[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need review of Cisco Access Point Config - multiple SSID config attempt failing

Posted on 2012-08-17
15
Medium Priority
?
1,068 Views
Last Modified: 2012-08-21
I have been trying unsuccessfully to get a good configuration for advertising multiple SSIDs from my Cisco 1100 AP.  I've deployed dozens of single ID and now finally I want to add a guest VLAN.  But after hours of attempts I can not get workstations to associate to either ID.  The SSIDs are advertised, beaconing ok.  The  Security Type selected in the connection (WPA Personal) would seem to be ok else the laptop would not even attempt.  If it was wrong it would immediately error.  And same with the Security Key.  If that was wrong it would error immediately.  Instead it tries to connect and eventually fails with a vague "Windwos was unable to connect to dognet".  Give the troubleshoot problem option which is useless.  Would one of the experts be good enough to review my AP configuration and let me know if you see anything goofed up?  Thank you!
AP-Config4EE-081712.txt
0
Comment
Question by:amigan_99
  • 10
  • 5
15 Comments
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38306670
Your config looks great!

One thing I'll say though is that sometimes the wireless connection will fail if the client can't obtain an IP address.  Perhaps you should check the switchport config where the AP attaches and ensure it is configured something like this...

interface GigabitEthernet0/1
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 32
end

Open in new window


Also, you could try plugging a laptop into the switchport to ensure you can obtain an IP address from the native VLAN.
0
 
LVL 1

Author Comment

by:amigan_99
ID: 38306796
Good thought.  I noticed that "switchport access" was still configured for a port although mode it set to trunk.  Now i have seem the mode trunk override switchport access vlan in the past.  But to remove doubt I removed the line switchport access vlan 32 and rebooted the access point.  And then I rebooted the laptop.  But alas no improvement.  

Original port config:

interface GigabitEthernet0/9
 description link to port 51B
 switchport access vlan 32                     ;removed this line but still no joy.
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 32
 switchport trunk allowed vlan 1,32,99
 switchport mode trunk

end
0
 
LVL 1

Author Comment

by:amigan_99
ID: 38306803
And yes - if I plug a laptop into the port it receives an IP address from the native untagged VLAN 32.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:amigan_99
ID: 38306925
ap#sho vlan

Virtual LAN ID:  1 (IEEE 802.1Q Encapsulation)

   vLAN Trunk Interfaces:  Dot11Radio0
FastEthernet0

   Protocols Configured:   Address:              Received:        Transmitted:
        Other                                          0                 489

   0 packets, 0 bytes input
   63 packets, 22113 bytes output
        Other                                          0                 489

   1836 packets, 148821 bytes input
   426 packets, 30876 bytes output

Virtual LAN ID:  32 (IEEE 802.1Q Encapsulation)

   vLAN Trunk Interfaces:  Dot11Radio0.32
FastEthernet0.32

 This is configured as native Vlan for the following interface(s) :
Dot11Radio0
FastEthernet0

   Protocols Configured:   Address:              Received:        Transmitted:
        Bridging        Bridge Group 1              11287               14215
        Other                                          0                   1

   0 packets, 0 bytes input
   14216 packets, 2407531 bytes output
        Bridging        Bridge Group 1              11287               14215
        Other                                          0                   1

   23866 packets, 3742570 bytes input
   0 packets, 0 bytes output

Virtual LAN ID:  99 (IEEE 802.1Q Encapsulation)

   vLAN Trunk Interfaces:  Dot11Radio0.99
FastEthernet0.99

   Protocols Configured:   Address:              Received:        Transmitted:
        Bridging        Bridge Group 99              1775                1765
        Other                                          0                   1

   0 packets, 0 bytes input
   1766 packets, 120374 bytes output
        Bridging        Bridge Group 99              1775                1765
        Other                                          0                   1

   1775 packets, 120700 bytes input
   0 packets, 0 bytes output
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38307372
Ok, can you remove the encryption from each SSID and try?
0
 
LVL 1

Author Comment

by:amigan_99
ID: 38307924
Thanks for the suggestion.  I'll give that a try on Monday when back in the office.
0
 
LVL 1

Author Comment

by:amigan_99
ID: 38312429
I set Client Key Management on both SSIDs to None.  Then I went to Encryption Manager and set encryption mode to both SSIDs to None.  And the result is the same.  Must be some problem with the VLANs not bridging into the wifi properly?
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38313167
Can you post the config with the encryption turned off?
0
 
LVL 1

Author Comment

by:amigan_99
ID: 38313219
0
 
LVL 1

Author Comment

by:amigan_99
ID: 38317320
Good news.  I got my hands on an AP1240 and put in pretty much all the same configuration as the 1100 and this is working.  Both are advertising and I can attach with WPA.  One difference is I did not create named VLANs.  But otherwise not sure what the difference is.  Perhaps you see something?  I also found working in the CLI to be much easier than in the dern GUI.  I keep bumping into roadblocks in the GUI that requires me to pop into another menu.
WorkingAP1240-2VLANs.txt
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 38317853
That's good news!  I don't know why I didn't pick up on the mobility VLAN you had assigned to each SSID, but it actually does matter!

I'm usually a fan of the console, but with Autonomous Aironet APs I generally use the GUI for tasks such as creating VLANs as the console tends to make the GUI moan for certain things.  Just out of interest, do you get a pop-up complaining about VLANs if you go back to the CLI now?
0
 
LVL 1

Author Comment

by:amigan_99
ID: 38317921
Great question.  So check out
Screen-Shot-2012-08-21-at-12.37..png
0
 
LVL 1

Author Comment

by:amigan_99
ID: 38317925
Both SSID have similar error when clicked in the GUI.  :-(  But I finally have my dual SSID and dual VLAN.  So perhaps I'll just have to ditch the GUI.  Unless you have some insight!
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 38317973
Unfortunately not!  Usually once you've configured VLANs in the CLI you can't use the GUI until you let it reconfigure your SSIDs.

I'd stick with the CLI though - you can do everything you need from there, and you can still use the GUI for monitoring associations, etc, if you need to.

The good news is that the error is probably a coding error and the AP will function properly.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 38317991
Thanks for walking through the configuration.  Sometimes it takes bouncing thoughts off someone else to make progress like the case here!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question