HREAP VLAN ID CHanges
Hello,
I have noticed on a few different occasions that the VLAN ID under VLAN mappings on our APs is changing for some reason when an AP loses connectivity to its primary controller and then reassociates. For instance, at one particular site we have several APs that have their native VLAN set to 97. Then under the VLAN mappings on the AP we have a VLAN 20 ID for our production wireless and a VLAN 998 ID for our guest wireless. When any of these APs lose connectivity to the controller and then reassociates the VLAN ID for guest changes to 99. But VLAN ID 20 does not change. 99 is the VLAN identifier for our controller management interface. All of these APs are running in HREAP local switching mode. Any insight on why the VLAN ID changes would be appreciated.
Thanks!
There are a couple major differences for the primary and secondary controllers. First, the management VLAN identifier on the management interface is a different number on each of the controllers. The primary controller is 99 where as the secondary is 97. Second, the primary controller guest WLAN is using HREAP local switching. The secondary controller guest WLAN is using local mode.
Similar Messages
-
wlc 5508 code 7.0.220.0
AIR-CAP3502E-N-K9
ap mode: hreap
vlan mapping native 30
vlan ssid x 310.
each time that for what ever reason my access point goes down(not that my access point resets by itself, if i have to move it), the setting in the vlan mapping resets to whatever my native vlan is, in this case 30
that is native vlan 30
ssid x vlan 30
any idea.it could be
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtw92394&from=summary
but it is marked Unreproduceable. You might try upgrading to the latest 7.2 code if you don't have 'legacy' AP.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-fareast-language:EN-US;}
Hi,
I've searched around to see if someone else has experienced the same issue regarding HREAP AP's losing their VLAN mappings; however I could not find any related topics.
Scenario
I've got a 5508 WLC running ver 7.0 with local VLANs assigned as follow:
VLAN 241 - Data Users
VLAN 253 - Voice Users
The HREAP AP's (Cisco 1242AG) running at the remote branches is mapped to the following:
VLAN 2 - Data Users
VLAN 253 - Voice
The Problem...
HREAP works perfect; users get the local DHCP addresses at the branch office and have no issues with connectivity. Once and a while some of the HREAP AP's will lose the VLAN mapping I've assigned to them. In this case I've mapped VLAN 2 to the SSID for the Data Users, I will get complaints that users can't connect to the network when I go check the HREAP AP's VLAN mapping it defaulted back to VLAN 241 (the same VLAN the local AP's at head office use for the same SSID). Of course with the Voice SSID I don't have this problem as it's using the same VLAN ID as head office.
Once I've corrected the mapping everything works perfect.
Why...
I just want to know why this happens, I've rebooted the AP's to see if they retain the mappings and they did. I've seen in the HREAP design deployment that it is preferred to use the same VLAN ID's of the head office where the WLC is located as for the same to the branch offices where the HREAP AP's are located.
I can see why as this will resolve my problem, however this network was designed without the knowledge of HREAP being deployed to the remote sites and I would like to minimize change from a LAN perspective.
Will this be my only solution by standardizing the branch office VLAN ID's the same as the head office network or should I be able to use different VLAN ID's for the branch offices?
Thanks for your time reading this and for your input. If you know any discussion regarding this, please add the url.
Regards
JurgensHi,
I'm having the same problem. And I have two WLCs (WISM) with 7.0.220 version.
I think because of this BUG: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtw92394&from=summary
Anyone knows how can I solve this problem?
I Have 42 HREAP APs, and when I have some link problem on the remote Branch and the AP lose for a few seconds Connectivity to the 1º Controller its loses the VLAN Mappings (all turned to the Native VLAN). -
FlexConnect VLAN assignment changes by itself
About a year ago I changed the VLAN assignment of a WLAN for LWAPs in a particular AP Group. The LWAPs in this group are in 5 different locations. All LWAPs are joined to the same controller Ocassionally I'll get a call saying this WLAN isn't working and when I investigate the issue, I notice that the VLAN assignment has changed. I change the VLAN assignment and the WLAN works again. This seems to happen about every 3 months or so. Whats odd is that it doesn't happen to all of the LWAPs in the AP Group. It seems to only affect the LWAPs at one site or the other at a time. Any clues on what could be causing this behavior?
