VLANs over bridges to an AP

I have my wired network (w/DHCP and vlan scopes). Attached to the wired network is a 1400 series bridge1 connecting to another 1400 bridge2 (via 802.11a). Bridge 2 connects to a 1200 Access point via a straight ethernet connection. I want to use VLANs on the access point. I configured the trunk between the wired network and Bridge1. I configured the VLANs and SSIDs on the AP, but I’m unable to get an ip address when connecting to vlan2/ssid (vlan 1 is the native vlan and works fine). Any suggestions?

check whether DHCP option 43 is enabled

Similar Messages

  • Vlan over wireless bridge with internet sharing?

    Hi Community, my first post here, hoping somebody may be able to advise...
    I live on a farm which is too far for broadband but fortunately I also have an office in a nearby town and because I have line of sight I have setup a wireless bridge, this gives me 8 MBits which is wonderful. Some of my equipment, for example a NAS is on the farm, and I need to access them from the office via the wireless link and I occasinally use vnc to access my office desktop from the farm. This all works beautifully.
    Ok. now I want to share my internet with my neighbor on the farm, who, in a strange twist also rents an office next to mine downtown, so I would like to give him access to the internet and to his equipment he has there too.. but I don't want him to be able to access my equipment and visa versa I don't want to see his stuff...
    This sounds like a job for port based VLAN.. and so what I bought is two Linksys/Cisco SLM2005 layer2 switches in the hope that this would allow me to do what I want... but I'm not so sure now. In the office I use a draytek v2910 which has a vlan feature that allows me to separate the ports from each other, only giving them internet access.
    So... if I connect these two switches to each other, and I create a VLAN with the same id on each of the switches, will the corresponding vlans be shared, so, if you assume the following hardware setup:
    farm: slm2005 switch
    port 1 -> wireless bridge to office: member of vlan "2", "3"
    port 2 -> access point A for neighbor: member of vlan "2"
    port 3 -> my own access point B: member of vlan "3"
    office: slm2005 switch
    port 1 -> wireless bridge to farm: member of vlan "2", "3"
    port 2  -> access point C for neighbor: member of vlan "2"
    port 3 -> my access point for office D: member of vlan "3"
    port 4 -> router port 1: member of vlan "2"
    port 5 -> router port 2: member of vlan "3"
    the router (draytek v2910) is configured in such a way to separate port 1 and port 2 (otherwise there would be a loop...)
    The idea here is to create a vlan "2" for my neighbor and "3" for myself. but what's the correct way to consider the wireless bridge inbeetween (in fact, I think the same problem would occur if I just connected the two switches with a cable (if i had a 2 mile long one..)...)
    Will my neighbor be able to see both access points "A" and "C" and the internet, but not be my access points "B" and "D"? Or does this whole concept of VLAN over bridge not work like this, or not at all?
    Thanks in advance for any advice,
    Andres

    Hi Andreas,
    you're not far from it.
    Your whole concept is ok. What you just need is on the gateway of each subnet (I would presume it's the router in the office) to create an access list preventing to route between vlan 2 and 3.
    On all other devices,  traffic can't jump between vlans. But on a routing device that has the Vlan layer3 interfaces, traffic is routed between vlans so that's where you need to prevent it.
    With regards to vlans over wireless, you're also having the good concept. The point is to have only 1 ssid, that will be in a certain vlan, but also bridging the other vlans onto that ssid.
    This doc should help you out :
    http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr
    HTH,
    Nicolas
    Thanks to rank the answer if you see it as useful !

  • Multiple VLANs over 1300 series bridges

    Hi
    I am looking to connect a small external building to a main campus building by wireless bridge. The building i want to connect currently has two vlans, can the 1300 series bridges carry multiple vlans over the wireless bridge link? If so can anyone point me towards s document that explains it?
    Many thanks
    Simon

    Hi Simon,
    Yes they can, here is a link, i hope it helps you, look at the "Bridge configuration" title.
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml
    Regards,
    Milton Tizoc.

  • VLAN Over Remote Bridges (1240AG)

    Hi,
    I've an AP connecting to the backbone switch via 2 wireless bridge links as shown below. Currently, it is operating as flat lan.
    Would like to know if it can be coverted to vlan mode so that I can support wireless clients of different vlans at the remote end?
    Switch ----------- 1240AG--------------------/-----------------1240AG--------------------/------------------------1240AG
                Eth              Root         802.11b/g        Non       Root             802.11a                Non      AP        802.11b/g  Clients
                Trunk           Bridge                             Root      Bridge                                      Root                 SSID1 -- vlan 10
                vlan 1                                                 Bridge                                                   Bridge              SSID2 -- vlan 20
                vlan 10                                                                                                                                   SSID3 -- vlan 30    
                vlan 20
                vlan 30
    Thanks!

