-
1
- #1
Hi,
I have a question in regards to setting up a wireless workgroup bridge. The basic setup I have is a wireless AP with a management VLAN 100, and user VLAN 10, which is connected to the wired network. I wanted to setup a workgroup bridge so that I can get some clients without wireless cards connected to the network. I am able to get this setup ok so that users connect to the bridge's Ethernet port (via a hub) and they get an IP address from VLAN 10 and they are able to browse the network. However, I wanted to find a way to put an IP address in VLAN 100 on the wireless bridge so that I can manage the bridge remotely.
I suspect there is a problem in my config somewhere because I can't even get CDP going across the wireless bridge. I figured that to get communication working over the management VLAN 100, all I'd need to do is setup the VLAN 100 as a subinterface on the dot0 radios on the AP and bridge and attached it to BVI1 (via the 'bridge-group' command), but that didn't work.
Am I missing something simple?
Below is the config I am using:
-----------------------
Wireless AP
-----------------------
version 12.3
service nagle
!
hostname AP
!
enable password cisco
!
ip subnet-zero
no ip domain lookup
ip domain name domain.com
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
aaa new-model
!
!
aaa session-id common
!
dot11 ssid Wireless
vlan 10
authentication open
guest-mode
!
!
!
username cisco password cisco
!
bridge irb
!
!
interface Dot11Radio0
description *** 802.11b/g Radio ***
no ip address
no ip route-cache
!
encryption vlan 10 key 1 size 128bit 7 *removed* transmit-key
encryption vlan 10 mode wep mandatory
!
ssid Wireless
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
!
interface FastEthernet0.10
description *** Wireless users VLAN ***
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface FastEthernet0.100
description *** Management VLAN ***
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 172.20.100.101 255.255.255.0
no ip route-cache
!
ip default-gateway 172.20.100.253
no ip http server
no ip http secure-server
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
exec-timeout 20 0
line vty 0 4
exec-timeout 20 0
privilege level 15
transport input ssh
line vty 5 15
exec-timeout 20 0
privilege level 15
transport input ssh
-----------------------
Wireless workgroup bridge
-----------------------
version 12.3
service nagle
!
hostname AP
!
enable password cisco
!
ip subnet-zero
no ip domain lookup
ip domain name domain.com
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
aaa new-model
!
!
aaa session-id common
!
dot11 ssid Wireless
vlan 10
authentication open
guest-mode
!
!
!
username cisco password cisco
!
bridge irb
!
!
interface Dot11Radio0
description *** 802.11b/g Radio ***
no ip address
no ip route-cache
!
encryption vlan 10 key 1 size 128bit 7 *removed* transmit-key
encryption vlan 10 mode wep mandatory
!
ssid Wireless
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role workgroup-bridge
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
!
interface FastEthernet0.10
description *** Wireless users VLAN ***
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface BVI1
ip address 172.20.100.105 255.255.255.0
no ip route-cache
!
ip default-gateway 172.20.100.253
no ip http server
no ip http secure-server
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
exec-timeout 20 0
line vty 0 4
exec-timeout 20 0
privilege level 15
transport input ssh
line vty 5 15
exec-timeout 20 0
privilege level 15
transport input ssh
I have a question in regards to setting up a wireless workgroup bridge. The basic setup I have is a wireless AP with a management VLAN 100, and user VLAN 10, which is connected to the wired network. I wanted to setup a workgroup bridge so that I can get some clients without wireless cards connected to the network. I am able to get this setup ok so that users connect to the bridge's Ethernet port (via a hub) and they get an IP address from VLAN 10 and they are able to browse the network. However, I wanted to find a way to put an IP address in VLAN 100 on the wireless bridge so that I can manage the bridge remotely.
I suspect there is a problem in my config somewhere because I can't even get CDP going across the wireless bridge. I figured that to get communication working over the management VLAN 100, all I'd need to do is setup the VLAN 100 as a subinterface on the dot0 radios on the AP and bridge and attached it to BVI1 (via the 'bridge-group' command), but that didn't work.
Am I missing something simple?
Below is the config I am using:
-----------------------
Wireless AP
-----------------------
version 12.3
service nagle
!
hostname AP
!
enable password cisco
!
ip subnet-zero
no ip domain lookup
ip domain name domain.com
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
aaa new-model
!
!
aaa session-id common
!
dot11 ssid Wireless
vlan 10
authentication open
guest-mode
!
!
!
username cisco password cisco
!
bridge irb
!
!
interface Dot11Radio0
description *** 802.11b/g Radio ***
no ip address
no ip route-cache
!
encryption vlan 10 key 1 size 128bit 7 *removed* transmit-key
encryption vlan 10 mode wep mandatory
!
ssid Wireless
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
!
interface FastEthernet0.10
description *** Wireless users VLAN ***
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface FastEthernet0.100
description *** Management VLAN ***
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 172.20.100.101 255.255.255.0
no ip route-cache
!
ip default-gateway 172.20.100.253
no ip http server
no ip http secure-server
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
exec-timeout 20 0
line vty 0 4
exec-timeout 20 0
privilege level 15
transport input ssh
line vty 5 15
exec-timeout 20 0
privilege level 15
transport input ssh
-----------------------
Wireless workgroup bridge
-----------------------
version 12.3
service nagle
!
hostname AP
!
enable password cisco
!
ip subnet-zero
no ip domain lookup
ip domain name domain.com
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
aaa new-model
!
!
aaa session-id common
!
dot11 ssid Wireless
vlan 10
authentication open
guest-mode
!
!
!
username cisco password cisco
!
bridge irb
!
!
interface Dot11Radio0
description *** 802.11b/g Radio ***
no ip address
no ip route-cache
!
encryption vlan 10 key 1 size 128bit 7 *removed* transmit-key
encryption vlan 10 mode wep mandatory
!
ssid Wireless
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role workgroup-bridge
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
!
interface FastEthernet0.10
description *** Wireless users VLAN ***
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface BVI1
ip address 172.20.100.105 255.255.255.0
no ip route-cache
!
ip default-gateway 172.20.100.253
no ip http server
no ip http secure-server
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
exec-timeout 20 0
line vty 0 4
exec-timeout 20 0
privilege level 15
transport input ssh
line vty 5 15
exec-timeout 20 0
privilege level 15
transport input ssh