1142LAPs
software version 7.3.101.0
5508WLC
software version 7.3.101.0
Cisco Prime Infrastructure
software version 1.2 (1.2.0.103)We can create a command -line to set the WLAN to VLAN mapping and create .Or we can create a script that also uses CLI and simply paste the commands to all AP's.We can check the AP connectivity statistics by looking at the monitor AP.
For FlexConnect access points, the interface mapping at the controller for WLANs configured for FlexConnect local switching is inherited at the access point as the default VLAN tagging. This can be easily changed per SSID and per FlexConnect access point. Non-FlexConnect access points tunnel all traffic back to the controller, and VLAN tagging is dictated by each interface mapping of the WLAN
By default, a VLAN is not enabled on the FlexConnect access point. When FlexConnect is enabled, the access point inherits the VLAN ID associated to the WLAN. This configuration is saved in the access point and received after the successful join response.
By default, the native VLAN is 1. One native VLAN must be configured per FlexConnect access point in a VLAN-enabled domain. Otherwise, the access point cannot send and receive packets to and from the controller. When the client is assigned a VLAN from the RADIUS server, that VLAN is associated to the locally switched WLAN. -
Why Management VLAN suddenly changed to default VLAN1?
The problem is certain vlan management on certain switches will suddenly changed to default vlan. Does this have anything to do with configuration because i am sure that the configuration is quite simple.
Thanks.Hello
Some switch models only allow 1 L3 interface per switch
If you try to create an addtional SVI it will delete the previous one
Is this what you are querying?
res
Paul -
When/how does VTP issue vlan config changes?
Hi,
On my VTP server switch I renamed a vlan. Does this change automatically get sent out after a set period of time or am I supposed to enter a command myself?
ThanksAccording to:
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml
Subset Advertisements
When you add, delete, or change a VLAN in a Catalyst, the server Catalyst where the changes were made increments the configuration revision and issues a summary advertisement, followed by one or several subset advertisements. A subset advertisement contains a list of VLAN information. If there are several VLANs, more than one subset advertisement may be required to advertise them all. -
For no apparent reason hreap access point loses it vlan configuration in vlan mapping. Has anyonr see this?
Enter the Detail page of the desired access point, select the H REAP tag again, and click VLAN Mapping in order to configure the 802.1Q tagging per locally switched WLAN.
-
Tcl script to change access vlan based on MAC address
Hello all. I'm looking for some input on how best to handle this situation. I have a large nework with a lot of remote offices where we have limited control over users moving around patch cables. We're using vlan-based QoS in these office to mark voice, video, data. etc. The problem I'm having is that our users are moving video conferencing equipment to different interfaces on our swithes, which puts the VTC unit in a different vlan, fouling our QoS policy. They then call and complain about poor video quality.
I'm trying to come up with a way to automate putting the interface in the video vlan if a VTC unit is connected. All of our video conferencing units are from the same vendor, so they have same OUI in the MAC address. The script I've been working on looks for a line protocol up event, then checks to see what access vlan is configured on the interface. If the interface is already in the video vlan, the script exits. if the interface is not in the video vlan, the script looks at the MAC address table for the interface and if the OUI matches a VTC unit, the script changes interface configuration. My question is, is there a better event to trigger script execution? Maybe a MAC notification trap, or something else? Line protocol transitions when the access vlan is changed, so the current script runs twice: once when the interface first comes up with a new connection, and again when the vlan is changed.
Script is attached. Any help or advice is appreciated!Does your video equipment use CDP? If so, then you can use the neighbor-discovery event detector to only react when you see a media endpoint being connected to a port. Yes, MAC address notifications (the mat ED) can also work if you know the MACs of your media endpoints.
-
Is there a good reason to change the default native vlan 1 between two 802.1Q trunks? And is there a rule regarding best practices? thanks.
