Solved

AP 1130 vlan doesn't exist on radio-802.11a (via GUI)

Posted on 2014-12-10
1
489 Views
Last Modified: 2014-12-10
Hello All,

I just reconfigured new AP 1130. I have two ssids. One works One also works but I get a public IP when I get on instead of one of the vlans. When I use GUI I get the "vlan 4 doesn't exist on radio-802.11a see services - vlan) which I did. Both radio buttons are checked. Can anyone see what might be the issue here? See below config. We're talking about vlan4 and the ssid for it is swecoustest

e_AP#test aaa group radius xx  xxxxxxx leg
Attempting authentication test to server-group radius using radius
User was successfully authenticated.






Current configuration : 6856 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Suzlon_Elgin_MainOffice_AP
!
logging rate-limit console 9
enable secret 5xxxxxxxxxxxxxxxxx.
enable password 7 xxxxxxxxxxx
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius RAD_EAP
 server xxxxxxx auth-port 1812 acct-port 1646
 server xxxxxxx auth-port 1812 acct-port 1813
 server xxxxxxx auth-port 1812 acct-port 1813
!
aaa authentication login default group tacacs+ local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap-method group radius
aaa authentication login EAP group RAD_EAP
aaa authorization network default group RAD_EAP
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
!
dot11 mbssid
dot11 syslog
!
dot11 ssid SWECOGUESTTEST
   vlan 5
   authentication open
   authentication key-management wpa
   mbssid guest-mode dtim-period 75
   wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxx
!
dot11 ssid SWECOUSTEST
   vlan 4
   authentication open eap EAP
   authentication key-management wpa
   accounting acct_methods
   guest-mode
   mbssid guest-mode
!
!
crypto pki trustpoint TP-self-signed-3491121958
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3491121958
 revocation-check none
 rsakeypair TP-self-signed-3491121958
!
!
crypto pki certificate chain TP-self-signed-3491121958
 certificate self-signed 01
  quit
username Cisco password 7 xxxxxxxxxx
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 4 mode ciphers aes-ccm
 !
 encryption vlan 5 mode ciphers tkip
 !
 ssid SWECOGUESTTEST
 !
 ssid SWECOUSTEST
 !
 speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0
 channel 2412
 station-role root
 world-mode dot11d country-code US indoor
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.4
 encapsulation dot1Q 4
 no ip route-cache
 bridge-group 4
 bridge-group 4 subscriber-loop-control
 bridge-group 4 block-unknown-source
 no bridge-group 4 source-learning
 no bridge-group 4 unicast-flooding
 bridge-group 4 spanning-disabled
!
interface Dot11Radio0.5
 encapsulation dot1Q 5
 no ip route-cache
 bridge-group 5
 bridge-group 5 subscriber-loop-control
 bridge-group 5 block-unknown-source
 no bridge-group 5 source-learning
 no bridge-group 5 unicast-flooding
 bridge-group 5 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption vlan 4 mode ciphers aes-ccm
 !
 encryption vlan 5 mode ciphers tkip
 !
 ssid SWECOGUESTTEST
 !
 ssid SWECOUSTEST
 !
 dfs band 3 block
 channel dfs
 station-role root
 world-mode dot11d country-code US indoor
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1.4
 encapsulation dot1Q 4
 no ip route-cache
 bridge-group 4
 bridge-group 4 subscriber-loop-control
 bridge-group 4 block-unknown-source
 no bridge-group 4 source-learning
 no bridge-group 4 unicast-flooding
 bridge-group 4 spanning-disabled
!
interface Dot11Radio1.5
 encapsulation dot1Q 5
 no ip route-cache
 bridge-group 5
 bridge-group 5 subscriber-loop-control
 bridge-group 5 block-unknown-source
 no bridge-group 5 source-learning
 no bridge-group 5 unicast-flooding
 bridge-group 5 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.4
 encapsulation dot1Q 4
 no ip route-cache
 bridge-group 4
 no bridge-group 4 source-learning
 bridge-group 4 spanning-disabled
!
interface FastEthernet0.5
 encapsulation dot1Q 5
 no ip route-cache
 bridge-group 5
 no bridge-group 5 source-learning
 bridge-group 5 spanning-disabled
!
interface BVI1
 ip address xxxxxxxx 255.255.255.0
 no ip route-cache
!
ip default-gateway xxxxxxxxxxxx
ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server host xxxxxxx auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxx
radius-server host xxxxxxxx auth-port 1812 acct-port 1813 key 7 xxxxxxxxx
bridge 1 route ip
0
Comment
Question by:Shark Attack
1 Comment
 
LVL 1

Accepted Solution

by:
Shark Attack earned 0 total points
ID: 40491834
Just to keep everyone up to date, there was an issue with vlans. I have put the AP on a different vlan and it worked. thanks all
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Read about achieving the basic levels of HRIS security in the workplace.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now