Problems with associating with SSIDs using non-native VLANs

Similar Messages

• Can I use non-native VLAN for AP management (BVI100 vs. BVI1)

  Owning AIR-AP1121G-E-K9 and AIR-AP1131AG-E-K9, with IOS 12.3.8JA2, want to migrate AP (wired) management from native VLAN1 to tagged VLAN100.
  Management VLAN must not be accessed by WiFi devices.
  Tried to configure fa0.100, bridge 100 and BVI 100 instead of fa0.1, bridge 0.1 and BVI1, reloaded and AP is working, but doesn't respond to management.
  Tried to use simple L3 fa0.1, but int is not reachable from outside.
  Any suggestions?
  Thank you very much
  Flavio Molinelli
  [email protected]

  The management VLAN must be the Native VLAN ... it doesn't have to be VLAN 1, but whichever VLAN you declare as Native will be the Management VLAN (at least as far as the AP is concerned) ...
  Some switches / routers permit the management and Native VLANs to be different ... verify that both are configured and matching on both ends (AP and switch / router).
  Good Luck
  Scott

• ASA 5505 Problem with outbound PPTP-connection on non-native vlan

  Hi, why am I not being able to make a PPTP connection on vlan80 (trunked to AP Cisco 1142N) compared to vlan10? And yes, I've configured the "
  inspect pptp"
  ASA 5505 with sec plus license

  Hi mate,
  I don't know how to solve your problem but I strongly reccommend you to remove your password from the first post and to update it on your ASA device

• Problems with QoS between 2950 and 3550 with use of Native VLAN

  Hi!
  I try to set up QoS between a C2950 and a C3550, I have provided a drawing that might help understanding the setup.
  As I understand it, since I only have the SMI image on the C2950 I have to run a 802.1Q trunk over the leased 2Mb line to get QoS to work. And I DO get it to work, or at least it seems so to me.
  What I'm trying to setup QoS on is between a Nortel Succession Media Server and a Nortel i2004 IP Phone.
  And when I sniff the port that the Succession Media Server is connected to, I get this output:
  *BEGIN*
  *** TO IP Phone ***
  IP version: 0x04 (4)
  Header length: 0x05 (5) - 20 bytes
  Type of service: 0xB8 (184)
  Precedence: 101 - CRITIC/ECP
  Delay: 1 - Low delay
  Throughput: 1 - High throughput
  Reliability: 0 - Normal reliability
  Total length: 0x00C8 (200)
  ID: 0x5FE1 (24545)
  Flags
  Don't fragment bit: 0 - May fragment
  More fragments bit: 0 - Last fragment
  Fragment offset: 0x0000 (0)
  Time to live: 0x40 (64)
  Protocol: 0x11 (17) - UDP
  Checksum: 0x69EC (27116) - correct
  Source IP: 10.40.2.10
  Destination IP: 10.10.153.100
  IP Options: None
  UDP
  Source port: 5216
  Destination port: 5200
  Length: 0x00B4 (180)
  Checksum: 0x5C02 (23554) - correct
  *** FROM IP Phone ***
  IP version: 0x04 (4)
  Header length: 0x05 (5) - 20 bytes
  Type of service: 0xB8 (184)
  Precedence: 101 - CRITIC/ECP
  Delay: 1 - Low delay
  Throughput: 1 - High throughput
  Reliability: 0 - Normal reliability
  Total length: 0x00C8 (200)
  ID: 0x8285 (33413)
  Flags
  Don't fragment bit: 0 - May fragment
  More fragments bit: 0 - Last fragment
  Fragment offset: 0x0000 (0)
  Time to live: 0x7F (127)
  Protocol: 0x11 (17) - UDP
  Checksum: 0x0848 (2120) - correct
  Source IP: 10.10.153.100
  Destination IP: 10.40.2.10
  IP Options: None
  UDP
  Source port: 5200
  Destination port: 5216
  Length: 0x00B4 (180)
  Checksum: 0x5631 (22065) - correct
  *END*
  But, then to the problem:
  Since the modems I use have ip adresses in them I want to monitor them and be able to change settings in them.
  But to connect to units within the trunk, I have to set the native vlan to VLAN 144, which provides the ip adresses I use for the modems, in both ends of the trunk.
  But if I do that the tagging of the packets from the IP Phone disappears!
  Here's an output after native VLAN is applied:
  *BEGIN*
  *** TO IP Phone ***
  IP version: 0x04 (4)
  Header length: 0x05 (5) - 20 bytes
  Type of service: 0xB8 (184)
  Precedence: 101 - CRITIC/ECP
  Delay: 1 - Low delay
  Throughput: 1 - High throughput
  Reliability: 0 - Normal reliability
  Total length: 0x00C8 (200)
  ID: 0xDEF8 (57080)
  Flags
  Don't fragment bit: 0 - May fragment
  More fragments bit: 0 - Last fragment
  Fragment offset: 0x0000 (0)
  Time to live: 0x40 (64)
  Protocol: 0x11 (17) - UDP
  Checksum: 0xEAD4 (60116) - correct
  Source IP: 10.40.2.10
  Destination IP: 10.10.153.100
  IP Options: None
  UDP
  Source port: 5240
  Destination port: 5200
  Length: 0x00B4 (180)
  *** FROM IP Phone ***
  IP version: 0x04 (4)
  Header length: 0x05 (5) - 20 bytes
  Type of service: 0x00 (0)
  Precedence: 000 - Routine
  Delay: 0 - Normal delay
  Throughput: 0 - Normal throughput
  Reliability: 0 - Normal reliability
  Total length: 0x00C8 (200)
  ID: 0x89E4 (35300)
  Flags
  Don't fragment bit: 0 - May fragment
  More fragments bit: 0 - Last fragment
  Fragment offset: 0x0000 (0)
  Time to live: 0x7F (127)
  Protocol: 0x11 (17) - UDP
  Checksum: 0x01A1 (417) - correct
  Source IP: 10.10.153.100
  Destination IP: 10.40.2.10
  IP Options: None
  UDP
  Source port: 5200
  Destination port: 5240
  Length: 0x00B4 (180)
  Checksum: 0x31CA (12746) - correct
  *END*
  See, there is noe QoS tagging from the IP Phone anymore.
  If I set no switchport trunk native vlan 144 in both ends the tagging is back.
  Any ideas? Is this a bug, or just some command I don't know about?
  Please take a look at the picture to get a more understandable view of the setup.
  Thanks!