With 802.1q trunking, the only significance of the native vlan is the fact that it is not tagged. Most administrators default to vlan 1, but others vary.
It's discussed in the best practices document, but there's no specific best practice for Native Vlan, as changing it does not have any bearing on network performance or stability. It does talk about the significance of Vlan 1, which may be of interest.
http://www.cisco.com/en/US/customer/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml
HTH,
Bobby -
Jumpstarting changes with U6: VLAN tagged interfaces and sysidcfg
Hello,
I've been banging my head on U6 for a few days and finally have to give up and cry for help. I can no longer build a jumpstarted server which ends up on a separate VLAN tagged LAN after first reboot.
I have an existing U5 SPARC jumpstart environment setup. We use VLAN tagging a lot in our environments and by default the only time a non VLAN tagged interface is used is during jumpstart. With the existing jumpstart we are using the following profiles:
root_password=mypassword
security_policy=NONE
timezone=GB
timeserver=localhost
terminal=vt100
network_interface=none {hostname=hostname}
system_locale=en_GB
name_service=NONE
system_locale=CIn the U5 profile we let the jumpstart server obtain its network configuration via DHCP and then obtain the profile above, which excludes all network settings. All the network settings were added as part of a finish script. This worked fine with U5. As far as I can see, with U6 at the point where the sysidcfg is first evaluated it removes the network settings and obviously then kills the jumpstart. So I have had to try a different approach. I have tried both of the following:
network_interface=PRIMARY { default_route=none protocol_ipv6=no}
network_interface=PRIMARY { dhcp default_route=none protocol_ipv6=no}However, using either of these causes the ce0, bge0 or whatever to remain defined, instead of the ce200000 and ce206000 interfaces that I have explcitly defined in hostname.ce200000 separately. I also get a number of arp errors on initial reboot, such as
Nov 20 20:27:29 unknown ip: ip_arp_done: init failed
Nov 20 20:27:29 unknown /sbin/dhcpagent[44]: configure_v4_lease: cannot set interface flags for ce0: Cannot assign requested addressI don't know if I am barking up the wrong tree but I believe I need to get the server on initial boot (or during finish) to reevaluate a different sysidcfg file. Alternatively, it might need some combination of presence/absence of /reconfigure or /etc/.UNCONFIGURED. I think I might also need to stop /sbin/netstrategy return dhcp specific results (I only use DHCP for jumpstart booting and not for normal boot), but I have no idea how to do that...
# /sbin/netstrategy
ufs ce0 dhcpAny help much appreciated!
thanks
PaulPaul,
I don't want to suggest that I understand your problem but have you seen the comments about tagged vlans on the Opensolaris LDoms forum?
Near the bottom of thread [Solaris 10 10/08 (update 6)|http://www.opensolaris.org/jive/thread.jspa?threadID=81505&tstart=0] there is some discussion of tagged vlan support changes with U6.
It sounds like tagged vlans are going to be a problem with U6.
have a good weekend,
Glen -
Hi Guy,
In my ISE deployment, once the guest succcesful authenticated will be assign guest VLAN for internet access.
we are using guest portal to do the vlan override once user authenticated.
Window 7 Internet explorer (Active X), Chrome (Java Aplet) is working fine.
but Android,Apple IOS devices unable to release the DHCP and get new DHCP.
because from ISE and WLC we can see the Vlan have change, how mobile devices initiate dhcp release for Guest Portal
Kindly advice.
Regards
FreemenI don't have such documentation nor I could find any on Cisco's site. With that being said, it doesn't mean that it doesn't exist. I just know that Active X is windows specific framework and Java is not supported on either iOS nor Android:
http://www.java.com/en/download/faq/java_mobile.xml
The good news is that Cisco appears to be steering away from Java so it is possible that in the future this will be supported.
Hope this helps!
Thank you for rating helpful posts! -
Changing WPA Username and Password
Hi Guys,
I am quite new to Wireless. would appriciate any help on this issue.
