AP management vlan

[oramacs]

In conjunction with my other post.

I am trying to setup a managment vlan and subnet for my cisco equipment and WAPs.
The problem is, I can't connect to the WAP if I change the bvi1 interface to the subnet for the managment vlan.
I know i would need to pass any other vlans for traffic for my wireless networks. I know he mls line should not be there, but I dont know how to remove it, every command I have tried has failed.

Managment vlan = vlan150 = 10.1.34.xxx
Building vlan = vlan654 = 10.1.35.xxx

switchport config the AP is plugged into.

interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 150
switchport trunk allowed vlan 150,654
switchport mode trunk
mls qos trust dscp

 

[vipergg]

How is the ap setup ? Do you have subinterfaces setup on the ethernet interface on the ap ?

 

[oramacs]

here is the config from the AP
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
enable secret XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
no aaa new-model
ip domain name XXXXXXXXXXXXXXXXXXXXXXXXX
ip name-server 10.1.1.27
!
!
dot11 vlan-name mgmt vlan 150
power inline negotiation prestandard source
!
username XXXXXX password 7XXXXXXXXX
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
station-role root
!
interface Dot11Radio0.150
encapsulation dot1Q 150 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.654
encapsulation dot1Q 654
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.150
encapsulation dot1Q 150 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.654
encapsulation dot1Q 654
no ip route-cache
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
!
interface BVI1
ip address 10.1.23.170 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bridge 1 route ip
!
line con 0
line vty 0 4
login local
!
end

ap#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Config for the switch ports I tried, neither on of them worked when I changed the BVI1 interface to use the .15 subnet


interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 150
switchport trunk allowed vlan 150,654
switchport mode trunk
switchport nonegotiate
mls qos trust dscp
!
interface FastEthernet0/2
switchport access vlan 654
switchport mode access
mls qos trust dscp

 

[oramacs]

For this switch, I have WAP connected to each port. The WAPS have 15.xxx addresses assigned to their BVI interface. They are passing traffic and working ok. But they are not reachable on their 15.xxx address.
Is it has simple as adding the vlan allowed command for vlan150, to allow both vlans 150 and 250? the wireless network they are passing is a different vlan, whay is it working if it is not in the list to allow


!
interface FastEthernet0/1
switchport access vlan 250
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/2
switchport access vlan 250
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/3
switchport access vlan 250
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/4
switchport access vlan 250
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/5
switchport access vlan 250
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/6
switchport access vlan 250
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/7
switchport access vlan 250
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/8
switchport access vlan 250
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface Vlan1
no ip address
!
interface Vlan150
ip address 10.1.15.16 255.255.255.0
!
interface Vlan590
ip address 10.1.19.4 255.255.255.0
!

 

[oramacs]

Checking to make sure I am thinking correctly.

~ So the ip address for the BVI intface can be the ip address of my managment vlan (vlan150)?
~ The port config has to look like this for me to be able to connect ( telnet \ SSH) to the WAP.

interface FastEthernet0/1
switchport access vlan 150
switchport mode access
switchport nonegotiate

~ Then my wireless networks are VLAN155,160.
~ On the WAP, I would create vlans 155,160 ( Which are different subnets than my managment vlan)
~ Vlan 155,160 have to be present on the switch.

~ The BVI interface is simply a managment intface for the WAP?
~ How does the switchport know it should pass traffic for vlan 155,160 for the wireless networks? Is The switch port supposed to be a trunk port set to pass traffic for the managment vlan and the wireless vlans? If yes, does some one have an example of that configuration?

 

[oramacs]

I need to stop reading.

Thank you everyone that has been trudging through this with me and offering advice.

Here is the bigger issue.

~ I need to be able to connect to my WAPs on the managment network 10.1.15.xxx (vlan 100).
~ I need to run 2 wireless networks on the WAPs. Wireless Network 1 - vlan 125 (10.1.23.xxx) Network 2 - Vlan 130 (subnet 10.1.25.XXX)

##If I make the switchport configuration this##
interface FastEthernet0/1
switchport access vlan 150
switchport mode access
switchport nonegotiate
mls qos trust dscp
## It only pass the traffic for the managment vlan##
~~
##If I make the switchport configuration this##
interface FastEthernet0/1
switchport access vlan 125
switchport mode access
switchport nonegotiate
mls qos trust dscp
## It only passes the traffic for one of the wireless networks, and I can not connect to the BVI interface on the WAP##
~~

If I make the the port on the switch a trunk with or without the vlan allowed command, it doesn't work at all.

I think the port on the switch would have to be a trunk to pass traffic from all three vlans ( management and the 2 wireless vlans). I think the configuration problem might be
on the WAP not understanding , this vlan is for the BVI interface and this VLan is for the wireless network.

 

[oramacs]

I figured it out.

I didn't have sub0interfaces on my fastethernet port or my dot11radio0 interface for my vlans. Also the ports on the switchs were not trunk ports. Once I corrected, everything was ok.

thanks everyone.

Have a great weekend