Solved

Cisco AP Wireless connectivity with vlans

Posted on 2013-05-16
1
502 Views
Last Modified: 2013-07-10
Good morning,

I'm trying to setup my Cisco 1100 series AP with multiple SSIDs/Vlans. I'm connecting to a Cisco 3560 L3 switch. I can connect to each SSID fine, however I am not getting DHCP. I tried to ping on the switch to my AP, and am not getting a response their either. If I connect to the AP and give myself a static, I am able to the ping AP itself, but nothing else. I'll attach configs of both. I tried messing around with the Native vlan settings hoping that would be it, but no joy.

Switch -The AP is plugged directly into 0/3
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TestL3
!
boot-start-marker
boot-end-marker
!
enable secret 5 *
!
username *
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
ip domain-name test.local
!
!
crypto pki trustpoint TP-self-signed-363944448
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-363944448
 revocation-check none
 rsakeypair TP-self-signed-363944448
!
!
crypto pki certificate chain TP-self-signed-363944448
 certificate self-signed 01
  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363339 34343434 38301E17 0D393330 33303130 30303130
  325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3336 33393434
  34343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  B396BF37 2D6141AB 1AB9C351 0EBBA0FA 1FFA5EC0 A71E00D9 DCFA2A9F 61844058
  C61ED81C 7127FD2A AC7563E3 56C9519E 675F4A56 FC0A5F42 08A4D3C2 2F7567A1
  80C0CB89 DBE9313F CDC5088D 97A9F912 C5438B47 752997C9 00C74D96 3DE155B7
  8BE7ACE4 5C5C770C F475C888 0B853A30 87D10246 31760443 7B2FADC6 4201F765
  02030100 01A37130 6F300F06 03551D13 0101FF04 05300301 01FF301C 0603551D
  11041530 13821154 6573744C 332E7465 73742E6C 6F63616C 301F0603 551D2304
  18301680 14208A70 9B383B59 69A01261 FD65A6E9 5333555C CE301D06 03551D0E
  04160414 208A709B 383B5969 A01261FD 65A6E953 33555CCE 300D0609 2A864886
  F70D0101 04050003 81810074 28EA15FD A396C004 45C4AF6D F089A324 4F598BAE
  3E06521B 0EF00D5A BB28236A DB440EF8 77245CB7 3BD81511 186177F2 71921BCC
  EA70972A 2D40AD28 9F98B48B 811BF80D 5BE5C12D 8C355C9D 1E8A63BB 6D2A3F45
  F4ABEB90 4E73F361 5C106AE2 DA892FDE F281D480 8927CDE6 B5058CC0 601BFA96
  942E4D81 AB047CB8 A91B37
  quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
vlan dot1q tag native
!
!
!
interface GigabitEthernet0/1
 no switchport
 ip address 10.190.1.2 255.255.255.248
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 5,10
!
interface GigabitEthernet0/4
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/6
 switchport access vlan 5
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/7
 switchport access vlan 5
 switchport mode access
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface Vlan1
 no ip address
!
interface Vlan5
 ip address 172.10.10.10 255.255.255.0
 ip helper-address 172.10.11.4
!
interface Vlan10
 ip address 172.10.11.1 255.255.255.0
 ip helper-address 172.10.11.4
!
interface Vlan62
 ip address 192.168.62.10 255.255.255.0
!
interface Vlan190
 no ip address
!
ip default-gateway 10.190.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.190.1.1
ip http server
ip http secure-server
!

!
ip sla enable reaction-alerts
!
!
!
line con 0
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login
!
end

Open in new window


AP:
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TestAP
!
no logging console
enable secret 5 $1$96mE$L0iD2hzQC9cPu2.alC8gl0
!
clock timezone GMT -5
clock summer-time T recurring
ip subnet-zero
!
!
ip scp server enable
login delay 3
no aaa new-model
dot11 vlan-name LukeTest vlan 10
dot11 vlan-name TEST vlan 5
!
dot11 ssid Luke
   vlan 10
   max-associations 2
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 *
!
dot11 ssid PRLTEST
   vlan 5
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 *
!
!
!
username *
!
buffers verybig permanent 15
buffers verybig min-free 10
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 5 mode ciphers aes-ccm
 !
 encryption vlan 10 mode ciphers aes-ccm
 !
 ssid Luke
 !
 ssid PRLTEST
 !
 mbssid
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Dot11Radio0.5
 encapsulation dot1Q 5
 no ip route-cache
 bridge-group 5
 bridge-group 5 subscriber-loop-control
 bridge-group 5 port-protected
 bridge-group 5 block-unknown-source
 no bridge-group 5 source-learning
 no bridge-group 5 unicast-flooding
 bridge-group 5 spanning-disabled
!
interface Dot11Radio0.10
 encapsulation dot1Q 10 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 hold-queue 80 in
!
interface FastEthernet0.5
 encapsulation dot1Q 5
 ip helper-address 172.10.11.4
 no ip route-cache
 bridge-group 5
 no bridge-group 5 source-learning
 bridge-group 5 spanning-disabled
!
interface FastEthernet0.10
 encapsulation dot1Q 10 native
 ip helper-address 172.10.11.4
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 172.10.11.15 255.255.255.0
 ip helper-address 172.10.11.4
 no ip redirects
 no ip unreachables
 no ip route-cache
!
ip default-gateway 172.10.11.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
control-plane
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end

Open in new window

0
Comment
Question by:prlit
1 Comment
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
Comment Utility
Couple of things....

The port where your AP connects is missing vital config (in BOLD)...

interface GigabitEthernet0/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 5,10
 switchport mode trunk


Your AP doesn't need IP helper addresses on it at all - remove them from the FastEthernet subinterfaces.  The IP helper should go on the VLAN5 interface on the L3 switch, but you don't need one on the VLAN10 interface as the DHCP server is already on that VLAN.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now