Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Wireless AP1242 with vlans and a 3560 switch

Status
Not open for further replies.

Deepseadata

Technical User
Jul 10, 2008
123
DE
Hey everyone, thanks for having a look at this post.

Someday this thread will teach people everything they need to know when configuring an aironet access point to trunk multiple vlans to a 3560 Layer 3 switch.

I have 15 access points using PoE and are already installed (but unconfigured)in a place where physical access (to console port and reset button)is impossible.
If I make a mistake I could lose access and be in deep trouble.

I have the switch and one AP to practice my procedures on. I would like your opinion as to what order I should do the config.

AP config steps: (I beg you to let me know if it looks fishy)

1)Plug AP (with factory settings) to a switchport access interface on 3560 and let dhcp send AP an IP address to allow me telnet to AP.

2)In AP, setup one FastEther sub-int for each vlan

3)Setup Dot11radio1 sub-int for each vlan

4)Change the BVI1 IP Address to my desired subnet. (and immediately lose connectivity from telnet)

5)unplug from switch's access port.

6)plug AP into a trunk port on the 3560.

7)pray! (or smile and telnet from 3560 to AP through my new trunk and carry on)

How much did I miss? Please help me fill in the blanks while I scour Cisco and forums for answers.

Setting up trunking on the AP is a little foggy for me still, too.

When I eventually get a good config built. I think I'll do step one with DHCP and then TFTP a config to AP, copy run-start, reload, move the AP to a trunk port and pray for it to come back online.

I humbly wait for any replies.



 
Trouble in happy land.

I can't get the AP to 3560 trunk working right for some reason.

I had IP conectivity working when I was using BVI1, Dot110 (no sub-int), and Fa0 (no sub-int). But I was planning on using, BVI50, Dot0.50, and Fa0.50 (vlan 50 is for my management) to stay true to my initial network design.

I keep thinking that it's a native vlan problem but let me show you some config info... maybe there's something wrong.

BVI50 is in an Up Up state when the configs are like this... but I don't see the AP on the 3560's arp table.

Switch Side
-----------
!
interface GigabitEthernet0/5
description Aironet 1242
power inline never
switchport trunk encapsulation dot1q
switchport trunk native vlan 50
switchport mode trunk


AP1242 side
-----------
interface Dot11Radio0.50
encapsulation dot1q 50 native
bridge-group 50
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled

interface FastEthernet0.50
encapsulation dot1q 50 native
bridge-group 50
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
bridge-group 50 spanning-disabled

interface BVI1
no ip address
no ip route-cache

interface BVI50
ip address 192.168.50.22 /24

ip default-gateway 192.168.50.200 (ip address of switch's vlan 50 management address)
bridge 1 route ip


I read somewhere that the native vlan shouldn't belong to a bridge-group. But when I took 0.50 out of its bridge group the port went to down down.

When I put it in the brifge-group BVI50 goes up up but I don't see any arp info or get any IP connectivity.

Am I doing something wrong?


 
It looks right . What is doing the routing for vlan 50 ? The default gateway should be the address of the interface of the layer 3 device doing the routing for vlan 50. Do you see the ap via cdp neighbor ok ? If its directly connected to the 3560 and its doing the routing you should be able to ping it even if the default gateway was incorrect . When you do a show interface trunk on the 3560 does that look ok ? On the switchport feeding the ap you could add switchport nonegotiate and see what happens , other than that it looks ok.
 
One thing to check is to make sure int bvi1 is down/down, . You may not be able to have more than 1 BVI active at a given time , add the shut command to bvi1.
 
I did the dummy setup with the http server and it worked. I went back into the config and saw that it put the Fa0.50 and Dot0.50 into bridge-group 1 instead of the 50 I had in there.

Thanks for stopping in Viper! I have some more stuff to do with Tacacs and Radius... so stay tuned.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top