SNMP Configuration on Cisco Aironet 1130ag

I am using Solarwinds Network Performance Monitor and I'm trying to get my AP's added but they don't show up.
I see that snmp server on the AP's is enabled for under the BVI1 Interface. I don't have an IP address associated with that interface.
I tried moving it to a different interface that has an IP address but it just keeps defaulting to that BVI interface.
Is it possible to enable SNMP on a different interface?

The error I get on the GUI of the AP is "Can't open UDP Socket"

Cisco Aironet 1130ag Series Access Point
LVL 3
WinsoupAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
All traffic on Aironet APs is sourced from the BVI interface if they run IOS software.  BVI1 is the default interface.  If it has no IP your config is probably bad.

Can you post the config?
0
Salah Eddine ELMRABETTechnical Lead Manager (Owner)Commented:
Hi,

The APs are autonom or managed by a network controller?

If there are autonome, you need to check your BVI interface IP configuration.

Else if you are using Light AP which will be managed by controller, you need only to integrate the controller to Solarwinds and then you will manage all the APs managed by the controller

Please advice on you AP type and Solarwinds NPM version

Regards.

Salah
0
WinsoupAuthor Commented:
I will post the config tomorrow morning when I get back for you guys to check out.
0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

WinsoupAuthor Commented:
Attached is the config. .24 is for internal AD users authenticated through Radius and .25 is for guest access.

I do not use a controller to manage all AP's and NPM Version is 11.5
Config.txt
0
Craig BeckCommented:
Ok so the issue is the config.

The IP address should be bound to the BVI1 interface.  That interface should then be the bridge-group for VLAN 2 (even though it's not attached to a SSID).

The way to rectify this is to modify the VLAN config on the AP, and the switchport.  You don't use VLAN 1 so there's no point in it being configured on the AP.  VLAN 2 should be native on the AP and the switchport.

Try this on the switchport...
interface FastEthernet0/1
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,24-25
 spanning-tree portfast trunk

Open in new window


Try this code on the AP...
Current configuration : 4181 bytes
!
! Last configuration change at 15:57:19 -0500 Wed Apr 8 2015 by cisco
! NVRAM config last updated at 15:18:52 -0500 Wed Apr 8 2015 by cisco
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Name_AP1C
!
enable secret 5 $1$9L6T$UMAmdR9harF7p83a.yIm6.
!
aaa new-model
!
!
aaa group server radius rad_eap
 server 10.10.4.3 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local 
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
clock timezone -0600 -6
clock summer-time -0500 recurring
!
!
!
dot11 ssid Name
   vlan 24
   authentication open eap eap_methods 
   authentication network-eap eap_methods 
   authentication key-management wpa
   mbssid guest-mode
!
dot11 ssid Name-Guest
   vlan 25
   authentication open 
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 053C0F01025E4F0F0D5346
!
power inline negotiation prestandard source
!
!
username Name password 7 152202094E7D7976
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 24 mode ciphers tkip 
 !
 encryption vlan 25 mode ciphers tkip 
 !
 !
 broadcast-key change 240
 !
 !
 ssid Name
 !
 ssid Name-Guest
 !
 mbssid
 station-role root
 no dot11 extension aironet
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.24
 encapsulation dot1Q 24
 no ip route-cache
 bridge-group 24
 bridge-group 24 subscriber-loop-control
 bridge-group 24 block-unknown-source
 no bridge-group 24 source-learning
 no bridge-group 24 unicast-flooding
 bridge-group 24 spanning-disabled
!
interface Dot11Radio0.25
 encapsulation dot1Q 25
 no ip route-cache
 bridge-group 25
 bridge-group 25 subscriber-loop-control
 bridge-group 25 block-unknown-source
 no bridge-group 25 source-learning
 no bridge-group 25 unicast-flooding
 bridge-group 25 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 no dfs band block
 channel dfs
 station-role root
 no dot11 extension aironet
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet0.2
 encapsulation dot1Q 2 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.24
 description Internal Wireless
 encapsulation dot1Q 24
 no ip route-cache
 bridge-group 24
 no bridge-group 24 source-learning
 bridge-group 24 spanning-disabled
!
interface FastEthernet0.25
 description Guest Network
 encapsulation dot1Q 25
 no ip route-cache
 bridge-group 25
 no bridge-group 25 source-learning
 bridge-group 25 spanning-disabled
!
interface BVI1
 ip address 10.10.2.241 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.10.2.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface FastEthernet0.2 
snmp-server community public RO
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.10.4.3 auth-port 1645 acct-port 1646 key 7 121A0C041104
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
 password 7 00341A034E0C5954
 login ctrlc-disable
line vty 0 4
!
sntp server 10.10.4.56
sntp broadcast client
end

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WinsoupAuthor Commented:
Thanks, let me give that a try on my test AP and I'll get back to you.
0
WinsoupAuthor Commented:
I uploaded the new config with IP on the BVI internface and now I can't connect to it or ping it. This is what originally what happened which is the reason that interface wasn't being used. Any thoughts?
0
Craig BeckCommented:
Can you see the AP on the switch if you do show cdp neighbor interface fastethernet0/1 detail (substitute fastethernet0/1 with the real interface obviously)
0
WinsoupAuthor Commented:
Yes I can see it from the switch.
0
WinsoupAuthor Commented:
One sec, I'm an idiot. Forgot to change the IP address for my test AP.
Let me re-test and I'll get back to you.
0
WinsoupAuthor Commented:
Awesome, that works! Thank you very much.
0
Craig BeckCommented:
My pleasure :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.