Create VLAN over 1310 Bridges

Similar Messages

• Vlan over wireless bridge with internet sharing?

  Hi Community, my first post here, hoping somebody may be able to advise...
  I live on a farm which is too far for broadband but fortunately I also have an office in a nearby town and because I have line of sight I have setup a wireless bridge, this gives me 8 MBits which is wonderful. Some of my equipment, for example a NAS is on the farm, and I need to access them from the office via the wireless link and I occasinally use vnc to access my office desktop from the farm. This all works beautifully.
  Ok. now I want to share my internet with my neighbor on the farm, who, in a strange twist also rents an office next to mine downtown, so I would like to give him access to the internet and to his equipment he has there too.. but I don't want him to be able to access my equipment and visa versa I don't want to see his stuff...
  This sounds like a job for port based VLAN.. and so what I bought is two Linksys/Cisco SLM2005 layer2 switches in the hope that this would allow me to do what I want... but I'm not so sure now. In the office I use a draytek v2910 which has a vlan feature that allows me to separate the ports from each other, only giving them internet access.
  So... if I connect these two switches to each other, and I create a VLAN with the same id on each of the switches, will the corresponding vlans be shared, so, if you assume the following hardware setup:
  farm: slm2005 switch
  port 1 -> wireless bridge to office: member of vlan "2", "3"
  port 2 -> access point A for neighbor: member of vlan "2"
  port 3 -> my own access point B: member of vlan "3"
  office: slm2005 switch
  port 1 -> wireless bridge to farm: member of vlan "2", "3"
  port 2  -> access point C for neighbor: member of vlan "2"
  port 3 -> my access point for office D: member of vlan "3"
  port 4 -> router port 1: member of vlan "2"
  port 5 -> router port 2: member of vlan "3"
  the router (draytek v2910) is configured in such a way to separate port 1 and port 2 (otherwise there would be a loop...)
  The idea here is to create a vlan "2" for my neighbor and "3" for myself. but what's the correct way to consider the wireless bridge inbeetween (in fact, I think the same problem would occur if I just connected the two switches with a cable (if i had a 2 mile long one..)...)
  Will my neighbor be able to see both access points "A" and "C" and the internet, but not be my access points "B" and "D"? Or does this whole concept of VLAN over bridge not work like this, or not at all?
  Thanks in advance for any advice,
  Andres

  Hi Andreas,
  you're not far from it.
  Your whole concept is ok. What you just need is on the gateway of each subnet (I would presume it's the router in the office) to create an access list preventing to route between vlan 2 and 3.
  On all other devices,  traffic can't jump between vlans. But on a routing device that has the Vlan layer3 interfaces, traffic is routed between vlans so that's where you need to prevent it.
  With regards to vlans over wireless, you're also having the good concept. The point is to have only 1 ssid, that will be in a certain vlan, but also bridging the other vlans onto that ssid.
  This doc should help you out :
  http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr
  HTH,
  Nicolas
  Thanks to rank the answer if you see it as useful !

• VLAN Over Remote Bridges (1240AG)

  Hi,
  I've an AP connecting to the backbone switch via 2 wireless bridge links as shown below. Currently, it is operating as flat lan.
  Would like to know if it can be coverted to vlan mode so that I can support wireless clients of different vlans at the remote end?
  Switch ----------- 1240AG--------------------/-----------------1240AG--------------------/------------------------1240AG
              Eth              Root         802.11b/g        Non       Root             802.11a                Non      AP        802.11b/g  Clients
              Trunk           Bridge                             Root      Bridge                                      Root                 SSID1 -- vlan 10
              vlan 1                                                 Bridge                                                   Bridge              SSID2 -- vlan 20
              vlan 10                                                                                                                                   SSID3 -- vlan 30    
              vlan 20
              vlan 30
  Thanks!

  Eric,
       Yes it can.  On the bridges you'll want to define the sub-interfaces for the VLAN that you want to pass.  You only need the one SSID on the bridge to accomplish this, as it is the 'connection' between the bridges.
  So basiclly you need
  int dot11radio 0.10 ( or 1 if you are using the 5GHz to bridge)
  encapsulation dot1q 10
  bridge-group 10
  int dot11radio 0.20
  encapsulation dot1q 20
  bridge-group 20
  int dot11radio 0.30
  encapsulation dot1q 30
  bridge-group 30
  int f0.10
  encapsulation dot1q 10
  bridge-group 10
  int f0.20
  encapsulation dot1q 20
  bridge-group 20
  int f0.30
  encapsulation dot1q 30
  bridge-group 30 int dot11radio 0.10
  encapsulation dot1q 10
  bridge-group 10
  int dot11radio 0.20
  encapsulation dot1q 20
  bridge-group 20
  int dot11radio 0.30
  encapsulation dot1q 30
  bridge-group 30
  int f0.10
  encapsulation dot1q 10
  bridge-group 10
  int f0.20
  encapsulation dot1q 20
  bridge-group 20
  int f0.30
  encapsulation dot1q 30
  bridge-group 30
  Then just make sure your AP are connected to trunk ports allowing vlan 1,10,20,30
  Steve

