SSIDs, VLANs and a Cisco 2900 series switch...

[americanmcneil]

The scenerio:

There are 5 outdoor broadband wireless radios mounted around town. These radios transmit SSIDs which the end user can log on to. The radio can associate the SSID with a VLAN. Radios broadcasting multiple SSIDs can associate each SSID with an individual VLAN.

The question:

How do I configure my Cisco 2900 series switch to split up the incomeing VLANs and then allow only certain VLANs out certain ports to the controllers for RADIUS server authentication and internet logon?

 

[vipergg]

You will probably have to setup the radios and the switch for trunking which allows multiple vlans across a single link .

http://www.cisco.com/en/US/products...n_guide_chapter09186a00800d84be.html#xtocid23

 

[americanmcneil]

Thanks for the help Vipergg.

 

[americanmcneil]

OK, so I am trying to enter in my vlan database and set my static vlan ports. Ports are set but every time I try to apply the vlan in the database, it tells me that it cannot do so in CLIENT mode. Any know how I can get out of client mode?

thanks in advance
scott "thrown to the wolves" mcneil

 

[vipergg]

In the database just change it vtp mode transparent .

 

[americanmcneil]

Thanks Vipergg, I'll give it a shot

 

[americanmcneil]

ok, here is the scene:

I have a wap that comes into my network. Its data is tagged with vlan 50. When the wap is plugged directly into the controller, i get an ip, i get sent to my login page and once logged in, i get sent to the internet. When I put my switch in the mix it changes. I have my ports configured for native vlan 50. I have vlan 50 in my database. so the chain now goes, wap to switch, switch to controller. Now when i go out and get my connection, i get an ip, and i get sent to my portal page. However when i log in, it just spins its wheels and doesn't take me to the internet.

Anyone have a clue?

Scott "thrown to the wolves" McNeil

 

[vipergg]

Yeah that doesn't make a lot of sense , if you get all the way to the portal which I assume comes from the controller .Are you getting the correct default gateway when you pull an address ?

 

[americanmcneil]

Well it has to be something in my configuration. On a whim I ran my wap to a little linksys 5 port switch and it works. I can linkup, get an IP, login, and then roam about the internet. So I am guessing I need a littel help with my configuration. At the moment everything is based on VLAN 50.

ip subnet-zero
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface Fast
!
interface FastEthernet0/5
!
interface FastEthernet0/6
duplex full
speed 100
switchport access vlan 50
!
interface FastEthernet0/7
duplex full
speed 100
switchport access vlan 50
!
interface FastEthernet0/8
duplex full
speed 100
switchport access vlan 50
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50,1002-1005
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface VLAN1
no ip directed-broadcast
no ip route-cache
!

so port 6 and 7 are my radios and port 8 is my uplink to the controller. Any suggestions?

Scott

 

[americanmcneil]

oh and here is the sh vlan brief:

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/9, Fa0/10, Fa0/11,
Fa0/12, Fa0/13, Fa0/14, Fa0/15,
Fa0/16, Fa0/17, Fa0/18, Fa0/19,
Fa0/20, Fa0/21, Fa0/22, Fa0/23,
Fa0/24
2 VLAN0002 active
3 VLAN0003 active
4 VLAN0004 active
20 VLAN0020 active
21 VLAN0021 active
22 VLAN0022 active
23 VLAN0023 active
24 VLAN0024 active
25 VLAN0025 active
27 VLAN0027 active
28 VLAN0028 active
50 freeWiFi active Fa0/6, Fa0/7, Fa0/8
99 VLAN0099 active
126 VLAN0126 active
129 VLAN0129 active
--More--
130 VLAN0130 active
132 VLAN0132 active
135 VLAN0135 active
190 VLAN0190 active
191 VLAN0191 active
209 VLAN0209 active
210 VLAN0210 active
211 VLAN0211 active
212 VLAN0212 active
213 VLAN0213 active
214 VLAN0214 active
215 VLAN0215 active
228 VLAN0228 active
229 VLAN0229 active
231 VLAN0231 active
251 VLAN0251 active
252 VLAN0252 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Epproach2#

 

[vipergg]

Are you sure the controller can be setup for a trunk ? Looks like the uplink is set as a trunk . My guess is the trunk is not working correctly or at all . You could try to set up f0/8 as just an access port in vlan 50 just to see if that works , if so then the trunk setup is not working correctly .

 

[americanmcneil]

yes the controller can handle a trunk but i am going to try to set 0/8 with just vlan 50 and no trunk and see what happens. I was also getting an error as well: 2d18h: %LINK-4-ERROR, so i looked it up and i said to check speed and duplex settings so i set everything at 100 and full just to be sure. I havent seen that error again but the day is young.

 

[americanmcneil]

Ok so much for that theory, still getting %LINK-4-ERROR when ever someone tries to log in while running through 2900 switch. All of the ports dealing with the vlan have the same duplex (full) and speed (100) so i am not sure what to do. This may be the root of the entire problem. Any clues?

 

[vipergg]

Try putting "spanning tree portfast" on all user interfaces on the 2900 , it may be timing out waiting for spanning tree to run .

 

[americanmcneil]

well i tried the portfast and still no go. i am still getting the %LINK-4-ERROR errors. I guess what is really bugging me is that when i plug the wap into a linksys 5 port workgroup switch the darn thing works but when i go through my 2900XL it doesn't. I need the 2900 to work so i can direct the waps with multiple vlans and split them up.

And Viper, i really appreciate all of your help so far. Any other ideas I might try?

 

[americanmcneil]

oh, and should i be in vtp server or vtp transparent?

 

[vipergg]

running out of ideas , can't imagine what it could be if you have the ports and uplinks in vlan 50 with portfast turned on and it won't even work as a access port as that is all the linksys really is doing . Maybe you could try and put all your ports in vlan 1 and see if you can get thru , not really sure what to tell you at this point .

 

[americanmcneil]

for the record as well, when the 2900xl is left unconfigured so it is just straight switching, it still doesnt work, yet the linksys 5 port does. Anyone have a clue on what the linksys is doing that the 2900xl is not?

 

[helpdeskdan]

Is the linksys 10bt or something? I once had a 10bt hub (all I could find) that I was trying to get working with a piece of cisco equipment which I have long since forgotten. (Maybe old 7200, can't remember) No settings would work. I set it for half duplex and 10 and it would still not communicate. The moral of the story is that sometimes poorly designed Ethernet interfaces don't work no matter what you do.

 

[americanmcneil]

Well I tell ya, I am beginning to think there is something wrong with my 2900xl. For giggles I hooked up to an Asus 1024i 10/100 smart switch with no config and it works like the linksys. The documentation for the asus says it has VLAN support and controlls and whatnot so I am going to try my luck with it and see what happens. I'll let yall know. In the meantime, again, if anyone has any ideas about whats up with my 2900xl, please let me know.