I am using a 891w as autonomous AP. I got some basic config from support forum.. Once configuration was done, i could see the SSID; but it was asking for username which i could not figure out. Here is the config below.
hostname ap
no aaa new-model
dot11 syslog
dot11 ssid WirelessNetwork
vlan 1
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 cisco
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
encryption mode ciphers aes-ccm
broadcast-key vlan 1 change 30
ssid WirelessNetwork
antenna gain 0
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
encryption mode ciphers aes-ccm
broadcast-key vlan 1 change 30
ssid Wirelessnetwork
antenna gain 0
dfs band 3 block
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache
cns dhcp
end
Please help me change the username and password for the SSID.
I hope in the able example the password is cisco.
Thanks you.Hi,
This should be asking you only the password not the username as you have confired with wpa-psk. What client device are you testing this with? If this is wondows machine please choose your sececurity as WPA-Personal on the wireless profile and then it would asked for the Security Key..You will have to enter your password there. The password from the configuration i can see it as cisco.
wpa-psk ascii 7 cisco
Hope thats helos,
Regards
Najaf
Please rate when applicable or helpful !!! -
Cisco 877W Dual SSID/VLAN Security Issue
Hi All
I have an issue with my 877W that is as fascinating as it is frustrating. I have two SSIDs/VLANs, one for trusted LAN users (PRIVATE), and one for guests (GUEST). The PRIVATE network is secured from the GUEST nework by zone based firewall. Everything works fine, guest devices cannot access private devices, except for one thing - the BVI interface on the PRIVATE network is always accessible to guest devices, and all services open to attack eg telnet/ssh/http/dns etc. I've tried everything to secure this interface from the guest network, including putting deny any any on physical, BVI and VLAN interfaces
Am I missing something obvious, or some fundamental architecture of the 877 that would stop this interface being secured? Any help aprreciated!
P.S config has been pared down to basics below
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ROUTER
boot-start-marker
boot-end-marker
logging buffered 4096
enable secret 5 $1$BdpF$r/mAhQGYs8LBlqEpANmke0
no aaa new-model
dot11 syslog
dot11 ssid PRIVATE@123
vlan 100
authentication open
authentication key-management wpa
wpa-psk ascii 7 046B0A535A15441D2D0C11141A5A5F
dot11 ssid VISITOR@123
vlan 200
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 03374C0A08392040420C00
ip source-route
no ip dhcp conflict logging
ip dhcp excluded-address 172.16.1.1 172.16.1.10
ip dhcp excluded-address 192.168.0.1 192.168.0.10
ip dhcp pool GUEST
utilization mark low 70 log
network 172.16.1.0 255.255.255.0
dns-server 192.168.0.1 61.9.242.33 61.9.226.33
default-router 172.16.1.1
ip dhcp pool PRIVATE
utilization mark low 70 log
network 192.168.0.0 255.255.255.0
dns-server 192.168.0.1 61.9.242.33 61.9.226.33
default-router 192.168.0.1
ip cef
no ipv6 cef
multilink bundle-name authenticated
username cisco privilege 15 password 7 073F205F5D1E491713
policy-map type inspect PM-DENYGUEST
class class-default
drop
zone security GUEST
zone security PRIVATE
zone-pair security GUEST-TO-PRIVATE source GUEST destination PRIVATE
service-policy type inspect PM-DENYGUEST
bridge irb
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
interface FastEthernet0
no ip address
interface FastEthernet1
switchport access vlan 100
no ip address
interface FastEthernet2
switchport access vlan 100
no ip address
interface FastEthernet3
no ip address
interface Dot11Radio0
no ip address
encryption vlan 100 mode ciphers aes-ccm
encryption vlan 200 mode ciphers aes-ccm
broadcast-key vlan 100 change 30
broadcast-key vlan 200 change 30
ssid PRIVATE@123
ssid VISITOR@123
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio0.100
encapsulation dot1Q 100 native
zone-member security PRIVATE
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.200
encapsulation dot1Q 200
zone-member security GUEST
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Vlan1
no ip address
interface Vlan100
no ip address
bridge-group 1
interface Vlan200
no ip address
bridge-group 2
interface Dialer0
ip address negotiated
ip access-group 101 out
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname [email protected]
ppp chap password 7 10580A4F1C4005005B
interface BVI1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security PRIVATE
interface BVI2
ip address 172.16.1.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
zone-member security GUEST
ip forward-protocol nd
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
logging trap debugging
logging 192.168.0.11
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
line con 0
exec-timeout 5 0
no modem enable
transport output all
line aux 0
exec-timeout 0 1
no exec
transport output none
line vty 0 4
exec-timeout 5 0
login local
transport input telnet ssh
transport output none
endIgnore that. self zone got me. Argh! phew!