• Native VLAN over 1300 bridge

  Does the BVI interface work on the native VLAN or always on VLAN1 on a 1300 bridge? If I set a VLAN other than VLAN1 for native will that move the BVI to that VLAN?
  Also, does the native vlan have to match at both ends or does it only have local significance? If I had a point to multipoint bridge link, could one remote bridge be set for a different native vlan than another remote bridge?
  I have a bridge link that carries two data vlan's and a voice vlan. At the remote end I only have a phone connected to the bridge directly and have configured the phone to be on the correct voice vlan but I need the computer to access a vlan other than the native. I know I cannot configure the phone to have the PC use the proper vlan as it just uses what the bridge tells it is the native.
  All network equipment is managed in the vlan1, the native vlan, and user data is on another vlan.
  Seth

  You cannot configure multiple VLANs on repeater access points. Repeater access points support only the native VLAN.

• Multiple VLANs over 1300 series bridges

  Hi
  I am looking to connect a small external building to a main campus building by wireless bridge. The building i want to connect currently has two vlans, can the 1300 series bridges carry multiple vlans over the wireless bridge link? If so can anyone point me towards s document that explains it?
  Many thanks
  Simon

  Hi Simon,
  Yes they can, here is a link, i hope it helps you, look at the "Bridge configuration" title.
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml
  Regards,
  Milton Tizoc.

• Lower than expected 1310 bridge performance

  Hi All,
  We have recently installed an wireless WAN link over 7 km (aproximate 4.5 milles) distance. The towers are sufficent for fresnel and earth bulge and obstacles requirements.
  We have used Cisco Aironet 1310 bridges (one configured as root bridge, the other as non-root bridge). The antennas are 24 dBi from Hyperlink, connected by RP-TNC to N pigtails, also provided by Hyperlink. According the Cisco utilities, the antennas has more than enough gain for the distance, climatic and topographic conditions.
  The alignement of the antennas was made visually (using binoculars) on one side, on the other with precision instruments.
  To select the frequency (the automatic selection works awfuly bad, it establish connection one of three times) we use the Carrier Busy Test on the network interface / Radio 802.11G menu, where we are able to pick the frequency with zero percent (0%) utilization most of the time.
  The problems we experiment are the following:
  - The latency times are very variable. From 1 ms, to 207 ms, to other values. We have used other wireless equipment with more stable performance.
  - There are lost packets frequently, even with the slightest network traffic (2 PC's with terminal service sessions). Supousedly, the link is of 54 Mbps speed, but the quality is very low.
  - At the moment, we are losing connection every couple of minutes. After that the non-root configured bridge stays down and the only way to reestablish connection is by reseting the 1310.
  - I see that the speed changes every time I refresh the IE utility.
  I still havent configured any security, because the awful way the link works.
  What could be the reason for such bad performance?
  Best Regards,
  Igor Sotelo.

