Native VLAN over 1300 bridge
Does the BVI interface work on the native VLAN or always on VLAN1 on a 1300 bridge? If I set a VLAN other than VLAN1 for native will that move the BVI to that VLAN?
Also, does the native vlan have to match at both ends or does it only have local significance? If I had a point to multipoint bridge link, could one remote bridge be set for a different native vlan than another remote bridge?
I have a bridge link that carries two data vlan's and a voice vlan. At the remote end I only have a phone connected to the bridge directly and have configured the phone to be on the correct voice vlan but I need the computer to access a vlan other than the native. I know I cannot configure the phone to have the PC use the proper vlan as it just uses what the bridge tells it is the native.
All network equipment is managed in the vlan1, the native vlan, and user data is on another vlan.
Seth
You cannot configure multiple VLANs on repeater access points. Repeater access points support only the native VLAN.
Similar Messages
-
Multiple VLANs over 1300 series bridges
Hi
I am looking to connect a small external building to a main campus building by wireless bridge. The building i want to connect currently has two vlans, can the 1300 series bridges carry multiple vlans over the wireless bridge link? If so can anyone point me towards s document that explains it?
Many thanks
SimonHi Simon,
Yes they can, here is a link, i hope it helps you, look at the "Bridge configuration" title.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml
Regards,
Milton Tizoc. -
Vlan over wireless bridge with internet sharing?
Hi Community, my first post here, hoping somebody may be able to advise...
I live on a farm which is too far for broadband but fortunately I also have an office in a nearby town and because I have line of sight I have setup a wireless bridge, this gives me 8 MBits which is wonderful. Some of my equipment, for example a NAS is on the farm, and I need to access them from the office via the wireless link and I occasinally use vnc to access my office desktop from the farm. This all works beautifully.
Ok. now I want to share my internet with my neighbor on the farm, who, in a strange twist also rents an office next to mine downtown, so I would like to give him access to the internet and to his equipment he has there too.. but I don't want him to be able to access my equipment and visa versa I don't want to see his stuff...
This sounds like a job for port based VLAN.. and so what I bought is two Linksys/Cisco SLM2005 layer2 switches in the hope that this would allow me to do what I want... but I'm not so sure now. In the office I use a draytek v2910 which has a vlan feature that allows me to separate the ports from each other, only giving them internet access.
So... if I connect these two switches to each other, and I create a VLAN with the same id on each of the switches, will the corresponding vlans be shared, so, if you assume the following hardware setup:
farm: slm2005 switch
port 1 -> wireless bridge to office: member of vlan "2", "3"
port 2 -> access point A for neighbor: member of vlan "2"
port 3 -> my own access point B: member of vlan "3"
office: slm2005 switch
port 1 -> wireless bridge to farm: member of vlan "2", "3"
port 2 -> access point C for neighbor: member of vlan "2"
port 3 -> my access point for office D: member of vlan "3"
port 4 -> router port 1: member of vlan "2"
port 5 -> router port 2: member of vlan "3"
the router (draytek v2910) is configured in such a way to separate port 1 and port 2 (otherwise there would be a loop...)
The idea here is to create a vlan "2" for my neighbor and "3" for myself. but what's the correct way to consider the wireless bridge inbeetween (in fact, I think the same problem would occur if I just connected the two switches with a cable (if i had a 2 mile long one..)...)
Will my neighbor be able to see both access points "A" and "C" and the internet, but not be my access points "B" and "D"? Or does this whole concept of VLAN over bridge not work like this, or not at all?
Thanks in advance for any advice,
AndresHi Andreas,
you're not far from it.
Your whole concept is ok. What you just need is on the gateway of each subnet (I would presume it's the router in the office) to create an access list preventing to route between vlan 2 and 3.
On all other devices, traffic can't jump between vlans. But on a routing device that has the Vlan layer3 interfaces, traffic is routed between vlans so that's where you need to prevent it.
With regards to vlans over wireless, you're also having the good concept. The point is to have only 1 ssid, that will be in a certain vlan, but also bridging the other vlans onto that ssid.
This doc should help you out :
http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr
HTH,
Nicolas
Thanks to rank the answer if you see it as useful ! -
How can i create Differents VLANs on 1310 Root bridge and pass the VLAN info to the non root bridge wirelessly.