-
Management ip address on a different vlan/bridge
We have several standalone AP's. On our switches we have a data and a guest vlan. Perviously on Aironet AP I configured the ethernet interface with 802.1q trunking and I configure a subinterface with its management ip address. This all worked perfectly.
No we bought some new one's (SAP2602) which has ios v15.2 (the old ones still have 14.3) and I applied the same config (changed the ip address and hostname of course), but the ip management of the AP does not work (Wireless clients works good, so no problem with 802.1q)
COnfig (so both on old and new):
bridge irb
Interface GigabitEthernet0
no ip address
no ip route-cache
duplex full
speed 100
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.90
encapsulation dot1Q 90
no ip route-cache
bridge-group 90
no bridge-group 90 source-learning
bridge-group 90 spanning-disabled
interface GigabitEthernet0.104
encapsulation dot1Q 104
ip address 10.104.70.1 255.255.0.0
no ip route-cache
bridge-group 104
no bridge-group 104 source-learning
bridge-group 104 spanning-disabled
interface BVI1
ip address dhcp client-id GigabitEthernet0
no ip route-cache
ip default-gateway 10.104.1.1
Any ideas what's changed between new and old IOS or AP? (I only noticed that in the new AP the command "no ip route-cache") is not enabled anymore.I'd suggest to define vlan114 as native vlan and change the bridge group to 1
interface GigabitEthernet0.104
encapsulation dot1Q 104 native
bridge-group1
Remember to configure the trunk port the ap is connected as native vlan 104.
Normally the ip address is configured under bvi interface,if still no change you can try it.
That should work.
Regards -
Quesiton about PVID , SA520, Native VLAN
Is PVID the same thing as "native vlan"? Can the native VLAN be changed on a SA520? Currently I believe it to be 1, I'd like to change the native VLAN to 10.
I have a scenario where I have a prexisting production LAN of 192.168.1.0/24 . It's a small organization (a church), but they purchased 3 Aironet 1130ag units. They want to have a "private" WLAN that is part of 192.168.1.0/24 , and a guest WLAN of a different subnet (I chose 192.168.20.0/24) . The two should never meet. There will likely never be a guest computer connected via ethernet. Guest computers would always have to connect wirelessly.
I accomplished this to a point.
I left VLAN 1 on the SA520 192.168.75.0/24 subnet as default.I created a VLAN 10 , 192.168.1.0/24 subnet, and I created a VLAN 20, 192.168.20.0/24 subnet.
VLAN Recap:
VLAN 1 , 192.168.75.0/24
VLAN 10, 192.168.1.0/24
VLLAN 20, 192.168.20.0/34
Ports 1-3 of the SA520 are members of VLAN 1, 10, and 20 (cannot remove membership of VLAN1, which is pretty annoying).
The Aironets have been configured correctly.
SSID: Priv is part of VLAN 10
SSID: Pub is part of VLAN 20
Both are secured by WPA, and when I connect, the proper DHCP subnet passes from the firewall through to the wireless client, for each respective SSID.
Ultimately, I'd like the SBS 2003 server to handle DHCP for VLAN 10, and have the SA520 handle DHCP for VLAN 20, but i'll take what I can get.
Here's my challenge:
The original production LAN is connected via an unmanged switch.
I'd like to trunk the unmanaged switch to Port 4 on the SA520. However, since the PVID (native vlan?) of SA520 is 1, and I cannot make Port 4 on the SA520 ony a member of VLAN 10, then anything traffic coming from the unanaged switch will automatically be tagged with VLAN1, correct? Thus causing the already existing production network to start receiving DHCP from the firewall in the 192.168.75.0/24 range.
