1941 with HWIC-4ESW and VLANs

[Jemson]

Hi All,

I have a Cisco 1941 with a HWIC-4ESW connected with PoE daughter board.
What I am trying to do is trunk two VLANs through to a AIR-AP1142N-N-K9 access point.

Native VLAN works fine through to the AP, where I come unstuck is trying to pass a second encapsulated VLAN.
The issue seems to be on the side of the HWIC and I have reconfigured in every way I can imagine to try and get this to work.
Tried configuring the ports as trunks, configuring with a "voice vlan" but never get any ports listed under "show vlan-switch" as below:

Cisco1941#sh vlan-switch

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/0/1, Fa0/0/3
8    Guest VLAN                       active

Please see below extract from the current rendition of the configuration of both the 1941 and AP, keeping in mind I have reconfigured in a variety of ways to try and get this working.
I'm hoping someone can assist in getting this VLAN trunking to work over the HWIC.

1941:

interface GigabitEthernet0/0
 description Gigabit Uplink
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface FastEthernet0/0/0
 switchport mode trunk
 switchport trunk encapsulation dot1q
 no ip address
!
interface FastEthernet0/0/1
 switchport mode trunk
 switchport trunk encapsulation dot1q
 no ip address
!
interface FastEthernet0/0/2
 switchport mode trunk
 switchport trunk encapsulation dot1q
 no ip address
!
interface FastEthernet0/0/3
 switchport mode trunk
 switchport trunk encapsulation dot1q
 no ip address
!
interface Vlan1
 description HWIC-4ESW
 no ip address
 bridge-group 1
!
interface Vlan8
 ip address 192.168.8.1 255.255.255.0
!
interface BVI1
 ip address 192.168.1.1 255.255.255.0
!
bridge 1 protocol ieee
bridge 1 route ip
!

AP:

interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 no keepalive
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.8
 encapsulation dot1Q 8
 ip address 192.168.8.250 255.255.255.0
 no ip route-cache
!
interface BVI1
 ip address 192.168.1.250 255.255.255.0
 no ip route-cache
!
bridge 1 route ip
!

Other thing worth noting is though I can't ping between devices, the 1941 contains a correct ARP entry for the AP listed against VLAN8 in the ARP table.
The AP lists the MAC for the Router's VLAN8 interface as incomplete. It seems to me that the packets are getting from the AP to the HWIC fine, but nothing is getting back.

 

[burtsbees]

switchport trunk native vlan 1?

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY

 

[burtsbees]

crap...you have to specify vlan 8 as the encapsulated vlan on at least one of the fa interfaces

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY

 

[Jemson]

Thanks for the reply. I actually figured it out a couple of days ago.
My config was correct, the only thing that was holding me back is that I could not ping from the AP's VLAN 8 interface through to the routers VLAN 8 interface, so I didn't test any further.

However, when I bridged the VLAN 8 interface on the AP with an SSID, any client connecting to that SSID could get right through to the router, internet etc.

So really, it was always working and was just superficial in that I couldn't ping between the interfaces on that VLAN.

Thanks again for your response.