antwerp2007
asked on
Access Point not working in VLAN infrastructure
I have a CAT3750 stack (backbone for servers) with VLAN1(native),vlan2,Vlan3.
ip routing is enabled on CAT3750 and also a gateway of last resort is defined which points to lan ip from the ASA firewall.Ip default gateway from CAT3750x points to ip interface vlan1 from the CAT3750
ip routing enabled on the CAT3750
DHPS server 2008 R2 uses also the ip interface vlan1 from the CAT3750 stack
2 CAT2960 switches for clients and for the AP
Aerohive 2600 is connected on vlan2 port CAT2960 switch,the AP can be pinged from the switches and via cli from AP i can ping the switches and the DHCP server.However a WIFI client does not receive an IP address and when assigning a static ip address it cannnot even ping the ip from the AP or anything else
Cisco-AP-expertexch.rtf
cat3750X-29112013expertsexch-con.rtf
config-cat2960-1expertsexchange.rtf
config-cat2960-2expertsexch.rtf
ip routing is enabled on CAT3750 and also a gateway of last resort is defined which points to lan ip from the ASA firewall.Ip default gateway from CAT3750x points to ip interface vlan1 from the CAT3750
ip routing enabled on the CAT3750
DHPS server 2008 R2 uses also the ip interface vlan1 from the CAT3750 stack
2 CAT2960 switches for clients and for the AP
Aerohive 2600 is connected on vlan2 port CAT2960 switch,the AP can be pinged from the switches and via cli from AP i can ping the switches and the DHCP server.However a WIFI client does not receive an IP address and when assigning a static ip address it cannnot even ping the ip from the AP or anything else
Cisco-AP-expertexch.rtf
cat3750X-29112013expertsexch-con.rtf
config-cat2960-1expertsexchange.rtf
config-cat2960-2expertsexch.rtf
ASKER
Hi Craig, The AP is connected to Fa0/48 from CAT2960_1.
I enabled vlan1 on CAT2960_2 because it was shutdown but this has no impact on the issue.
Can you verify the cli commands below to enable vlan1 (native) on an interface?
interface fastethernet 0.1
encapsulation dot1q 1 native
thank you for further help
The DHCP server (win 2K8 R2) is a member of the native VLAN1
The AP is connected to an access port from vlan2 and the SSID exists in vlan2
Regards
Jurgen
CAT3750XCORE#
VLAN Name Status Ports
---- --------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/23
Gi1/1/1, Gi1/1/2, Gi1/1/3
Gi1/1/4, Gi2/0/1, Gi2/0/2
Gi2/0/3, Gi2/0/4, Gi2/0/5
Gi2/0/6, Gi2/0/7, Gi2/0/8
Gi2/0/9, Gi2/0/10, Gi2/0/11
Gi2/0/12, Gi2/0/13, Gi2/0/14
Gi2/0/15, Gi2/0/16, Gi2/0/17
Gi2/0/18, Gi2/0/19, Gi2/0/20
Gi2/0/23, Gi2/1/1, Gi2/1/2
Gi2/1/3, Gi2/1/4
2 TSLNG-WIFI active Gi1/0/21, Gi1/0/22, Gi2/0/21
Gi2/0/22
3 TSLNG-VOICE active
1002 fddi-default act/unsup
VLAN Name Status Ports
---- --------------------------
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CAT3750XCORE#
CAT3750XCORE#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/24 on 802.1q trunking 1
Gi2/0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/24 1-4094
Gi2/0/24 1-4094
Port Vlans allowed and active in management domain
Gi1/0/24 1-3
Gi2/0/24 1-3
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/24 none
Gi2/0/24 1-3
CAT3750XCORE#
CAT2960_1#sh vlan brief
VLAN Name Status Ports
---- --------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
2 TSLNG-WIFI active Fa0/48
3 TSLNG-VOICE active Fa0/25, Fa0/26, Fa0/27, Fa0/28
Fa0/29, Fa0/30, Fa0/31, Fa0/32
Fa0/33, Fa0/34, Fa0/35, Fa0/36
Fa0/37, Fa0/38, Fa0/39, Fa0/40
Fa0/41, Fa0/42, Fa0/43, Fa0/44
Fa0/45, Fa0/46, Fa0/47
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CAT2960_1#
Port Mode Encapsulation Status Native vlan
Gi0/3 on 802.1q trunking 1
Gi0/4 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/3 1-4094
Gi0/4 1-4094
Port Vlans allowed and active in management domain
Gi0/3 1-3
Gi0/4 1-3
Port Vlans in spanning tree forwarding state and not pruned
Gi0/3 1-3
Gi0/4 1-3
CAT2960_1#
CAT2960_2#sh vlan brief
VLAN Name Status Ports
---- --------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
2 TSLNG-WIFI active
3 TSLNG-VOICE active Fa0/25, Fa0/26, Fa0/27, Fa0/28
Fa0/29, Fa0/30, Fa0/31, Fa0/32
Fa0/33, Fa0/34, Fa0/35, Fa0/36
Fa0/37, Fa0/38, Fa0/39, Fa0/40
Fa0/41, Fa0/42, Fa0/43, Fa0/44
Fa0/45, Fa0/46, Fa0/47, Fa0/48
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CAT2960_2#
CAT2960_2#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi0/3 on 802.1q trunking 1
Gi0/4 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/3 1-4094
Gi0/4 1-4094
I enabled vlan1 on CAT2960_2 because it was shutdown but this has no impact on the issue.