Any ideas or help on the above?
What I would do if I had a managed switch on the production LAN:
If I had a managed switch on the production LAN, what I think I would do is make one port a trunk port, connect that port to Port 4 on the SA520, then make all the rest of the ports on the managed switch access ports, and members of VLAN 10. Am I on the right track there?
Hiccups when setting up the WAP:
I would have changed the VLAN 1 on SA520 to 192.168.1.0/24 subnet, and only created a second subnet, but there was a challenge with that and the WAP's.
Cannot change the VLAN the dot11radio0 is a part of. There's not encapsulation command.
Could not broadcast the SSID's successfully and secure via WPA unless the SSID's were on VLAN's other than 1. The dot11radio0 would go into a "reset" state.
Could change the VLAN subinterfaces of dot11radio0 were on, for example dot11radio0.10 is a member of VLAN 10. Dot11radio0.20 is a member of VLAN2.
In any event, it's working, but the rest of the infrastructure is the challenge.
Here's one of my WAP configs as an example:
Building configuration...
Current configuration : 2737 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname WAP2
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
no aaa new-model
no ip domain lookup
dot11 syslog
dot11 ssid CASPRIV
vlan 10
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 107E1B101345425A5D4769
dot11 ssid CASPUB
vlan 20
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 132616013B19066968
username Cisco password 7 0802455D0A16
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 20 mode ciphers aes-ccm
encryption vlan 10 mode ciphers aes-ccm
ssid CASPRIV
ssid CASPUB
mbssid
channel 6
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.10
encapsulation dot1Q 10
ip address 192.168.1.5 255.255.255.0
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
ip address 192.168.20.3 255.255.255.0
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption mode ciphers aes-ccm
ssid CASPRIV
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface BVI1
no ip address
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
login localHello Paul,
You have a lot going on here so forgive me if I miss something.
PVID is for Primary/Port Vlan ID. It is used to identify the vlan on a port and can be used to change the native vlan of a port. You can change the PVID on port 4 of the SA520 to be vlan 10 if you need to.
The simplest setup would be for you to have your private network all be on the native vlan 1 and set your guest to be on another vlan. All of this would be possible without any problem on the SA520. Unfortunately I do not have much experience with the Aironet APs but they should allow you to continue this configuration onto the wireless network. For assistance with the Aironet APs I would have to refer you to someone more familiar.
I do hope this helps with setting your network.
Maybe you are looking for
-
Before reaching the high unit, 'End of file reached' error pops up.
Following is the <distributed-scheme> of my cache server. <distributed-scheme> <scheme-name>dom-dist</scheme-name> <service-name>DOM-CACHE</service-name> <backup-count>1</backup-count> <backing-map-scheme> <overflow-scheme> <scheme-name>dom-overflow<
-
I am creating Distributed App outside the Mac App Store on Mac osX 10.9.5 with XCode 6. I have used Developer ID Application certificate, custom Framework which was Developed by me. I have signed this framework with same Developer ID Application cert
-
Upgraded to new version of os 10.3.1.1779 - I did't connect Internet
Hi I'm using BlackBerry z10 I upgraded to new version of os 10.3.1.1779 but now also I did't connect Internet with sbi anywhere, Paytm link Wt to do for this kind of problem. Kindly anyone help me Mod Edit: Edited post to new Topic title
-
Mainstage & Logic Crash On Leopard 10.5.2....
I have discussed with many Leopard user lately... This is what I heard from them 1. with 10.5.1 and Mainstage 1.0.2 I had a pretty **** solid setup, since the 10.5.2 update I'm getting crazy cpu spikes all over the place and its basically feeling a l
-
Podcast library non-functional since upgrade
Hi, Seven days ago, I updated iTunes. For two days(Sunday and Monday), iTunes would not start, saying it could not find my library (which is on an external hard drive). On Wednesday, it found my library, but not my podcasts. On Thursday, it found my