  Well, native VLANs are by definition untagged so there´s nothing wrong with that as far as you are getting the expected results. By the other way I think you should include VLAN 402 on your allowed vlan range on Catalyst 3550's FastEth0/45 trunk port, otherwise this VLAN will be completly isolated from the rest of the network.

• What problems are associated with an upgrade from Tiger to Snow Leopard?

  Hi folks.
  Is it possible to upgrade directly from Tiger to Snow Leopard, without having to buy Leopard? I've seen many answers around the web, many of them conflicting. There appear to be possible associated problems if you bypass Leopard. But as I'm not certain that what I read is correct I thought I'd come straight to the Community and ask.
  Thanks in advance.
  (Only reason I'm asking is I persuaded my mother to buy her first Mac (second hand) and it has Tiger loaded onto it. I'd like her to have a more up to date software.)

  The computer has to be an Intel Mac.
  The basic requirements for Snow Leopard are as follows:
  An Apple computer with an Intel Processor
  1GB of Memory (RAM)
  5GB of hard drive space (Storage)
  DVD drive for installation
  You can go directly from Tiger to Snow.
  Possible problems: make sure the current third party Tiger apps will be compatible. 1 GB RAM is bare bones. You want more than that.
  Before upgrading make sure you have the current Mac configuration backed up completely. Use a cloning program like Carbon Copy Cloner to make a bootable clone on an external drive.
  http://www.bombich.com/
  Message was edited by: WZZZ

• Install AM in JES WS container with JES WS installed using non-root user

  Does anyone know how to make Access Manager work when the Sun JES Web Server is installed using a non-root user? Is this even possible?

  Basically it is documented in JES install guide
  Sun Java Enterprise System 2005Q1
  Access Manager Configured to Run as a Non-root User Example . . . . . . . . . . . . . . . . . . . . . . . . . 120

• Linked Server Problem while SQL Data Transfer using Non-sys Admin Account

  Hi Team,
  I've an issue while transferring the data from ServerA to ServerB. I've made the ServerB as "Linked Server" to Server A. Pre requisite like:
  1) SQL Account is been created on ServerB.
  2) Timeout settings for remote connections is set to "No Timeout".
  When I execute the below script using Query Window, It executes successfully:
  Insert into ServerB.DBName.dbo.TableName1
  Select * from dbo.TableName1
  But when I execute the same step by creating a SQL Job, it fails with the below error message:
  Message
  Executed as user: DomainName\UserName. Named Pipes Provider: Could not open a connection to SQL Server [1450]. [SQLSTATE 42000] (Error 1450)  OLE DB provider "SQLNCLI" for linked server "ServerB" returned message "Login
  timeout expired". [SQLSTATE 01000] (Error 7412)  OLE DB provider "SQLNCLI" for linked server "ServerB" returned message "An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005,
  this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections.". [SQLSTATE 01000] (Error 7412).  The step failed.
  Could you please help me in fixing the above error message and I can transfer the SQL Data between 2 Servers.
  Thank You
  Sridhar D Naik

  Sridhar,
  Is this still an issue?
  Thanks!
  Ed Price, Azure & Power BI Customer Program Manager (Blog,
  Small Basic,
  Wiki Ninjas,
  Wiki)
  Answer an interesting question?
  Create a wiki article about it!

