Solved

AIR-SAP2602E configuration

Posted on 2013-06-01
2
1,621 Views
Last Modified: 2013-06-02
I am hoping to find a solution to my problem here.

I am trying to configure a new device I received recently.  One that I have never configured before and I am stumped.

Basically it should be straightforward.

I should see 2 ssid's
net1 on vlan 102 using tkip
net2 on vlan 200 using wep

I can connect to net2 and access the internet just fine.  It obtains an IP from the ASA 5510. The idea is to provide visitors here access to the internet only.  

However when I connect to net1 it accepts my key but only gives me the dreaded 169.254.x.x address only.  I should be assigned a 10.101.2.x address and be able to access the internet and host all over this LAN and across the WAN.  But no go.

The AP is connected to a Cat 3750 and its port is configured:
switchport trunk encapsulation dot1q
switchport trunk native vlan 100 (this is the vlan I use for static host such as this AP
switchport mode trunk
This 3750 is also issuing addresses for vlan102 so anything connecting to net1 should obtain an address from this pool but it isn't.

vlans on the Cat 3750 are:
vlan100 - static clients using 10.101.0.x
vlan101 - static clients using 10.101.1.x
vlan102 - dhcp pool on 10.101.2.x all host reachable any where and internet access
vlan150 - dhcp pool on 172.16. 6.192/26 for voip phones
vlan200 - visitors to this facility internet only ips issued by ASA


Everything else woks but I am stumped by this one and any help would be much appreciated.

Here is my configuration of the AP with all sensitive info changed.

Current configuration : 3448 bytes
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP01
!
logging rate-limit console 9
enable secret 5 123456.
!
no aaa new-model
no ip routing
!
!
ip dhcp-server 10.101.0.1
dot11 syslog
!
dot11 ssid net1
   vlan 102
   authentication open
   authentication key-management wpa
   mbssid guest-mode dtim-period 2
   wpa-psk ascii 7 anencrypted password
!
dot11 ssid net2
   vlan 200
   authentication open
   guest-mode
   mbssid guest-mode dtim-period 1
!
dot11 network-map
power inline negotiation prestandard source
crypto pki token default removal timeout 0
!
!
username someuser password 7 hasnolife
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 encryption vlan 102 mode ciphers tkip
 !
 encryption vlan 200 key 1 size 40bit 7 a40bitkey transmit-key
 encryption vlan 200 mode wep mandatory
 !
 encryption vlan 100 mode ciphers tkip
 !
 ssid net1
 !
 ssid net2
 !
 antenna gain 5
 stbc
 mbssid
 station-role root
!
interface Dot11Radio0.102
 encapsulation dot1Q 102 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.200
 encapsulation dot1Q 200
 no ip route-cache
 bridge-group 200
 bridge-group 200 subscriber-loop-control
 bridge-group 200 spanning-disabled
 bridge-group 200 block-unknown-source
 no bridge-group 200 source-learning
 no bridge-group 200 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 encryption vlan 102 mode ciphers tkip
 !
 encryption vlan 200 key 1 size 40bit 7 a40bitkey transmit-key
 encryption vlan 200 mode wep mandatory
 !
 encryption vlan 100 mode ciphers tkip
 !
 ssid net1
 !
 ssid net2
 !
 antenna gain 5
 dfs band 3 block
 stbc
 mbssid
 channel width 40-above
 channel dfs
 station-role root
!
interface Dot11Radio1.102
 encapsulation dot1Q 102 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.200
 encapsulation dot1Q 200
 no ip route-cache
 bridge-group 200
 bridge-group 200 subscriber-loop-control
 bridge-group 200 spanning-disabled
 bridge-group 200 block-unknown-source
 no bridge-group 200 source-learning
 no bridge-group 200 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.102
 encapsulation dot1Q 102 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.200
 encapsulation dot1Q 200
 no ip route-cache
 bridge-group 200
 bridge-group 200 spanning-disabled
 no bridge-group 200 source-learning
!
interface BVI1
 ip address 10.101.0.41 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.101.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
end


If you need more details let me know and thank you for your time.
0
Comment
Question by:OICU821
2 Comments
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39214603
You've set VLAN102 as the native VLAN on the AP.  However, you've set VLAN100 as the native VLAN on the switchport.

You should set VLAN100 as the native VLAN on the AP.  Even if you don't associate VLAN100 with any SSIDs, you should still define it on the AP.
0
 

Author Closing Comment

by:OICU821
ID: 39214916
Thank you.  This is resolved now.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now