    Eric,
         Yes it can.  On the bridges you'll want to define the sub-interfaces for the VLAN that you want to pass.  You only need the one SSID on the bridge to accomplish this, as it is the 'connection' between the bridges.
    So basiclly you need
    int dot11radio 0.10 ( or 1 if you are using the 5GHz to bridge)
    encapsulation dot1q 10
    bridge-group 10
    int dot11radio 0.20
    encapsulation dot1q 20
    bridge-group 20
    int dot11radio 0.30
    encapsulation dot1q 30
    bridge-group 30
    int f0.10
    encapsulation dot1q 10
    bridge-group 10
    int f0.20
    encapsulation dot1q 20
    bridge-group 20
    int f0.30
    encapsulation dot1q 30
    bridge-group 30 int dot11radio 0.10
    encapsulation dot1q 10
    bridge-group 10
    int dot11radio 0.20
    encapsulation dot1q 20
    bridge-group 20
    int dot11radio 0.30
    encapsulation dot1q 30
    bridge-group 30
    int f0.10
    encapsulation dot1q 10
    bridge-group 10
    int f0.20
    encapsulation dot1q 20
    bridge-group 20
    int f0.30
    encapsulation dot1q 30
    bridge-group 30
    Then just make sure your AP are connected to trunk ports allowing vlan 1,10,20,30
    Steve

  • Vlans over wan

    Is it possible to run a vlan over a wan link on my router ?

    Yes, but don't do it......
    There shouldn't be any reason for you to 'Bridge' over the WAN. Use Layer-3 and route your traffic.
    Andy

  • Catalyst series - Private VLAN over trunk

    Hey every body
    I was planning to implement a Cisco Nexus 5596 in a data center as it supports private VLAN over trunk.
    But now, I av been forced to use a Cisco Catalyst series instead of the Nexus one.
    Based on the feature that is very important for my manager (private VLAN over trunk), which Catalyst switch can be replaced with the Nexus 5596? In other words, what Catalyst series switch works at the same scale and efficiency of Nexus 5596 and supports private VLAN over trunk feature?
    Cheers

    4500x Yes
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
    Nexus 5k Yes
    http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
    3850s
    They dont support pvs at all yet
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
    Restrictions for VLANs
    The following are restrictions for VLANs:
    The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
    The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
    Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
    Private VLANs are not supported on the switch.
    You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches.

  • Create VLAN over 1310 Bridges

    How can i create Differents VLANs on 1310 Root bridge and pass the VLAN info to the non root bridge wirelessly.
    Currently my switch ports are configured as access port for the bridges and if i make the port a trunk port; siwtch connected to the non root bridge stops communicating. Any help will be appreciated.
    Thanks,
    Osman

    Check out this link:
    http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_7_JA/configuration/guide/b37vlan.html

  • Native VLAN over 1300 bridge

    Does the BVI interface work on the native VLAN or always on VLAN1 on a 1300 bridge? If I set a VLAN other than VLAN1 for native will that move the BVI to that VLAN?
    Also, does the native vlan have to match at both ends or does it only have local significance? If I had a point to multipoint bridge link, could one remote bridge be set for a different native vlan than another remote bridge?
    I have a bridge link that carries two data vlan's and a voice vlan. At the remote end I only have a phone connected to the bridge directly and have configured the phone to be on the correct voice vlan but I need the computer to access a vlan other than the native. I know I cannot configure the phone to have the PC use the proper vlan as it just uses what the bridge tells it is the native.
    All network equipment is managed in the vlan1, the native vlan, and user data is on another vlan.
    Seth

    You cannot configure multiple VLANs on repeater access points. Repeater access points support only the native VLAN.

  • VLAN on bridged wireless

    I have two wireless bridge 1410s to connect two building A and B
    building A (Bridge1)
    management VLAN100, 192.168.100/24
    building B (bridge2)
    management VLAN200, 192.168.200/24
    I plan to setup VLAN10 for the bridge AP, so VLAN10 at Building A, IP will be 192.168.10.1/?? (can this mask be 30?), VLAN10 at building B, 192.168.10.2/??
    so my question
    can bridge1 has only one management IP from 192.168.100/24 in same time doing bridge for VLAN10? can bridge2 has only one managmenet IP from 192.168.200/24 in same time doing bridge for VLAN10? if not, do I have to assign management IP for both bridge in 192.168.10.0 network? so the mask can be /29 to support 6 IPs, one ip for VLAN10 at building A, one ip for VLAN10 at building B, one IP for bridge1, one IP for bridge2?
    my intention to assign one management IP from local management VLAN, so this IP is local significant, and AP just doing a pure bridge for VLAN10, and AP doesn't have any IP over this VLAN10
    thanks

    thanks for your reply, i did not quite get your answer yet, and that is why i tried to put more details on more original question
    so for my case, can bridge1 being part of management VLAN of building A? and bridge2 part of managemenet VLAN of buildingB? so they don't share same common managemenet vlan
    if they can not, meant i need create a common vlan 10, i guess i need /29 mask to support enough IP addr, right?