  Hi All,
  I have noticed that when the switches have VLAN configured, the latency is very variable. In this particular case, the switches does not have this configuration. I haven't configured VLAN's on the wireless bridges either.
  I will test the link without any switches, it's an good idea. Perhaps there is "something" with the wired network.
  Other than that the specifics are:
  - I have used Belden RG-6 1530A cable that has even higher grade than the Belden 9077 recommended by the manuals.
  - The extension of the cables is around 40 meters (120 foot).
  - We have installed another wireless link in the place, that uses the same frequency, but different polarity. Also we try to separate the channels at least 7 frequencies.
  - The other system is omnidireccional in nature, and it doesn't have excessive gain.
  - On the place where the equipment of both systems coexist, the physical separation between the antennas of the two systems is around 9 foots (3 meters).
  The error messages we get are:
  - On the root bridge:
  Mar 1 00:00:57.238 Information Interface Dot11Radio0, Deauthenticating Station 0017.0ec6.a590 Reason: Previous authentication no longer valid
  Mar 1 00:00:57.237 Warning Packet to client 0017.0ec6.a590 reached max retries, removing the client
  - On the non-root bridge:
  Mar 1 16:19:52.072 Notification Line protocol on Interface Dot11Radio0, changed state to up
  Mar 1 16:19:51.072 Error Interface Dot11Radio0, changed state to up
  Mar 1 16:19:51.071 Warning Interface Dot11Radio0, Associated To AP Central-2 0017.0ec6.a580 [None]
  Mar 1 16:16:00.255 Warning Interface Dot11Radio0, cannot associate: No Response
  Mar 1 16:15:50.397 Notification Line protocol on Interface Dot11Radio0, changed state to down
  Mar 1 16:15:49.398 Error Interface Dot11Radio0, changed state to down
  Mar 1 16:15:49.397 Warning Interface Dot11Radio0, parent lost: Too many retries
  Mar 1 16:14:56.788 Notification Line protocol on Interface Dot11Radio0, changed state to up
  Mar 1 16:14:55.788 Error Interface Dot11Radio0, changed state to up
  Mar 1 16:14:55.788 Warning Interface Dot11Radio0, Associated To AP Central-2 0017.0ec6.a580 [None]
  When we make a reload on any of the bridges the link reestablishes for some time. With this message on the root bridge:
  Mar 1 00:00:44.194 Information Interface Dot11Radio0, Station NONROOTNAME 0017.0ec6.a590 Reassociated KEY_MGMT[NONE]
  Mar 1 00:00:35.456 Notification Line protocol on Interface Dot11Radio0, changed state to up
  I will appreciate any additional help.
  Best Regards,
  Igor Sotelo.

• Aironet 1310 Bridges keep losing connection

  There was a similar thread about this last year and I tried what was listed in there to no avail.  I have 2 Aironet 1310 bridges, one as a route bridge and the second as a non-route with clients.  These worked great for nearly a year, we had no problems keeping the connection up.  They were not connected for the last few months but nothing was changed on the configuration, when I put them back up they reconnected just fine and worked for about an hour, not they randomly disconnect with the same message in the log entries below.  Is there something wrong with them now?  The are using the same antennas as before and are in the same exact locations.
  logs from root bridge
  Nov 29 13:52:53.311: %DOT11-4-MAXRETRIES: Packet to client XXXX.XXXX.XXXX reached max retries, removing the client
  Nov 29 13:52:53.311: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station XXXX.XXXX.XXXX Reason: Previous authentication no longer valid
  Nov 29 13:52:53.568: %DOT11-6-ASSOC: Interface Dot11Radio0, Station Test XXX.XXXX.XXXX Reassociated KEY_MGMT[WPAv2 PSK]
  Nov 29 13:55:16.260: %DOT11-4-MAXRETRIES: Packet to client XXXX.XXXX.XXXX reached max retries, removing the client
  Nov 29 13:55:16.260: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station XXXX.XXXX.XXXX Reason: Previous authentication no longer valid
  Nov 29 13:55:16.550: %DOT11-4-MAXRETRIES: Packet to client XXXX.XXXX.XXXX reached max retries, removing the client
  Nov 29 13:55:16.550: Client XXXX.XXXX.XXXX failed: reached maximum retries
  logs from non-root
  Nov 29 2010 13:52:55: %DOT11-4-UPLINK_DOWN: Interface Dot11Radio0, parent lost: Received deauthenticate (2) not valid
  Nov 29 2010 13:52:55: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down

  I am not at the remote location any more, but the route bridge had a signal of -78 dB and a SNR of -22 dB.  The non-route has -77dB for signal and a SNR of -22 dB.  The location has line of sight, over water with nothing in the way. 
  Since I last posted I changed the fragmentation and RTS thresholds back to default from 4000 and it has been up for 24 hours now.  I am hoping that it has made the difference.

• 1310 Bridge-Building to Building advice.

