What's Missing?

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: What's Missing?

Re: What's Missing?

by memoozzee » Tue May 29, 2012 8:31 am

guys , please i need to understand this ,

so if my switch has switchport access vlan 10
and in my access point GUI , i choose NO VLAN and created the ssid and broadcast it

does this work or not !!
my running configuration

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
logging rate-limit console 9
enable secret 5 $1$X2oV$NOnrfHGT8GzTHJa/ibDeZ0
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid nayef
authentication open
guest-mode
!
!
!
username cisco privilege 15 password 7 110A1016141D
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip ro

consoleute-cache
!
ssid nayef
!
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid nayef
!
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.226.11.11 255.255.255.0
ip helper-address 172.16.28.143
no ip route-cache
!
interface BVI10
mtu 1514
no ip address
no ip route-cache
!
ip default-gateway 10.226.11.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/sm ... g/help/eag
bridge 1 route ip
!
!
!
line con 0
login local
length 0
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
line vty 5 15
exec-timeout 0 0
logging synchronous
login
!
end


as far as i see it works and i can get ip from dhcp pool server , but am still doubting
should i make them subinterfaces and assign vlan 10 to subinterf and make the switch port trunk


ok my question is when i make it in default configuration like NO VLAN and just ssid and broadcast and apply ,, and the switch port is vlan 10 , it works
does this means that when the packet comes to the switch , it assigned to vlan 10 by it self
like the packet comes from access point is raw and the switch tag it and make it 10

or i MUST make vlan 10 and subinterf and make the switch port as trunk



please enlighten me !!!!

Re:What's Missing?

by Guest » Thu Sep 17, 2009 10:48 am


No prob!  Feel free to post up if you run into anything else :)Jeff

Re:What's Missing?

by Guest » Thu Sep 17, 2009 10:08 am


Exactly that I needed. Thanks for all your help and for your time, Jeff. Very much Appreciated.-Nelson

Re:What's Missing?

by Guest » Thu Sep 17, 2009 8:36 am


There was another topic a while ago where someone asked about some of these concepts.  Read through this thread if you have a few minutes:http://forums.cisco.com/eforum/servlet/ ... cd4a100You only ever need one BVI interface, and this is traditionally the interface that you place the IP address on.  The problem with using an IP address on either the Gig or Radio interface is that the AP becomes unreachable if you shut one of them down.  This is rarely an issue with placing the IP on the Gig interface since you likely lose power to the AP if it becomes shutdown.  But most implementations use the BVI1 as your management interface.Each SSID has its own VLAN, and each VLAN gets its own pair of subinterfaces (radio and gig).  The number used for the pair doesn't matter (could be dot0.1 and gig0.11 if you want...), what matters is that they're on the same bridge-group and have the same VLAN assigned to them.Now, you're using an access port on your switch, so you actually shouldn't be using subinterfaces.  Subinterfaces imply trunking, and the AP will think it's connected to a trunk if you use them.  You can still use them if you configure them to use VLAN 30 natively, which means that no tagging will be used (allowing it to talk to your access port).  But the best thing to do would be to wipe out the subinterfaces and place bridge-group 1 directly on the physical interfaces.If you want to configure multiple SSIDs, you'll need to create a new pair of subinterfaces for each one as described above.  Make sure you match the native VLAN with what's on your switch config (defaults to VLAN 1 on the switch).  Additionally, bridge-group 1 should always be used on your native VLAN subinterfaces.  Traditionally, the bridge-group number will match the VLAN number (which traditionally matches the subinterface number).  This keeps things clean and easy to read when the number on these three config lines match each other (other than the native using bridge-group 1).Sorry to make things so complicated.  One other note based on your example config in the above post, but SSIDs are never configured for a bridge-group.  They are matched to the bridge-group via the VLAN.  So configure it like this:SSID TESTauthentication openvlan 40int gig0.40encapsulation dot1q 40bridge-group 40int dot0.40encapsulation dot1q 40bridge-group 40Again, using "40" for everything makes it clean and easy to read.  You'll then need to configure your switchport as a trunk (with VLAN 30 as native):interface gigX/Xswitchport encapsulation dot1qswitchport mode trunkswitchport trunk native vlan 30Make sense?Jeff

Re:What's Missing?

by Guest » Thu Sep 17, 2009 8:20 am


So what happens when I have multiple SSIDs? If I were to add another SSID and VLAN, I would have:SSID TESTVLAN 40Bridge-Group 3int Gigabit 0.3int dot0.3All of this of course being under bridge-group 3. Is this correct? Would I need another BVI interface for this?I don't seem to quite understand the function of the BVI interface.Right now, I have an IP address assigned to the actual gigabit 0 interface and it's what I use to SSH into my AP, instead of using the BVI interface's IP address.As far as my switchport goes, I have it set as a regular access port on VLAN 30 because I'm only using one SSID or VLAN on the access point. I know if I wanted to pass more VLANs I would have to turn the switchport into a trunk, right?

Top