  • OS 2.1.0.1032: internet over bridge stopped working after upgrade

    Hi
    Before the upgrade to 2.1.x, I was able to connect the bridge to my BB phone and then use the regular browser to connect to the internet (NOT the Bridge Internet Browser). I could also send and receive emails with my internet email accounts and -some- (only some, not all) applications also had internet access over the bridge. This is now no longer possible/working - I get a "Your BB Smartphone is unable to establish a connection to the destination server".
    I have upgraded the Bridge on my phone, and all BB mail, calendar etc works fine, including the new SMS function, but I really miss not being able to do my other emails on the move and having to go to the Bridge Browser (not a big deal, but it means managing 2 sets of bookmarks.
    The only other change is that I also received a new phone from my company, a BB Bold 9900 (previously a 9700) with OS 7.1 bundle 1149 (v7.1.0.342).. My BB phone bridge version is 2.1.0.23
    Any thoughts/advice?
    EDIT: Should this work this way at all i.e. can anyone else access internet emails etc when bridged or was my previous experience a fluke?
    I apologize if this has been answered on one of the many other threads - i did do a search but nothing turned up-
    Thanks
    Thomas

    is possible your carrier is blocking it, can you download it from here that will not have the limitation
    http://supportforums.blackberry.com/t5/BlackBerry-PlayBook/Get-BlackBerry-Bridge-for-your-BlackBerry...
    Click here to Backup the data on your BlackBerry Device! It's important, and FREE!
    Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
    Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals
    BESAdmin's, please make a signature with your BES environment info.
    SIM Free BlackBerry Unlocking FAQ
    Follow me on Twitter @knottyrope
    Want to thank me? Buy my KnottyRope App here
    BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V

  • 3750 bandwidth limitation between the same vlan over the trunk

    Hi All,
    I have 2 3750G series switches on the trunk link. some machines are part of vlan1 on the switch 1 and some machines are the part of the same vlan1 on the other switch2. I need to limit the bandwidth between the switches for the vlan1. picture is attached.
    I tried to do through the modulare policy frame work (class-map/service-map and policy-map using the police command) but problems are
    1) 3750 does not support output service policy, so i cannot apply the policy on the output of the trunk link.
    2) I can apply the input policy but it will be only for one machine but not for the others on the same switch. if i apply the policy on per port basis then every port has separate bw limitation. I require to limit the bandwidth on per vlan basis on the trunk port. like vlan 1 takes 10 MB, VLAN2 takes 10 MB on the trunk link when communicating between the same vlans.
    Is there any solution for that scenario? your help in this case will be higly appriciated. As its the layer 2 communication, its hard for me to find the solution. if it was layer 3 then i can do it easily by using the rate-limit commmand on the interface.
    thanks

    On the 4500 series we use vlan-range for this,
    conf t
    qos aggregate-policer 10MB 10 mbps 1250000 byte conform-action transmit exceed-action drop
    policy-map 10MB
    class class-default
    police aggregate 10MB
    interface GigabitEthernet1/1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,10,12,15
    switchport mode trunk
    switchport nonegotiate
    vlan-range 1
    service-policy input 10MB
    service-policy output 10MB
    end
    dunno if the 3750's have the same options

  • Can anyone explain how this works (vlans and bridge groups)

