Solved

Access Point not working in VLAN infrastructure

Posted on 2013-11-29
6
668 Views
Last Modified: 2013-12-02
I have a CAT3750 stack (backbone for servers) with VLAN1(native),vlan2,Vlan3.
ip routing is enabled on CAT3750 and also a gateway of last resort is defined which points to lan ip from the ASA firewall.Ip default gateway from CAT3750x points to ip interface vlan1 from the CAT3750
 ip routing enabled on the CAT3750
DHPS server 2008 R2 uses also the ip interface vlan1 from the CAT3750 stack
2 CAT2960 switches for clients and for the AP

Aerohive 2600 is connected on vlan2 port CAT2960 switch,the AP can be pinged from the switches and via cli from AP i can ping the switches and the DHCP server.However a WIFI client does not receive an IP address and when assigning a static ip address it cannnot even ping the ip from the AP or anything else
Cisco-AP-expertexch.rtf
cat3750X-29112013expertsexch-con.rtf
config-cat2960-1expertsexchange.rtf
config-cat2960-2expertsexch.rtf
0
Comment
Question by:antwerp2007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39686755
A few things here...

The AP has a few config issues...

1] The SSID is using WPA2, but the encryption is TKIP.  That's generally not advisable as some clients don't like to use TKIP with WPA2.  It's better to use WPA/TKIP and WPA2/AES.

2] The AP doesn't have a native VLAN configured.  The AP must have a native VLAN configured in order to put management traffic on the correct VLAN.  This must match the switchport native VLAN.

Can you confirm which switch/port the AP is connected to?
Does a wired client on VLAN2 receive an IP address?

Also, can you post the output from...

show vlan brief
show int trunk


...for each switch?
0
 
LVL 1

Author Comment

by:antwerp2007
ID: 39689407
Hi Craig, The AP is connected to Fa0/48 from CAT2960_1.
I enabled  vlan1 on CAT2960_2 because it was shutdown but this has no impact on the issue.
Can you verify the cli commands below to enable vlan1 (native) on an interface?
interface fastethernet 0.1
encapsulation dot1q 1 native

thank you for further help
The DHCP server (win 2K8 R2) is a member of the native VLAN1
The AP is connected to an access port from vlan2 and  the SSID exists in vlan2
Regards
Jurgen


CAT3750XCORE#
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9
                                                Gi1/0/10, Gi1/0/11, Gi1/0/12
                                                Gi1/0/13, Gi1/0/14, Gi1/0/15
                                                Gi1/0/16, Gi1/0/17, Gi1/0/18
                                                Gi1/0/19, Gi1/0/20, Gi1/0/23
                                                Gi1/1/1, Gi1/1/2, Gi1/1/3
                                                Gi1/1/4, Gi2/0/1, Gi2/0/2
                                                Gi2/0/3, Gi2/0/4, Gi2/0/5
                                                Gi2/0/6, Gi2/0/7, Gi2/0/8
                                                Gi2/0/9, Gi2/0/10, Gi2/0/11
                                                Gi2/0/12, Gi2/0/13, Gi2/0/14
                                                Gi2/0/15, Gi2/0/16, Gi2/0/17
                                                Gi2/0/18, Gi2/0/19, Gi2/0/20
                                                Gi2/0/23, Gi2/1/1, Gi2/1/2
                                                Gi2/1/3, Gi2/1/4
2    TSLNG-WIFI                       active    Gi1/0/21, Gi1/0/22, Gi2/0/21
                                                Gi2/0/22
3    TSLNG-VOICE                      active
1002 fddi-default                     act/unsup

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
CAT3750XCORE#

CAT3750XCORE#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/24    on               802.1q         trunking      1
Gi2/0/24    on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/24    1-4094
Gi2/0/24    1-4094

Port        Vlans allowed and active in management domain
Gi1/0/24    1-3
Gi2/0/24    1-3

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/24    none
Gi2/0/24    1-3
CAT3750XCORE#

CAT2960_1#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
2    TSLNG-WIFI                       active    Fa0/48
3    TSLNG-VOICE                      active    Fa0/25, Fa0/26, Fa0/27, Fa0/28
                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32
                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36
                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40
                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44
                                                Fa0/45, Fa0/46, Fa0/47
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
CAT2960_1#
Port        Mode             Encapsulation  Status        Native vlan
Gi0/3       on               802.1q         trunking      1
Gi0/4       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/3       1-4094
Gi0/4       1-4094

Port        Vlans allowed and active in management domain
Gi0/3       1-3
Gi0/4       1-3

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/3       1-3
Gi0/4       1-3
CAT2960_1#

CAT2960_2#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
2    TSLNG-WIFI                       active
3    TSLNG-VOICE                      active    Fa0/25, Fa0/26, Fa0/27, Fa0/28
                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32
                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36
                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40
                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44
                                                Fa0/45, Fa0/46, Fa0/47, Fa0/48
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
CAT2960_2#

CAT2960_2#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/3       on               802.1q         trunking      1
Gi0/4       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/3       1-4094
Gi0/4       1-4094
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39689576
Ok so your AP is connected to a port in VLAN2, and the SSID is also in VLAN2.  So, you don't need to configure VLANs on the AP at all if you want the AP's management IP to be on the same VLAN as the wireless users?
0
Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

 
LVL 1

Author Comment

by:antwerp2007
ID: 39689633
I think that i misunderstand the setup and believe i should connect the wired nic from the AP to an access port from a switch that belongs to vlan1.The SSID can be a member of vlan2.
Can you explain the possible scenarios? The ask me to configure the WIFI AP's in vlan2 but perhaps they mean that only the SSID should be a member of vlan2?What do you advice in my topology? i added the lines interface Gigabitethernet 0.1 and encapsulation dot1q 1 native to the AP config. Vlan1 should remain the native vlan1 in the topology.
However when i connect the AP to a vlan1 access port the WIFI connected client  also don't receive an ip adress
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39689652
If you want the management of the AP in VLAN1, but the SSID in VLAN2, you'd need to connect the AP to a switchport which is configured as a trunk, not an access port.

So, on the switch:

interface FastEthernet0/48
 switchport trunk encapsulation dot1q
 switchport mode trunk


You don't need to configure a native VLAN, as the default native VLAN is 1.  The native VLAN is the same as the management VLAN on the AP.

On the AP you'd need to configure both VLAN1 and VLAN2, then set VLAN1 as the native VLAN, and configure the SSID in VLAN2.
0
 
LVL 1

Author Comment

by:antwerp2007
ID: 39689662
Craig thank you i thought that i could use an access port instead of a trunk port for the AP
I' will change it now and also give the bvi1 an ip adress from the subnet range from VLAN1 and let you know
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month9 days, 1 hour left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question