Access Point not working in VLAN infrastructure

I have a CAT3750 stack (backbone for servers) with VLAN1(native),vlan2,Vlan3.
ip routing is enabled on CAT3750 and also a gateway of last resort is defined which points to lan ip from the ASA firewall.Ip default gateway from CAT3750x points to ip interface vlan1 from the CAT3750
 ip routing enabled on the CAT3750
DHPS server 2008 R2 uses also the ip interface vlan1 from the CAT3750 stack
2 CAT2960 switches for clients and for the AP

Aerohive 2600 is connected on vlan2 port CAT2960 switch,the AP can be pinged from the switches and via cli from AP i can ping the switches and the DHCP server.However a WIFI client does not receive an IP address and when assigning a static ip address it cannnot even ping the ip from the AP or anything else
Cisco-AP-expertexch.rtf
cat3750X-29112013expertsexch-con.rtf
config-cat2960-1expertsexchange.rtf
config-cat2960-2expertsexch.rtf
LVL 1
antwerp2007Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Craig BeckConnect With a Mentor Commented:
If you want the management of the AP in VLAN1, but the SSID in VLAN2, you'd need to connect the AP to a switchport which is configured as a trunk, not an access port.

So, on the switch:

interface FastEthernet0/48
 switchport trunk encapsulation dot1q
 switchport mode trunk


You don't need to configure a native VLAN, as the default native VLAN is 1.  The native VLAN is the same as the management VLAN on the AP.

On the AP you'd need to configure both VLAN1 and VLAN2, then set VLAN1 as the native VLAN, and configure the SSID in VLAN2.
0
 
Craig BeckCommented:
A few things here...

The AP has a few config issues...

1] The SSID is using WPA2, but the encryption is TKIP.  That's generally not advisable as some clients don't like to use TKIP with WPA2.  It's better to use WPA/TKIP and WPA2/AES.

2] The AP doesn't have a native VLAN configured.  The AP must have a native VLAN configured in order to put management traffic on the correct VLAN.  This must match the switchport native VLAN.

Can you confirm which switch/port the AP is connected to?
Does a wired client on VLAN2 receive an IP address?

Also, can you post the output from...

show vlan brief
show int trunk


...for each switch?
0
 
antwerp2007Author Commented:
Hi Craig, The AP is connected to Fa0/48 from CAT2960_1.
I enabled  vlan1 on CAT2960_2 because it was shutdown but this has no impact on the issue.
Can you verify the cli commands below to enable vlan1 (native) on an interface?
interface fastethernet 0.1
encapsulation dot1q 1 native

thank you for further help
The DHCP server (win 2K8 R2) is a member of the native VLAN1
The AP is connected to an access port from vlan2 and  the SSID exists in vlan2
Regards
Jurgen


CAT3750XCORE#
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9
                                                Gi1/0/10, Gi1/0/11, Gi1/0/12
                                                Gi1/0/13, Gi1/0/14, Gi1/0/15
                                                Gi1/0/16, Gi1/0/17, Gi1/0/18
                                                Gi1/0/19, Gi1/0/20, Gi1/0/23
                                                Gi1/1/1, Gi1/1/2, Gi1/1/3
                                                Gi1/1/4, Gi2/0/1, Gi2/0/2
                                                Gi2/0/3, Gi2/0/4, Gi2/0/5
                                                Gi2/0/6, Gi2/0/7, Gi2/0/8
                                                Gi2/0/9, Gi2/0/10, Gi2/0/11
                                                Gi2/0/12, Gi2/0/13, Gi2/0/14
                                                Gi2/0/15, Gi2/0/16, Gi2/0/17
                                                Gi2/0/18, Gi2/0/19, Gi2/0/20
                                                Gi2/0/23, Gi2/1/1, Gi2/1/2
                                                Gi2/1/3, Gi2/1/4
2    TSLNG-WIFI                       active    Gi1/0/21, Gi1/0/22, Gi2/0/21
                                                Gi2/0/22
3    TSLNG-VOICE                      active
1002 fddi-default                     act/unsup

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
CAT3750XCORE#

CAT3750XCORE#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/24    on               802.1q         trunking      1
Gi2/0/24    on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/24    1-4094
Gi2/0/24    1-4094

Port        Vlans allowed and active in management domain
Gi1/0/24    1-3
Gi2/0/24    1-3

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/24    none
Gi2/0/24    1-3
CAT3750XCORE#

CAT2960_1#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
2    TSLNG-WIFI                       active    Fa0/48
3    TSLNG-VOICE                      active    Fa0/25, Fa0/26, Fa0/27, Fa0/28
                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32
                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36
                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40
                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44
                                                Fa0/45, Fa0/46, Fa0/47
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
CAT2960_1#
Port        Mode             Encapsulation  Status        Native vlan
Gi0/3       on               802.1q         trunking      1
Gi0/4       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/3       1-4094
Gi0/4       1-4094

Port        Vlans allowed and active in management domain
Gi0/3       1-3
Gi0/4       1-3

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/3       1-3
Gi0/4       1-3
CAT2960_1#

CAT2960_2#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
2    TSLNG-WIFI                       active
3    TSLNG-VOICE                      active    Fa0/25, Fa0/26, Fa0/27, Fa0/28
                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32
                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36
                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40
                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44
                                                Fa0/45, Fa0/46, Fa0/47, Fa0/48
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
CAT2960_2#

CAT2960_2#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/3       on               802.1q         trunking      1
Gi0/4       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/3       1-4094
Gi0/4       1-4094
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
Craig BeckCommented:
Ok so your AP is connected to a port in VLAN2, and the SSID is also in VLAN2.  So, you don't need to configure VLANs on the AP at all if you want the AP's management IP to be on the same VLAN as the wireless users?
0
 
antwerp2007Author Commented:
I think that i misunderstand the setup and believe i should connect the wired nic from the AP to an access port from a switch that belongs to vlan1.The SSID can be a member of vlan2.
Can you explain the possible scenarios? The ask me to configure the WIFI AP's in vlan2 but perhaps they mean that only the SSID should be a member of vlan2?What do you advice in my topology? i added the lines interface Gigabitethernet 0.1 and encapsulation dot1q 1 native to the AP config. Vlan1 should remain the native vlan1 in the topology.
However when i connect the AP to a vlan1 access port the WIFI connected client  also don't receive an ip adress
0
 
antwerp2007Author Commented:
Craig thank you i thought that i could use an access port instead of a trunk port for the AP
I' will change it now and also give the bvi1 an ip adress from the subnet range from VLAN1 and let you know
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.