• HSRP using subinterface native vlan

  Hi all,
  I have 2 cisco 7609 connected to non-cisco switches which do not support vlan tagging. These non-cisco swicthes are having 6 IP segments (ex: 172.1.1.0/24, 172.1.2.0/24, ...).
  The design is as below:
  7609 == 7609
  V V
  [core sw]==[core sw]
  V V
  [server : 6 segment]
  Because the core switches dont support vlan tagging, my idea is to break the 7609-core sw into subinterfaces
  int G0/1
  description Connection to Core switch
  no ip add
  int G0/1.1
  encap dot1 10 native
  ip add 172.1.1.2 255.255.255.0
  vrrp 10 ip 172.1.1.1
  vrrp 10 priority 110
  int G0/1.2
  encap dot1 20 native
  ip add 172.1.2.2 255.255.255.0
  vrrp 20 ip 172.1.2.1
  vrrp 20 priority 110
  int g2/0
  description Connection 7609 II
  int G0/1
  description Connection to Core switch
  no ip add
  int G0/1.1
  encap dot1 10 native
  ip add 172.1.1.3 255.255.255.0
  vrrp 10 ip 172.1.1.1
  int G0/1.2
  encap dot1 20 native
  ip add 172.1.2.3 255.255.255.0
  vrrp 20 ip 172.1.2.1
  int g2/0
  description Connection 7609 I
  Both my routers can ping to the servers but i need to configure HSRP between these two 7609 routers. But currently m routers cannot ping to each other (172.1.1.2 cannot ping to 172.1.1.3 and vice versa)
  I need to know the config between 7609 I & II. Any help beyond that would also be great!
  Thanks in advance

  I may not understood the question clearly.
  Do you mean the core switch cannot support VLAN trunking ? The sub-interace of 7609 is already VLAN enabled w/ 802.1q. You may need to have dual connections from each 7609 to the core switch. Then use the core switch to provide the LAN connectivity between 7609s.
  And, are you consider to remove the VRRP and enable HSRP instead ?
  Will the connection between two core switches support VLAN trunking ?
  Will the core switch able to enable layer 3 switching / routing to off-load the traffic to 7609 ?
  Hope this helps.

• WiFi User associating with far AP not with near AP

  Hi,
  We have two WLC 4402 and around 20 APs model1252G, I have manually distributed between both WLCs.
  Problem which I am describing is only associated with single user. User have three APs in its surrounding, AP "One" is placed near by 10 feet, AP "Two" is placed on above floor (with same location) and AP "Three" is placed on below floor (on same location). I am using 1, 2, 6, 11 non-overlapping channels and did not assign same channel on two floor continous.
  Problem:
  User associating with far AP but not with near AP, due to this user faced low strength. I have increased AP "One" power but it does not worked out.
  Need help.
  Many thanks in advance.
  Regards,
  Arsalan

  Hi Arsalan,
  Thanks for the reply!!
  Yes we can configure that!! This feature name depends on the WLC software that you are running..
  If  ur WLC is running 4.2 WLC code and below.. then thisfeature is called  WLAN OVERRIDE , here is the link to do it.. (find for WLAN override 2nd  search you will find the feature info and config as well)
  http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml
  if ur WLC is above 4.2 or later, then its called AP-Grouping. here is the link..
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml
  lemme know if this answered your question..
  Regards
  Surendra
  ====
  Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

• Cisco 1702i WAP: how to get an interface in a non-native bridge group/ VLAN to be recognized by the internal DHCP server