    Can someone please explain how this works...I have started to have problems but nothing changed. My problems are vlan1 and 1000 getting blocked on the switchport where the root bridge is attached.
    ROOT BRIDGE:
    ssid state
    station-role root bridge
    rts threshold 4000
    concatenation
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    no snmp trap link-status
    bridge-group 1
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.911
    encapsulation dot1Q 911
    no ip route-cache
    no snmp trap link-status
    bridge-group 5
    interface Dot11Radio0.1000
    encapsulation dot1Q 1000
    no ip route-cache
    no snmp trap link-status
    bridge-group 2
    bridge-group 2 spanning-disabled
    interface Dot11Radio0.2001
    encapsulation dot1Q 2001
    no ip route-cache
    no snmp trap link-status
    bridge-group 253
    bridge-group 253 spanning-disabled
    interface Dot11Radio0.2120
    encapsulation dot1Q 2120
    no ip route-cache
    no snmp trap link-status
    bridge-group 7
    interface Dot11Radio0.2330
    encapsulation dot1Q 2330
    no ip route-cache
    no snmp trap link-status
    bridge-group 3
    bridge-group 3 spanning-disabled
    interface Dot11Radio0.2336
    encapsulation dot1Q 2336
    no ip route-cache
    no snmp trap link-status
    bridge-group 4
    interface Dot11Radio0.2350
    encapsulation dot1Q 2350
    no ip route-cache
    no snmp trap link-status
    bridge-group 6
    interface Dot11Radio0.2901
    encapsulation dot1Q 2901
    no ip route-cache
    no snmp trap link-status
    bridge-group 255
    bridge-group 255 spanning-disabled
    interface Dot11Radio0.2902
    encapsulation dot1Q 2902
    no ip route-cache
    no snmp trap link-status
    bridge-group 254
    bridge-group 254 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    interface FastEthernet0.1
    encapsulation dot1Q 1
    no ip route-cache
    no snmp trap link-status
    interface FastEthernet0.911
    encapsulation dot1Q 911
    no ip route-cache
    no snmp trap link-status
    bridge-group 5
    interface FastEthernet0.1000
    encapsulation dot1Q 1000 native
    ip address 10.0.32.10 255.255.255.0
    no ip route-cache
    no snmp trap link-status
    bridge-group 1
    interface FastEthernet0.2001
    encapsulation dot1Q 2001
    no ip route-cache
    no snmp trap link-status
    bridge-group 253
    bridge-group 253 spanning-disabled
    interface FastEthernet0.2120
    encapsulation dot1Q 2120
    no ip route-cache
    no snmp trap link-status
    bridge-group 7
    interface FastEthernet0.2330
    encapsulation dot1Q 2330
    no ip route-cache
    no snmp trap link-status
    bridge-group 3
    interface FastEthernet0.2336
    encapsulation dot1Q 2336
    no ip route-cache
    no snmp trap link-status
    bridge-group 4
    interface FastEthernet0.2350
    description 81 River Rd - Labor
    encapsulation dot1Q 2350
    no ip route-cache
    no snmp trap link-status
    bridge-group 6
    interface FastEthernet0.2901
    encapsulation dot1Q 2901
    no ip route-cache
    no snmp trap link-status
    bridge-group 255
    bridge-group 255 spanning-disabled
    interface FastEthernet0.2902
    encapsulation dot1Q 2902
    no ip route-cache
    no snmp trap link-status
    bridge-group 254
    bridge-group 254 spanning-disabled
    interface BVI1
    ip address 10.0.32.10 255.255.255.0
    no ip route-cache
    ip default-gateway 10.0.32.1

    NON-ROOT BRIDGE#2:
    ssid state
    station-role non-root bridge
    rts threshold 4000
    concatenation
    infrastructure-client
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.1000
    encapsulation dot1Q 1000
    no ip route-cache
    bridge-group 254
    bridge-group 254 spanning-disabled
    interface Dot11Radio0.2001
    encapsulation dot1Q 2001
    no ip route-cache
    bridge-group 252
    bridge-group 252 spanning-disabled
    interface Dot11Radio0.2336
    encapsulation dot1Q 2336
    no ip route-cache
    bridge-group 251
    bridge-group 251 spanning-disabled
    interface Dot11Radio0.2901
    encapsulation dot1Q 2901
    no ip route-cache
    bridge-group 253
    bridge-group 253 spanning-disabled
    interface Dot11Radio0.2902
    encapsulation dot1Q 2902
    no ip route-cache
    bridge-group 255
    bridge-group 255 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    hold-queue 80 in
    interface FastEthernet0.1000
    encapsulation dot1Q 1000 native
    no ip route-cache
    bridge-group 1
    interface FastEthernet0.2001
    encapsulation dot1Q 2001
    no ip route-cache
    bridge-group 252
    bridge-group 252 spanning-disabled
    interface FastEthernet0.2336
    encapsulation dot1Q 2336
    no ip route-cache
    bridge-group 251
    bridge-group 251 spanning-disabled
    interface FastEthernet0.2901
    encapsulation dot1Q 2901
    no ip route-cache
    bridge-group 253
    bridge-group 253 spanning-disabled
    interface FastEthernet0.2902
    encapsulation dot1Q 2902
    no ip route-cache
    bridge-group 255
    bridge-group 255 spanning-disabled
    interface BVI1
    ip address 10.0.32.11 255.255.255.0
    no ip route-cache
    ip default-gateway 10.0.32.1