Currently my switch ports are configured as access port for the bridges and if i make the port a trunk port; siwtch connected to the non root bridge stops communicating. Any help will be appreciated.
Thanks,
OsmanCheck out this link:
http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_7_JA/configuration/guide/b37vlan.html -
VoIP and Data over 1300 Bridge
I have a customer who wants to link 5 out buildings back to the main network. I have proposed using the new 1300 series bridges and have already verified clear line of site from the root location to all remotes.
The customer wants to run VoIP and data on the links. They expect about 3 phones and 3 computers at each location. Each location will have a 3500 series switch powering the 7940 phones.
Is there a maximum number for running the VoIP of a multipoing bridge setup?
I know I will need to setup QoS on the bridges. I just cannot find any documentation to support this setup.
SethThsi document should help explain the Quality requirements for Wireless devices,
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00802091be.html -
VLAN Over Remote Bridges (1240AG)
Hi,
I've an AP connecting to the backbone switch via 2 wireless bridge links as shown below. Currently, it is operating as flat lan.
Would like to know if it can be coverted to vlan mode so that I can support wireless clients of different vlans at the remote end?
Switch ----------- 1240AG--------------------/-----------------1240AG--------------------/------------------------1240AG
Eth Root 802.11b/g Non Root 802.11a Non AP 802.11b/g Clients
Trunk Bridge Root Bridge Root SSID1 -- vlan 10
vlan 1 Bridge Bridge SSID2 -- vlan 20
vlan 10 SSID3 -- vlan 30
vlan 20
vlan 30
Thanks!Eric,
Yes it can. On the bridges you'll want to define the sub-interfaces for the VLAN that you want to pass. You only need the one SSID on the bridge to accomplish this, as it is the 'connection' between the bridges.
So basiclly you need
int dot11radio 0.10 ( or 1 if you are using the 5GHz to bridge)
encapsulation dot1q 10
bridge-group 10
int dot11radio 0.20
encapsulation dot1q 20
bridge-group 20
int dot11radio 0.30
encapsulation dot1q 30
bridge-group 30
int f0.10
encapsulation dot1q 10
bridge-group 10
int f0.20
encapsulation dot1q 20
bridge-group 20
int f0.30
encapsulation dot1q 30
bridge-group 30 int dot11radio 0.10
encapsulation dot1q 10
bridge-group 10
int dot11radio 0.20
encapsulation dot1q 20
bridge-group 20
int dot11radio 0.30
encapsulation dot1q 30
bridge-group 30
int f0.10
encapsulation dot1q 10
bridge-group 10
int f0.20
encapsulation dot1q 20
bridge-group 20
int f0.30
encapsulation dot1q 30
bridge-group 30
Then just make sure your AP are connected to trunk ports allowing vlan 1,10,20,30
Steve -
1300 bridges trunking question
Hi all,
I have two 1300 bridges connecting two buildings. Both buildings are using native vlan. I only have one SSID and native vlan on the birdges. There is a L3 switch connecting to the root bridge and L2 switch connecting to the non-root bridge.
Right now, we are upgrading the network to support mutilple vlans. Do I need to make trunking on the bridges in order for the bridges to pass multiple vlans traffic? I already made trunking (802.1q) on both switches. But once I assign ports to access different vlan, I could not get dhcp address (except native vlan)if I am on the second building.
Any suggestion/comment?
thanks
GeneHey Gene,
I had a similar setup and the only thing you need to care about pretty much is that the native vlan in your bridges is the one assigned to the SSID which it linking those 1300 together... All the rest of the vlans at your switch will pass through the wireless link effortlessly... :)
Just try to be sure you are NOT restricting vlans at the switch port where you have your bridges connected.
If you need any assistance please do not hesitate in contact me... :)
Cheers,
Hery -
1300 bridge with native and management vlan in different vlans
Hello,
We are going to set up a wireless bridge between two 1300 accesspoints. In our network the native vlan and the management vlan are different vlan's. Will we be able to manage the ap and switch at the "remote" site? Do we have to set up two ssid's, one for native and one for management?
regards,
RutgerToo answer my own question:
I don't think it is possible. Things work fine by making our management vlan the native vlan on switches and ap's involved. Management IP address on the BVI1 interface and everything works!
