Solved

Access Point not working in VLAN infrastructure

Posted on 2013-11-29
6
634 Views
Last Modified: 2013-12-02
I have a CAT3750 stack (backbone for servers) with VLAN1(native),vlan2,Vlan3.
ip routing is enabled on CAT3750 and also a gateway of last resort is defined which points to lan ip from the ASA firewall.Ip default gateway from CAT3750x points to ip interface vlan1 from the CAT3750
 ip routing enabled on the CAT3750
DHPS server 2008 R2 uses also the ip interface vlan1 from the CAT3750 stack
2 CAT2960 switches for clients and for the AP

Aerohive 2600 is connected on vlan2 port CAT2960 switch,the AP can be pinged from the switches and via cli from AP i can ping the switches and the DHCP server.However a WIFI client does not receive an IP address and when assigning a static ip address it cannnot even ping the ip from the AP or anything else
Cisco-AP-expertexch.rtf
cat3750X-29112013expertsexch-con.rtf
config-cat2960-1expertsexchange.rtf
config-cat2960-2expertsexch.rtf
0
Comment
Question by:antwerp2007
  • 3
  • 3
6 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39686755
A few things here...

The AP has a few config issues...

1] The SSID is using WPA2, but the encryption is TKIP.  That's generally not advisable as some clients don't like to use TKIP with WPA2.  It's better to use WPA/TKIP and WPA2/AES.

2] The AP doesn't have a native VLAN configured.  The AP must have a native VLAN configured in order to put management traffic on the correct VLAN.  This must match the switchport native VLAN.

Can you confirm which switch/port the AP is connected to?
Does a wired client on VLAN2 receive an IP address?

Also, can you post the output from...

show vlan brief
show int trunk


...for each switch?
0
 
LVL 1

Author Comment

by:antwerp2007
ID: 39689407
Hi Craig, The AP is connected to Fa0/48 from CAT2960_1.
I enabled  vlan1 on CAT2960_2 because it was shutdown but this has no impact on the issue.
Can you verify the cli commands below to enable vlan1 (native) on an interface?
interface fastethernet 0.1
encapsulation dot1q 1 native

thank you for further help
The DHCP server (win 2K8 R2) is a member of the native VLAN1
The AP is connected to an access port from vlan2 and  the SSID exists in vlan2
Regards
Jurgen


CAT3750XCORE#
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9
                                                Gi1/0/10, Gi1/0/11, Gi1/0/12
                                                Gi1/0/13, Gi1/0/14, Gi1/0/15
                                                Gi1/0/16, Gi1/0/17, Gi1/0/18
                                                Gi1/0/19, Gi1/0/20, Gi1/0/23
                                                Gi1/1/1, Gi1/1/2, Gi1/1/3
                                                Gi1/1/4, Gi2/0/1, Gi2/0/2
                                                Gi2/0/3, Gi2/0/4, Gi2/0/5
                                                Gi2/0/6, Gi2/0/7, Gi2/0/8
                                                Gi2/0/9, Gi2/0/10, Gi2/0/11
                                                Gi2/0/12, Gi2/0/13, Gi2/0/14
                                                Gi2/0/15, Gi2/0/16, Gi2/0/17
                                                Gi2/0/18, Gi2/0/19, Gi2/0/20
                                                Gi2/0/23, Gi2/1/1, Gi2/1/2
                                                Gi2/1/3, Gi2/1/4
2    TSLNG-WIFI                       active    Gi1/0/21, Gi1/0/22, Gi2/0/21
                                                Gi2/0/22
3    TSLNG-VOICE                      active
1002 fddi-default                     act/unsup

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
CAT3750XCORE#

CAT3750XCORE#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/24    on               802.1q         trunking      1
Gi2/0/24    on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/24    1-4094
Gi2/0/24    1-4094

Port        Vlans allowed and active in management domain
Gi1/0/24    1-3
Gi2/0/24    1-3

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/24    none
Gi2/0/24    1-3
CAT3750XCORE#

CAT2960_1#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
2    TSLNG-WIFI                       active    Fa0/48
3    TSLNG-VOICE                      active    Fa0/25, Fa0/26, Fa0/27, Fa0/28
                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32
                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36
                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40
                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44
                                                Fa0/45, Fa0/46, Fa0/47
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
CAT2960_1#
Port        Mode             Encapsulation  Status        Native vlan
Gi0/3       on               802.1q         trunking      1
Gi0/4       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/3       1-4094
Gi0/4       1-4094

Port        Vlans allowed and active in management domain
Gi0/3       1-3
Gi0/4       1-3

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/3       1-3
Gi0/4       1-3
CAT2960_1#

CAT2960_2#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
2    TSLNG-WIFI                       active
3    TSLNG-VOICE                      active    Fa0/25, Fa0/26, Fa0/27, Fa0/28
                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32
                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36
                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40
                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44
                                                Fa0/45, Fa0/46, Fa0/47, Fa0/48
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
CAT2960_2#

CAT2960_2#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/3       on               802.1q         trunking      1
Gi0/4       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/3       1-4094
Gi0/4       1-4094
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39689576
Ok so your AP is connected to a port in VLAN2, and the SSID is also in VLAN2.  So, you don't need to configure VLANs on the AP at all if you want the AP's management IP to be on the same VLAN as the wireless users?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 1

Author Comment

by:antwerp2007
ID: 39689633
I think that i misunderstand the setup and believe i should connect the wired nic from the AP to an access port from a switch that belongs to vlan1.The SSID can be a member of vlan2.
Can you explain the possible scenarios? The ask me to configure the WIFI AP's in vlan2 but perhaps they mean that only the SSID should be a member of vlan2?What do you advice in my topology? i added the lines interface Gigabitethernet 0.1 and encapsulation dot1q 1 native to the AP config. Vlan1 should remain the native vlan1 in the topology.
However when i connect the AP to a vlan1 access port the WIFI connected client  also don't receive an ip adress
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39689652
If you want the management of the AP in VLAN1, but the SSID in VLAN2, you'd need to connect the AP to a switchport which is configured as a trunk, not an access port.

So, on the switch:

interface FastEthernet0/48
 switchport trunk encapsulation dot1q
 switchport mode trunk


You don't need to configure a native VLAN, as the default native VLAN is 1.  The native VLAN is the same as the management VLAN on the AP.

On the AP you'd need to configure both VLAN1 and VLAN2, then set VLAN1 as the native VLAN, and configure the SSID in VLAN2.
0
 
LVL 1

Author Comment

by:antwerp2007
ID: 39689662
Craig thank you i thought that i could use an access port instead of a trunk port for the AP
I' will change it now and also give the bvi1 an ip adress from the subnet range from VLAN1 and let you know
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now