Solved

AIR-SAP2602E configuration

Posted on 2013-06-01
2
1,630 Views
Last Modified: 2013-06-02
I am hoping to find a solution to my problem here.

I am trying to configure a new device I received recently.  One that I have never configured before and I am stumped.

Basically it should be straightforward.

I should see 2 ssid's
net1 on vlan 102 using tkip
net2 on vlan 200 using wep

I can connect to net2 and access the internet just fine.  It obtains an IP from the ASA 5510. The idea is to provide visitors here access to the internet only.  

However when I connect to net1 it accepts my key but only gives me the dreaded 169.254.x.x address only.  I should be assigned a 10.101.2.x address and be able to access the internet and host all over this LAN and across the WAN.  But no go.

The AP is connected to a Cat 3750 and its port is configured:
switchport trunk encapsulation dot1q
switchport trunk native vlan 100 (this is the vlan I use for static host such as this AP
switchport mode trunk
This 3750 is also issuing addresses for vlan102 so anything connecting to net1 should obtain an address from this pool but it isn't.

vlans on the Cat 3750 are:
vlan100 - static clients using 10.101.0.x
vlan101 - static clients using 10.101.1.x
vlan102 - dhcp pool on 10.101.2.x all host reachable any where and internet access
vlan150 - dhcp pool on 172.16. 6.192/26 for voip phones
vlan200 - visitors to this facility internet only ips issued by ASA


Everything else woks but I am stumped by this one and any help would be much appreciated.

Here is my configuration of the AP with all sensitive info changed.

Current configuration : 3448 bytes
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP01
!
logging rate-limit console 9
enable secret 5 123456.
!
no aaa new-model
no ip routing
!
!
ip dhcp-server 10.101.0.1
dot11 syslog
!
dot11 ssid net1
   vlan 102
   authentication open
   authentication key-management wpa
   mbssid guest-mode dtim-period 2
   wpa-psk ascii 7 anencrypted password
!
dot11 ssid net2
   vlan 200
   authentication open
   guest-mode
   mbssid guest-mode dtim-period 1
!
dot11 network-map
power inline negotiation prestandard source
crypto pki token default removal timeout 0
!
!
username someuser password 7 hasnolife
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 encryption vlan 102 mode ciphers tkip
 !
 encryption vlan 200 key 1 size 40bit 7 a40bitkey transmit-key
 encryption vlan 200 mode wep mandatory
 !
 encryption vlan 100 mode ciphers tkip
 !
 ssid net1
 !
 ssid net2
 !
 antenna gain 5
 stbc
 mbssid
 station-role root
!
interface Dot11Radio0.102
 encapsulation dot1Q 102 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.200
 encapsulation dot1Q 200
 no ip route-cache
 bridge-group 200
 bridge-group 200 subscriber-loop-control
 bridge-group 200 spanning-disabled
 bridge-group 200 block-unknown-source
 no bridge-group 200 source-learning
 no bridge-group 200 unicast-flooding
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 encryption vlan 102 mode ciphers tkip
 !
 encryption vlan 200 key 1 size 40bit 7 a40bitkey transmit-key
 encryption vlan 200 mode wep mandatory
 !
 encryption vlan 100 mode ciphers tkip
 !
 ssid net1
 !
 ssid net2
 !
 antenna gain 5
 dfs band 3 block
 stbc
 mbssid
 channel width 40-above
 channel dfs
 station-role root
!
interface Dot11Radio1.102
 encapsulation dot1Q 102 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.200
 encapsulation dot1Q 200
 no ip route-cache
 bridge-group 200
 bridge-group 200 subscriber-loop-control
 bridge-group 200 spanning-disabled
 bridge-group 200 block-unknown-source
 no bridge-group 200 source-learning
 no bridge-group 200 unicast-flooding
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.102
 encapsulation dot1Q 102 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 no bridge-group 1 source-learning
!
interface GigabitEthernet0.200
 encapsulation dot1Q 200
 no ip route-cache
 bridge-group 200
 bridge-group 200 spanning-disabled
 no bridge-group 200 source-learning
!
interface BVI1
 ip address 10.101.0.41 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.101.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
!
end


If you need more details let me know and thank you for your time.
0
Comment
Question by:OICU821
2 Comments
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39214603
You've set VLAN102 as the native VLAN on the AP.  However, you've set VLAN100 as the native VLAN on the switchport.

You should set VLAN100 as the native VLAN on the AP.  Even if you don't associate VLAN100 with any SSIDs, you should still define it on the AP.
0
 

Author Closing Comment

by:OICU821
ID: 39214916
Thank you.  This is resolved now.
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
stacking switches 2 45
VIRL IP adress 3 58
Add Mac address reservation to Sonicwall TZ 210 router 1 44
DHCP Server 14 62
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now