Rutger -
1300 Bridge - Extending VLANs in Pt-to-Pt Mode
I need to set up 1300 series Wireless Bridges in a point-to-point mode, and I need to extend several VLANs from one building to the other.
On the 1231G/1242AG APs in AP mode, each SSID must be mapped to a unique VLAN ID. Is this also the case with the 1300 bridge?
Is there a good doc out there that explains how to config what I'm trying to do?No its no the case, you can have several vlans going over one SSID.
Just create sub interfaces on the Dot1radio interface and Ethernet interface.
like this (this will pass the native vlan and vlan 2 and 3 ) -
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
hold-queue 80 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 spanning-disabled
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 spanning-disabled
There is a guide here
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr -
1300 Bridge: VLAN and encryption question
Hi!
I configured a 1300 bridge with dot1q-VLANs and tkip/wpa encryption:
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode ciphers tkip
encryption vlan 91 mode ciphers tkip
encryption vlan 150 mode ciphers tkip
ssid skylink
vlan 1
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii 7 xxxx
short-slot-time
cca 0
concatenation
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 4000
channel 2472
station-role root
payload-encapsulation dot1h
antenna receive right
antenna transmit right
infrastructure-client
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio0.91
encapsulation dot1Q 91
no ip route-cache
bridge-group 91
bridge-group 91 spanning-disabled
interface Dot11Radio0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
ntp broadcast client
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0.91
encapsulation dot1Q 91
no ip route-cache
bridge-group 91
bridge-group 91 spanning-disabled
interface FastEthernet0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 spanning-disabled
Is it necessary to set the
encryption vlan 91 mode ciphers tkip
encryption vlan 150 mode ciphers tkip
so that all VLANs are crypted?
How can I examine that all VLANs are crypted?
Best regards
Michael SimonNo. As there is no SSID assigned to VLAN 91 and 150, I was by the TME (Technical Marketing Engineer) that the 1300 should use the encryption defined in the native VLAN (VLAN 1 in your case) to transport traffic on VLAN 91 and 150. I have not taken any wireless sniffer trace to verify it though.
There are a couple of ways to verify it:
1. a wireless sniffer trace
2. debug dot dot 0 trace print xmt rcv
Please be very careful when use option #2. Option #2 turns the wireless bridge into a wireless sniffer. If there are heavy traffic between the two bridges, the wireless bridges will crash. Please use option # 2 in test environment or limited traffic. -
Dears
i have two sites required to be connected using wireless 1300 bridge but There is 30 VLAN and i think that 1300 series support 16 VLAN only is it right ?. Please advice me if 1300 support more than 16 VLAN how to conigure it if not support then which mode support more VLANS.
Thanksbuy a pair of routers, and use the 1300's to provide the link between the routed interfaces, then you only have to pass one VLAN between them.
Then, if you're still desperate to get those specific VLANs to the other site, I believe you can do some magic with your routers to tunnel them inside your routed link. -
I have my wired network (w/DHCP and vlan scopes). Attached to the wired network is a 1400 series bridge1 connecting to another 1400 bridge2 (via 802.11a). Bridge 2 connects to a 1200 Access point via a straight ethernet connection. I want to use VLANs on the access point. I configured the trunk between the wired network and Bridge1. I configured the VLANs and SSIDs on the AP, but Im unable to get an ip address when connecting to vlan2/ssid (vlan 1 is the native vlan and works fine). Any suggestions?
check whether DHCP option 43 is enabled
-
1300 bridge can't associate - Vlans
I have three Cisco 1310 bridges, one root and two non-roots. I have posted my config below, br1 is the root and br2 would be the non-roots.
My goal is to carry 4 VLANs across this bridge, however with this config I get "Uplink to parent failed: Unsupported authentication type"
Any idea? I will add security later on as this is just in my lab as of now.
Thanks!I am still looking for this. I think the issue may be that sometimes it will carry all the VLANs across but I cannot communicate with devices on the native Vlan (Vlan1) only other VLANs can communicate internally, any idea?
-
Changing native VLAN on non-root bridges
I have quite a few 1310 Bridges setup in point to multipoint configuration with a root bridge with a sector antenna at the campus network and remote sites connecting in. I have multiple VLANs trunked onto one SSID, this allows for having multiple vlans in use at the remote site. The problem is I want to configure some remote site bridges with a different native vlan than the standard allowing me to plug the client directly into the injector and eliminate the need for a vlan aware switch. I have tried to configure the the "encapsulation dot1q VLAN# native" but this swaps the bridge group on the subinterface to a bridge-group 1 .