  Does anyone know how the internal DHCP server in these access points connects to virtual interfaces and bridges in the unit?
  Is there some sort of default connection that connects the DHCP server to the native bridge group or VLAN?
  In a test case, with an SSID in the native VLAN and bridge group, the 1702i serves an IP address to a wireless client no problem. But with a second SSID in a non native VLAN and bridge group, no IP gets served. My only guess is that since the bvi1 defaults to the native bridge group and VLAN, sub-interfaces also in this group are assumed to be in the same subnet as bvi1, or in this case:
  interface bvi1
    ip address 192.168.1.205 255.255.255.0
    no ip route-cache
    exit
  It would be the ..1. subnet.
  Since the dhcp pool is set as:
  ip dhcp pool GeneralWiFi
    network 192.168.1.0 255.255.255.0
    lease 1
    default-router 192.168.1.1
    dns-server 8.8.8.8
    exit
  There may be an assumption that anything bvi1 can talk to is in the ..1. subnet, so the above pool gets activated on a request coming through bvi1.
  Is the DHCP server just hanging out waiting for a request from an "area" that is assumed to be on the same subnet as the given pool?
  Do I need to somehow show the device what subnet the 2nd SSID/ subinterfaces are in so the internal DHCP server can decide it needs to go to work, or is there some sort of bridging between the DHCP server and the interfaces that needs to be done? I am trying to use the same DHCP pool for the second subnet at this point, since I assume I will need another router to service an additional subnet and DHCP pool.

  Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
  Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
  That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
  HTH,
  Steve

• WLC 7.4.110.0 where native vlan and SSID vlan is the same vlan

  Hi
  We have app. 1500 accespoints in app. 500 locations. WLCs are WiSM2s running 7.4.110.0. The AP are 1131LAPs.In a FlexConnect configuration we use vlan 410 as native vlan and the ssid (LAN) also in vlan 410. This works fine, never had any problems with this.
  Now we have started use 1602 APs and the client connection on ssid LAN becomes unstable.
  If we configure an different ssid, using vlan 420 and native vlan as 410, everything works fine.
  I can't find any recommandations regarding the use of native vlan/ssid vlan
  Is there anyone experiencing similar problems? Is this a problem with my configuration or is it a bug wittin 1602 accespoints?
  Regards,
  Lars Christian

  It is the recomended design to put FlexConnect AP mgt into native vlan & user traffic to a tagged vlan.
  From the QoS perspective if you want to enforce WLC QoS profile values, you have to tag SSID traffic to a vlan (other than native vlan) & trust CoS on the switch port connected to FlexConnect AP (usually configured as trunk port)
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Can't CF use non English characters in URLs ???? (critical for SEO)

  Hi all,
  I want to use non English characters (Greek characters) for folders of the URLs.
  eg   http://www.mysite.com/Φάκελος/index.cfm
  where "Φάκελος" is a non English word (Greek).
  When the called page is simple HTML  eg   www.mysite.com/Φάκελος/index.HTM
  it's displayed just fine.
  When the called page is CF page  eg   www.mysite.com/Φάκελος/index.CFM
  I get a "FILE NOT FOUND" error.
  In the page where the link exists everything is UTF-8.
  What's the problem ? Can't CF use non English characters in URLs ????
  It's critical for SEO issues.
  I use CF9.  Any ideas ???
  Thanks in advance.
  Anastassios

  I don't have this setting in the email application. But as I know, html with Exchange is working only with the 2007 version, my server is still 2003 so I think in my case it's plain text only.
  But I'm telling again: good old (and now starting to miss) E60 with MfE worked very well!

• What is AP H-REAP Native Vlan used for?

  We have a few APs - CAP3502 and LAP1242s for the most part - whose H-REAP "Native Vlan" doesn't match the switchport's native vlan.  It appears that the switchport native vlan is what gets used for the AP for DHCP (it gets an AP IP address from that network).  If so, does anyone know what the purpose of specifying the native vlan on the H-REAP config is?  I can think of no useful purpose, but if there is one I'd appreciate anyone who could say.
  Thanks.
  BTW this is on a 5508 controller running 7.0.240.0 code.

  Thanks Scott - further info:  the Vlan Mappings are filled in with the appropriate Vlans, which are separate from the AP native vlan.  In this case vlans 202, 203, 204 and 206 are assigned to various SSIDs and the Native Vlan for the AP is set to 201.  The switchport is set to trunk all vlans and has native vlan 221, and it is from vlan 221 that the AP get's its own IP.
  So on the one hand, if specifying the 'native' vlan were to avoid cases where the wrong vlan was native on the switch (and so, to tell the AP which vlan to use for itself and control traffic), I would expect the AP to have a vlan201 address.
  If on the other hand this is merely a 'documentary' setting to say what the 'native vlan' *should* be, then I would expect the AP to have a vlan221 IP, which it does.
  Just trying to find out if this setting does anything more than document.

• NAtive VLAN?what is the use of vlan?VLAN in trunk link?

  what is the use of native VLAN in trunk links? where should i change native vlan from vlan1 to another?
  what is the use of untagged native VLAN frame?