Can you verify the cli commands below to enable vlan1 (native) on an interface?
interface fastethernet 0.1
encapsulation dot1q 1 native
thank you for further help
The DHCP server (win 2K8 R2) is a member of the native VLAN1
The AP is connected to an access port from vlan2 and the SSID exists in vlan2
Regards
Jurgen
CAT3750XCORE#
VLAN Name Status Ports
---- --------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/23
Gi1/1/1, Gi1/1/2, Gi1/1/3
Gi1/1/4, Gi2/0/1, Gi2/0/2
Gi2/0/3, Gi2/0/4, Gi2/0/5
Gi2/0/6, Gi2/0/7, Gi2/0/8
Gi2/0/9, Gi2/0/10, Gi2/0/11
Gi2/0/12, Gi2/0/13, Gi2/0/14
Gi2/0/15, Gi2/0/16, Gi2/0/17
Gi2/0/18, Gi2/0/19, Gi2/0/20
Gi2/0/23, Gi2/1/1, Gi2/1/2
Gi2/1/3, Gi2/1/4
2 TSLNG-WIFI active Gi1/0/21, Gi1/0/22, Gi2/0/21
Gi2/0/22
3 TSLNG-VOICE active
1002 fddi-default act/unsup
VLAN Name Status Ports
---- --------------------------
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CAT3750XCORE#
CAT3750XCORE#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/24 on 802.1q trunking 1
Gi2/0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/24 1-4094
Gi2/0/24 1-4094
Port Vlans allowed and active in management domain
Gi1/0/24 1-3
Gi2/0/24 1-3
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/24 none
Gi2/0/24 1-3
CAT3750XCORE#
CAT2960_1#sh vlan brief
VLAN Name Status Ports
---- --------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
2 TSLNG-WIFI active Fa0/48
3 TSLNG-VOICE active Fa0/25, Fa0/26, Fa0/27, Fa0/28
Fa0/29, Fa0/30, Fa0/31, Fa0/32
Fa0/33, Fa0/34, Fa0/35, Fa0/36
Fa0/37, Fa0/38, Fa0/39, Fa0/40
Fa0/41, Fa0/42, Fa0/43, Fa0/44
Fa0/45, Fa0/46, Fa0/47
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CAT2960_1#
Port Mode Encapsulation Status Native vlan
Gi0/3 on 802.1q trunking 1
Gi0/4 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/3 1-4094
Gi0/4 1-4094
Port Vlans allowed and active in management domain
Gi0/3 1-3
Gi0/4 1-3
Port Vlans in spanning tree forwarding state and not pruned
Gi0/3 1-3
Gi0/4 1-3
CAT2960_1#
CAT2960_2#sh vlan brief
VLAN Name Status Ports
---- --------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
2 TSLNG-WIFI active
3 TSLNG-VOICE active Fa0/25, Fa0/26, Fa0/27, Fa0/28
Fa0/29, Fa0/30, Fa0/31, Fa0/32
Fa0/33, Fa0/34, Fa0/35, Fa0/36
Fa0/37, Fa0/38, Fa0/39, Fa0/40
Fa0/41, Fa0/42, Fa0/43, Fa0/44
Fa0/45, Fa0/46, Fa0/47, Fa0/48
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CAT2960_2#
CAT2960_2#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi0/3 on 802.1q trunking 1
Gi0/4 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/3 1-4094
Gi0/4 1-4094
Ok so your AP is connected to a port in VLAN2, and the SSID is also in VLAN2. So, you don't need to configure VLANs on the AP at all if you want the AP's management IP to be on the same VLAN as the wireless users?
ASKER
I think that i misunderstand the setup and believe i should connect the wired nic from the AP to an access port from a switch that belongs to vlan1.The SSID can be a member of vlan2.
Can you explain the possible scenarios? The ask me to configure the WIFI AP's in vlan2 but perhaps they mean that only the SSID should be a member of vlan2?What do you advice in my topology? i added the lines interface Gigabitethernet 0.1 and encapsulation dot1q 1 native to the AP config. Vlan1 should remain the native vlan1 in the topology.
However when i connect the AP to a vlan1 access port the WIFI connected client also don't receive an ip adress
Can you explain the possible scenarios? The ask me to configure the WIFI AP's in vlan2 but perhaps they mean that only the SSID should be a member of vlan2?What do you advice in my topology? i added the lines interface Gigabitethernet 0.1 and encapsulation dot1q 1 native to the AP config. Vlan1 should remain the native vlan1 in the topology.
However when i connect the AP to a vlan1 access port the WIFI connected client also don't receive an ip adress
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Craig thank you i thought that i could use an access port instead of a trunk port for the AP
I' will change it now and also give the bvi1 an ip adress from the subnet range from VLAN1 and let you know
I' will change it now and also give the bvi1 an ip adress from the subnet range from VLAN1 and let you know
The AP has a few config issues...
1] The SSID is using WPA2, but the encryption is TKIP. That's generally not advisable as some clients don't like to use TKIP with WPA2. It's better to use WPA/TKIP and WPA2/AES.
2] The AP doesn't have a native VLAN configured. The AP must have a native VLAN configured in order to put management traffic on the correct VLAN. This must match the switchport native VLAN.
Can you confirm which switch/port the AP is connected to?
Does a wired client on VLAN2 receive an IP address?
Also, can you post the output from...
show vlan brief
show int trunk
...for each switch?