! Last configuration change at 01:23:08 UTC Tue Sep 15 2009 by Cisco
! NVRAM config last updated at 01:23:09 UTC Tue Sep 15 2009 by Cisco
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no aaa new-model
dot11 ssid Cisco-24
vlan 1
authentication open
authentication key-management wpa
guest-mode
infrastructure-ssid optional
wpa-psk ascii test
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
encryption vlan 1 mode ciphers aes-ccm tkip
encryption vlan 901 mode ciphers aes-ccm tkip
encryption vlan 902 mode ciphers aes-ccm tkip
encryption vlan 904 mode ciphers aes-ccm tkip
ssid Cisco-24
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0
station-role non-root bridge
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio0.901
encapsulation dot1Q 901
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
interface Dot11Radio0.902
encapsulation dot1Q 902
no ip route-cache
bridge-group 254
bridge-group 254 spanning-disabled
interface Dot11Radio0.904
encapsulation dot1Q 904
no ip route-cache
bridge-group 253
bridge-group 253 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
hold-queue 80 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0.901
encapsulation dot1Q 901
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
interface FastEthernet0.902
encapsulation dot1Q 902
no ip route-cache
bridge-group 254
bridge-group 254 spanning-disabled
interface FastEthernet0.904
encapsulation dot1Q 904
no ip route-cache
bridge-group 253
bridge-group 253 spanning-disabled
interface BVI1
ip address 10.0.0.100 255.255.255.0
no ip route-cache
ip default-gateway 10.0.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
snmp-server community misdept RO
bridge 1 route ip
line con 0
line vty 0 4
login local
endCorrect. As soon as you change it to 100, you will lose access to the devices since vlan 1 is used for management. To shorten the down time, you can create vlan 100 and all the SVIs on all switches ahead of time and than change it form 1 to 100 in a maintenance window.
HTH -
Native VLAN and Trunks on Bridges
I have a need for different Native VLANs on the radio side and the ethernet side. Can this be done on the non-root 1410 bridge?
The radio native VLAN is to support the management on teh 1410 bridges. I also need to attach a single device from another VLAN on the non-root bridge and I do not want to have to put in a switch just to break out that needed VLAN.The bridge supports only one SSID. You should assign the SSID to the native VLAN
1.Create subinterfaces on the radio and Ethernet interfaces.
2. Enable 802.1q encapsulation on the subinterfaces and assign one subinterface as the native VLAN.
3. Assign a bridge group to each VLAN.
4. (Optional) Enable WEP on the native VLAN.
5. Assign the bridge's SSID to the native VLAN.
To assign an SSID to a VLAN and how to enable a VLAN on the bridge radio and Ethernet ports
For further information click this link.
http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.3_8_JA/configuration/guide/p38vlan.html
Maybe you are looking for
-
Batch won't run unless Illustrator CS3 is active window?
I'm hoping someone can help me out with this as it's driving me nuts. Basically I'm trying to batch an action I made in CS3 to run on about 700 illustrator files. Everything runs just fine and dandy until I switch from Illustrator to another program
-
Dell Precision T5810 Core options and GPU config? Running CC on virtual desktops?
Hi, two questions really but didn't want to start multiple threads. I tried searching for answers to my questions but was not very successful so am trying to post. I am looking at buying some computers for our office which will be using the CC subscr
-
My macbook sound is not working. No idea what happened!
It was working a while ago when I left home. I packed it in the case and put it in my backpack and walked to the library. I just took it out after sitting down and it doesn't work. I'm horrible with technology! The sound bar isn't on mute, and everyt
-
How do you add a printer to Print_print_printer option?
I cannot print to paper from Firefox. I have a MacBook Pro. I have done the about:config / print.print_printer, and it says "user set" type "string". I can print from Word and Safari, but not from Firefox. I have looked everywhere for an answer and c
-
When i select an event for move to trash, it doesn't appear in the trash to be emptied. where is it?
I have iMovie 10.0.4. When I select an event for 'move to trash' it doesn't appear in the trash to be emptied there. Where is it?