  Hi,
  On ethernet, you can connect more than one device to a port. So when you configure a port as trunk, it expects a vlan tag to arrive. But some times there are devices which dont have the capability to tag the packet and still they need to connect to network. So they can use native vlan to have connectivity. It is not a usual situation, but it helps on some situation where multiple devices connected on a trunk and not all have ability to send tagged frames. Hope this helps.
  Please do remember to rate all useful posts.
  Thanks,
  Madhu

• SPT Inconsistent Native Vlan

  Hi,
  I cant figure out why this is showing on switches.
  Core switch brc-k25-1 is using Native Vlan 1
  Access switch c2-k25-5 is using Native Vlan 1
  I get the following error message on the access switch:
  Jun 27 08:57:40: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 171 on GigabitEthernet1/0/49 VLAN1.
  Jun 27 08:57:40: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/49 on VLAN0171. Inconsistent peer vlan.
  Jun 27 08:57:40: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/49 on VLAN0001. Inconsistent local vlan.
  Jun 27 08:57:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
  Jun 27 08:57:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0171. Port consistency restored.
  Jun 27 08:57:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0001. Port consistency restored.
  Jun 27 08:57:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
  Because of the error, I cannot login to the access switch using the native Vlan IP Address.
  brc-k25-1 config:
  interface GigabitEthernet3/2
   description c2-k25-5
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 1,146,171
   switchport mode trunk
   logging event link-status
   logging event trunk-status
   qos trust dscp
   tx-queue 1
     bandwidth percent 69
   tx-queue 2
     bandwidth percent 1
   tx-queue 3
     bandwidth percent 15
     priority high
   tx-queue 4
     bandwidth percent 15
  end
  brc-k25-1#sh interfaces gigabitEthernet 3/2 switchport
  Name: Gi3/2
  Switchport: Enabled
  Administrative Mode: trunk
  Operational Mode: trunk
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: dot1q
  Negotiation of Trunking: On
  Access Mode VLAN: 1 (default)
  Trunking Native Mode VLAN: 1 (default)
  Administrative Native VLAN tagging: enabled
  Voice VLAN: none
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk Native VLAN tagging: enabled
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk associations: none
  Administrative private-vlan trunk mappings: none
  Operational private-vlan: none
  Trunking VLANs Enabled: 1,146,171
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  interface Vlan1
   ip address 172.27.40.254 255.255.255.02
   ip access-group vlan1out out
  ==================================================
  c2-k25-5 config:
  c2-k25-5#sh cdp ne
  Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                    S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                    D - Remote, C - CVTA, M - Two-port Mac Relay
  Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
  brc-k25-1        Gig 1/0/49        138             R S I  WS-C4506  Gig 3/2
  interface GigabitEthernet1/0/49
   description brc-k25-5
   switchport trunk allowed vlan 1,146,171
   switchport mode trunk
  interface Vlan1
   ip address 172.27.40.18 255.255.255.0
  interface Vlan146
   ip address 172.31.146.1 255.255.255.0
  c2-k25-5#sh interfaces gigabitEthernet 1/0/49 switchport
  Name: Gi1/0/49
  Switchport: Enabled
  Administrative Mode: trunk
  Operational Mode: trunk
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: dot1q
  Negotiation of Trunking: On
  Access Mode VLAN: 1 (default)
  Trunking Native Mode VLAN: 1 (default)
  Administrative Native VLAN tagging: enabled
  Voice VLAN: none
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk Native VLAN tagging: enabled
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk associations: none
  Administrative private-vlan trunk mappings: none
  Operational private-vlan: none
  Trunking VLANs Enabled: 1,146,171
  Pruning VLANs Enabled: 2-1001
  Capture Mode Disabled
  Capture VLANs Allowed: ALL
  Protected: false
  Unknown unicast blocked: disabled
  Unknown multicast blocked: disabled
  Appliance trust: none

  Thanks for the replies.
  I did remove the ACL from the VLAN1 but nothing change. Also the allowed VLAN1 was not included in the trunk allowed before, same result as now.
  Jun 30 09:06:40: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 171 on GigabitEthernet1/0/49 VLAN1.
  Jun 30 09:06:40: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/49 on VLAN0171. Inconsistent peer vlan.
  Jun 30 09:06:40: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/49 on VLAN0001. Inconsistent local vlan.
  Jun 30 09:06:41: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
  Jun 30 09:06:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0171. Port consistency restored.
  Jun 30 09:06:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0001. Port consistency restored.
  Jun 30 09:06:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
  We have multiple switches attached to the brc-k25-1 and only 2 switches are affected using VLAN1 management. I had to create another VLAN ID so that I can use that IP Address to SSH. Very weird problem.