  I am looking at implementing building to building wireless using Cisco 1310 bridges. This would be a backup link between the 2 buildings. The primary link is 3 T-1's. There are about 250 users connecting back here for application and internet. I am assuming that since the speed over the wireless is more than the existing T-1's that there shouldn't be a problem with latency. Am I missing anything with my thinking?
  Thanks

  Hey there,
  If you use a BR1310 to cover 3 T1s you should be fine.
  The BR1310 can get up to 54mbs (28mbs in reality due the the nature of half duplex devices such as these bridges).So even with less than ideal signal quality and strength you should have no problem getting that kind of throughput.Ideal links get in the low to mid 20s.
  Hope this helps.
  Regards,
  Aaron

• Configuration of a Point to MultiPoint link with Cisco Aironet 1310 bridges

  Hi All,
  The previous problem of which I started another conversation here:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddba023
  somehow dissapeared. It could have been a problem of interferences.
  I have another issue with other (multipoint) wireless WAN link, which I hope has a solution.
  On the central node, we have an Cisco Aironet 1310 bridge configured as root-bridge. It has a panel of four vertical polarity 17 dBi panel 90? antennas, with more than enough gain (there is a 250 mWatts 802.11 b/g amplifier, before the 4-way splitter) and excellent line of sight to three remote bridges.
  The three (03) remote bridges are also Aironet 1310 models, confidured as non-root-bridges.
  The problem we have is that it seems that when the three remote links operate concurrently the amount of lost packets is huge. When I shutdown the radio interfaces of two bridges, the remaining bridge makes an excellent link with the central node.
  It seems that some hours are more critical than others, also the links operate much worse when there is some (small) network traffic in them.
  I have read the 1310 manuals, and I can't find a sample configuration for point to multi-point links.
  Does someone knows what radio interface configuration should I need to use to establish better quality communication?
  I mean, perhaps the 1 x root - 3 x no root configuration is not recommendable for the multipoint link configuration.
  Any hints will be welcome.
  Best Regards,
  Igor Sotelo.

  Hi All,
  Thank you for the information. I configured the distance on the root bridges, but the links showed instability.
  I'm using a bi-directional amplifier. It has two pieces. According to the manuals, one is installed indoors, the other outdoors. I'm not sure if the indoors piece has the transmition module or it's only the injector.
  We could establish connection at 7 km (around 4 milles) distance from the central point, using 24 dBi antennas on the other side.
  However, we have issues with a near located point that is only 1.2 Km (around 0.8 milles) away and has a 13 dBi integrated patch antenna. The signal strenght value we get there is in the -62 to -68 dBm range, and is noticiably (5-10 dBm) lower than the strenght we get at other points of the link. And I have trouble establishing a high quality link with that point, using OFDM modulation. I tend to think that if I remove the amplifier I'm not going to reach that point at all. The EIRP on the central iste is 34 dBm / 2.5 watts, without amplifier it would be 26 dBm / 0.4 watts.
  On the opposite sites the EIRP is 33 dBm / 2 watts using CCK or 28 dBm / 0.63 watts using OFDM.
  When one looks at the central site from that point, an Motorola Canopy with passive reflector (EIRP 48 dBm or around 64 watts) can be seen. It doesn't have the same direction, but the opposite site must be large distance and could interfere with my wireless network. Attached is an amplified photo of the view. It's safe to assume that the Canopy operates in the 2.4 GHz frequency range.
  Once I connect the point at 1.2 Km, the multipoint link loses its quality, and soon the lost packets get too frequent.
  The CCK seems to be much more interfered than OFDM, I guess because of that canopies.
  Another thing I'm wondering about is if the Aironet 1310 can continuosly switch CCK-OFDM over the same point - multipoint link, without losing packets.
  What other parameters should I tweak? Is there a way to avoid interferences fromt the canopy?
  I would like to apply 100 mWatts local power using the radio with OFDM, but it seems that's not possible.
  Best Regards,
  Igor Sotelo.

• Can't create VLAN's with Cisco Network Assistant

  Hello everyone
  I have a problem with my newest Switch, a WS-C2960X-48TS-L
  Normaly I can programm all my Switches with Cisco Network Assistant. But now I have a problem with creating VLAN's. I can create them, safe them but after a refresh, all the new VLAN's are gone!
  I updated the CNA to the newest Build 6.0 and updated the Switch to 15.2(2)E, but nothing helps!
  Over the CLI I can do everything, but this is not a option for me! To programm sometimes a switch CNA is perfect for me! If it works!!
  Thanks 
  Tobi

  yes I can programm the vlan's over CLI. That's works. I have not tested this if its really works, but the VLAN's are programmed.
  hmm I checked the STP / VTP settings with a second identical Switch, but there are no differents. Made a backup of one Switch and restore on the other One, but I'm still not able to create VLAN's.
  however, I contacted my vendor today, he tell me that it shouldt be a problem to take back the switch. 
  Best regards
  Tobi

• Help create VLAN for home use.

