,
  Mike.

  With static WEP, the authentication is happening at the AP level. Will want to ensure non-root is associated to a root though otherwise the interface may be in "reset" state.
  The 7920 will look at these 2 as individual APs regardless of channel. Non-roots should have the same channel as the root, otherwise will not be able to communicate.

• Root Bridge vs. Non-Root Bridge

  Hi,
  I want to understand the Root Bridge vs. the Non-Root Bidge when using Autonomous 1131 AP's on the same /24 network. Does that command matter in Autonomous? I have many devices working without issues on the same /24 network and all have the Root Bridge set,
  Clearly confused...
  Thanks,

  The command is used on point to point links deployments
  A non root bridge becomes a client and connect to another ap in order to do wireless bridging.
  Sent from Cisco Technical Support iPhone App

• 1230AG non-root bridge not associating

  Hello everyone,
  I am new at setting up root and non-root bridges. I am trying to set-up three 1230ag devices.
  One as the root and the othe two as non-root, I copied the config txt from the root and
  copied that into the two I am going to use for the non-root. That way the ssid's are the
  same. When I set the role to non-root the radio is not enabled and I get a message saying
  Interface Dot11Radio0,cannot associate:No Response
  Does any know what I am doing wrong, and how to fix it
  Thanks

  The radio interface will go down in response to being configured as a non-root bridge, so that much is working.  But there must be a configuration error if it won't associate.  Can you post the configs so we can review them?
  Are the bridges mounted, or are they on your desk?

• Non-root bridges associating with each other.

  We have a point to multi-point bridge setup with 3 BR1310s. One is set to be a root bridge and the other two are set to be non-root bridges. From past experience (not to mention Cisco documentation) I would expect the 2 non-roots to associate to the root. What is happening is that one of the non-roots associates with the root and the other non-root associates with the first non-root. The good bit is that everything still works, the puzzling bit is why this is happening, the bridges are physically in a V pattern so there's no reason for the second non-root to behave as it is, even if we force it off the first non-root it just jumps right back in there again. Bridges are all running 12.3.4-JA.

  Configurations of both non-root bridges attached. I've just found out that the customer has mounted the second non-root bridge in such a way that there is probably no line of site to the root bridge (failing to follow clear instructions!) which explains why we can't get it to associate with the root bridge but doesn't explain how it can associate with the other non-root. The only thing I can think of is that both are "non-root with clients" and the second bridge is being accepted as a client rather than a bridge.

• 1310 Root Bridge will not Authenticate with 350 Non Root Bridge

  I've exhausted myself solving this issue.
  I have a 1310 set as a root bridge using WEPS. I have a 350 set as a non root bridge/without clients, also using WEPS (they both use the same SSID)
  The 350 will not authenticate to the 1310. After doing a Carrier Busy Test, it is clear the 350 see's the 1310 with signal strengh of 100 percent.
  (I have a test lab setup in my office)
  If I make the 350 the Root Bridge and the 1310 the Non Root, The 1310 will authenticate to the 350.
  I hoping someone else has seen this problem and can enlighten me.
  Thank you.

  I have successfully configured a 1310 Bridge as a Root Bridge and a BR350 Bridge and a Non Root Bridge/with Clients. I also had to force the 1310 to operate at 11MB only.
  As soon as I make the BR350 Bridge a Non Root Bridge/without Clients, the authentication is dropped between the two.
  I was hoping I could transition to the 1310 one unit at a time since I have over a dozen 350's to replace.

• Non-root bridge association problem

  I have an installation using Cisco 1242 Access Points (IOS) as bridges
  in 5Ghz band, and as AP in 2,4 GHz band. Sometimes I get problems
  with the non-root bridges, after mains outage, they will not
  associate to the root bridge. Command "dot11 do 1 carrier busy"
  issued to the non-root bridge helps, but sometimes I have to use it
  several times. Have anybody any idea about possible cause?
  Thanks

  Hi Frank,
  I think I have found the reason of my troubles. It is the following configuration command:
  (interface Dot11Radio1)
  world-mode dot11d country CZ outdoor
  which is not only not-needed on the non-root bridge AP, it prevents associating the non-root bridge to the root-bridge AP. It does not cause the troubles on each root non-root couple. The troubles are more frequent with IOS version 12.3(11)JA or 12.3(8)JEA than with 12.3(8)JA2.
  Regards
  Frantisek Opravil

• 1250 802.11N series in root/non-root bridge mode

  Using Yagi's, low loss cable, antenna outside, AP inside.
  When operating autonomous 1250 series in root/non-root bridge mode, can I use 802.11N radios? Is it supported?
  Or would it be better to use 1242's? This is for a customer, no time for testing, need rock solid design, in and out configuration...

  @leolaohoo -
  I was just  asking for a definitive answer, weather its affirmative or negative, is there a benefit to using the 1252 over the 1242 giving the cost of each, since as you said the 802.11N can not be used to bridge, than I would say a 1242 is better fit for the AP bridge of 350', clear line of site over the 1252.