  • Using one VLAN over several WLANs without maxing out controller

    Hi,
    I need to provide several WLANs that need to have different SSIDs, but can all go on the same VLAN.
    An example would be if i have 40 schools and one large, flat guest LAN that I want to use for them all. I'd like to put (SSIDs of)school0001, school0002, school000n etc onto this same VLAN without breaking my limit of 16 WLANs on the controller.
    Does anyone know if the cisco 4404 (or 5508) can do this? and if so, how.
    Thanks in advance,

    The 16 wlan limit is hard set.
    Here is a good reason why:
    "... limit the number of service set identifiers (SSIDs) configured at the controller. Based on your access point model, you can have configured 8 or 16 simultaneous SSIDs, but as each WLAN/SSID needs separated probe responses, and beaconing, the RF pollution increases as more SSIDs are added. The results are that some smaller wireless stations like PDA, WiFi Phones and barcode scanners cannot cope with a high number of basic SSID (BSSID) information. This results in lockups, reloads or association failures. Also the more SSIDs, the more beaconing needed, so less RF space is available for real data transmits. "
    from
    http://supportwiki.cisco.com/ViewWiki/index.php/Wireless_LAN_Controller_%28WLC%29_Configuration_Best_Practices
    You may want to consider using multiple controllers & limiting the # of wlans per controller.
    You should also check into AP groups to limit what wlans are broadcast on what APs to help control the rf pollution where possible.

  • L2 Vlan over L3 link

    Hi
    Please see attachment for my setup. So I have 2 sites which are approx half a mile apart. The ISP has provided 2 circuits, one at each site and these are meant to be acting as a Active/Standby circuit for which they will use HSRP. They have asked us to provide a layer 2 link on which they will run their HSRP Vlan.
    We currently have spare fiber running between the 2 sites so no issues there. We are trying to work out how to provide this L2 link. It was suggested by someone to put a switch at each site and use one of the spare fibers to connect into these switches to provide the L2 link, the or router and ISP router can connect into these switches.
    The issue is the customer does not want to provide the 2 switches so I was thinking if there is any alternative. The uplinks from my core switches at each site are routed links. Is there any was on running a L2 vlan down those links and across the core switches?
    Thanks

    I hope others will answer this question as well but it comes back to allowing internet traffic via your core without going through the firewall as previously discussed.
    If you want to do that then yes simply run cables via your core but it is, as I said before, a really bad idea.
    As soon as you use your core switches for that vlan you are exposing your internal network to the internet.
    So the answer is yes it can be done but it is not a secure or safe way to do it.
    As I said before all these issues could be solved by simply asking the ISP for a new address block for site 2. Your internal servers wouldn't be accessible if site 1 goes down but you said that is not important.
    If they insist on running HSRP and you cannot purchase the switches then the only other way is to use the core switches but I wouldn't do it.
    Jon

  • Private vlan over dot1q trunks with etherchannels

    Dear Freinds,
    I need to know whether can i use trunks in etherchannel for Private Vlans.
    regards
    Manish Shamjee

    Hello manish,
    You would need to elaborate more on that.
    Are you trying to 'trunk' primary private vlan's or secondary private vlans? Or are you trying to configure private vlans on ports that are etherchannels?
    Read this "Do not configure private VLAN ports as EtherChannels. While a port is part of the private VLAN configuration, any EtherChannel configuration for it is inactive"
    The above is from the pvlan guidelines and restrictions found here:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/pvlans.htm#wp1090979

Maybe you are looking for

  • I keep getting a revocation of certificate prompt when using Skype.

    Since both Microsoft & Mozilla updated their security, every time I log onto Skype I get a Revocation of Certificate prompt. How do I fix or eliminate this on Skype?

  • PO attachments

    Is there a function module or a field in a table that will tell me if there is a attachment associated with a PO line item? Thanks! Fisher Li

  • How do I branch based on validation success or failure?

    I am on an edit record page. I want to be able to branch based on clicking on the submit button and whether all of my validations pass (branch to different page) or a single validation fails (return to edit page with error message). I know how to set

  • How to install Elements 13 to Macbook without disk drive?

    I just recently got a macbook and I want to install Elements 13, but I am not sure how without a disk drive. I am clueless at this point!

  • Unable to open individual pictures with Lr

    Using Windows 7 with Lr 4. Everything is updated and the pictures in question have been successfully imported into Lr. I would like to open individual pictures into Lr, but I am unsuccessful thus far. I right-click on the picture and choose Open with