  I use Cisco switch SG300 and SG200 series. I set my home network as attach picture.
  I want set up VLAN with these condition
  1.Every port can connect to internet through ADSL router.
  2.VLAN10( Home alarm and IP camera ) can access by internat, connect by access point and PC file server
  3.Every port can connect the PC file server
  I am new for network and fail to try setup myself and not understand static route.
  Thank you.
  Jarey
  [email protected]

  Hi Jarey,
  Are you sure you want to do this on the switch as opposed to the router? Are you going to use static IP addresses for the vlans or do you want your router to issue DHCP?
  To proceed, using the switch for inter-vlan routing, make sure the SG300 is in layer 3 mode.
  1. If you are currently in layer 2 mode, open a CLI connection and issue command:
  set system mode router
  Take note that this will delete your current config and the switch will reboot.
  2.  Create the vlans on your switch under VLAN Management -> create vlan
  3. Go to IP Configuration -> ipv4 interface and assign each vlan a static IP for the switch in the subnet for the new vlan
  4. Vlan Management -> Interface settings. I would leave all the ports as trunk ports, or change the ports to trunk if you have previously changed them.
  5. Vlan Management -> Port VLAN membership. Assign your vlans to the appropriate ports.
  6. When everything is all plugged in, you should be able to see the switch created static routes for you already under IP Configuration -> IPV4 static routes. Make sure all your subnets are there and are showing route type local
  7. You may need to add a route such as 0.0.0.0 with the next hop being your router
  At this point, you should be up and running, with all vlans connected to each other and to the internet.
  If you want to restrict access across the vlans, you'll have to create access control lists.
  You need to first create an ACL (Access control -> IPV4 based ACL) and give it a name. then go over to IPV4 based ACE where you put the actual access control rules.
  This is a sample set of rules I made, it will block all access between two subnets (each vlan you created above will have to be its own subnet) and allow certain traffic such as 3389 - remote desktop, etc. You'll need to customize based upon your needs and subnet IPs. So for ex, to allow the Xboxes to access the file server, rather than any - any, you put the xbox subnet or specific IPs as the source, the file server as the destination, and the ports used as source ports. Remember to make the converse of the rule as well.
  Then, go to Access Control -> ACL bindings and bind the access control list to the applicable ports.
  Hope that helps, good luck with your set up.
  Best,
  David
  Please remember to rate helpful posts and identify correct answers.

• 1310 Bridge Firmware and Console Troubles

  A few days ago, we lost the Ethernet connection to one of our 1310 Bridges. Restarting the unit restored access for a short time. A technician tried to reload the IOS over the console port and set the speed to 115200, and then lost the ability to communicate with the device. I have tried to console into the device using every speed from 110 to 921600, but cannot establish a connection. Also, the LEDs are showing a firmware load error (red, amber, red). Is this device bricked, or is there a way to recover it?
  Thanks in advance.

  You'll have to try password-recovery process. Here's the link:
  https://www.cisco.com/en/US/products/hw/wireless/ps430/products_password_recovery09186a00800949d0.shtml#ca_1310_ser

• Vlans over wan

  Is it possible to run a vlan over a wan link on my router ?

  Yes, but don't do it......
  There shouldn't be any reason for you to 'Bridge' over the WAN. Use Layer-3 and route your traffic.
  Andy

• Trying to create a Photomerge in Bridge, when the files open in Photoshop ( small jegs ) , I get a error message of " Unable to process latte files " / " null is not an object "

  Trying to create a Photomerge in Bridge, when the files open in Photoshop ( small jegs ) , I get a error message of " Unable to process latte files " / " null is not an object "
  Please help

  Wait a second, Photoshop can make lattes now?  Personally I prefer my coffee black, but man have I been under-utilizing this program.

• 1310 Bridge loses connection

  I work at a college campus where we have a couple of 1310 bridges between our main campus and a group of apartment buildings that we own 3 blocks down the road. One 1310 bridge is in our bell tower and the other is in one of the apartments. The other apartments have 1240 AG access points. The problem I am having is that periodically the remote apartments will loose their network connection. Originally I thought it was a problem with the remote bridge because rebooting the bridge at the remote apartment would bring the connection back up. I recently discovered that I could bring the remote location back up by rebooting the bridge in the belltower. At first we could go a couple of weeks before the link would go down now it seems to be happening much more frequently.
  Any help in troubleshooting this would be appreciated.
  Thanks.
  Jeff

  You might want to post carrier busy test results for both ends as well as signal strength readings for both ends. If memory serves you'll need commands like (check my syntax):
  dot11 dot11 0 carrier busy (assuming 802.11g)
  and
  show dot11 ass X.X.X (X.X.X = remote end mac)