Need assitance with setting up Cisco Aironet 1200
kmcintosh78
Member Posts: 195
in CCNP
Having little to no experience is setting up a WAP, I am looking for some help.
I have it already set up as a basic config. I have the BVI1 interface configured for my local network (10.0.4.251/25) and need the WAP to basically function like a simple bridge, where the 3560 is driving the DHCP, as it already does for the rest of the network.
I need to have the IP network 10.0.4.0/24 handed out to the wireless devices, with simple password access and no broadcast of the SSID.
Thanks and I love this site.
I have it already set up as a basic config. I have the BVI1 interface configured for my local network (10.0.4.251/25) and need the WAP to basically function like a simple bridge, where the 3560 is driving the DHCP, as it already does for the rest of the network.
I need to have the IP network 10.0.4.0/24 handed out to the wireless devices, with simple password access and no broadcast of the SSID.
Thanks and I love this site.
What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year)
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year)
Comments
-
kmcintosh78 Member Posts: 195I walked the process shown in this video https://www.youtube.com/watch?v=5RE55VBsyDE&list=WLK7a47Sy4vAxCu3HqxKRV2XZDFBMWi7iE, but I am not able to connect a device to it.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmcintosh78 Member Posts: 195CiscoAiroNet#show run
Building configuration...
Current configuration : 1812 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CiscoAiroNet
!
enable secret 5 XXXXX
!
ip subnet-zero
!
!
no aaa new-model
dot11 vlan-name DataVlan vlan 4
!
dot11 ssid EquityCamera
vlan 4
authentication open
mobility network-id 4
!
!
!
username Cisco password 7 XXXXXX
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers wep128
!
encryption vlan 4 key 1 size 128bit 7 E54F376C597A16792841E3067927 transmit-key
encryption vlan 4 mode wep mandatory
!
ssid EquityCamera
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
bridge-group 4 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
no bridge-group 4 source-learning
bridge-group 4 spanning-disabled
!
interface BVI1
ip address 10.0.4.251 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.4.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
endWhat I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmcintosh78 Member Posts: 195The internal network I need it to connect to is Vlan 4 10.0.4.0/24.
ThanksWhat I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
Legacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□How many vlans do you have for your data networks? I may be be able to help you but in my network I have 1 vlan for data and 1 for voice if your topology is similar I can give you a hand.
-
kmcintosh78 Member Posts: 195How many vlans do you have for your data networks? I may be be able to help you but in my network I have 1 vlan for data and 1 for voice if your topology is similar I can give you a hand.
There are 4 VLANs in total, but the main VLAN for Data is VLAN 4 and VLAN 1 is for voice. The device I am trying to connect to the WAP is an IP Camera.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
Legacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□I assume dhcp is all setup so whatever connects to the ports in vlan 4 on the switch gets the correct ip addresses right?
-
kmcintosh78 Member Posts: 195I assume dhcp is all setup so whatever connects to the ports in vlan 4 on the switch gets the correct ip addresses right?
Well, it should, but the IP Camera is set up with a static IP 10.0.4.250.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
Legacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□The ap is only giving out ip addresses from vlan 4 correct?
-
f0rgiv3n Member Posts: 598 ■■■■□□□□□□Are you able to ping the BVI IP address from another device on vlan 4? Just verifying basic connectivity.
-
kmcintosh78 Member Posts: 195Are you able to ping the BVI IP address from another device on vlan 4? Just verifying basic connectivity.
Yep. Basic connectivity is good to go.
Access to the GUI is good.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmusk01 Member Posts: 23 ■□□□□□□□□□Log into the GUI and go to the antenna's and make sure they are enabled. By default they are disabled. Sometimes the GUI is slow, so make sure the whole page loads before trying to enable the antenna.
Ken~ -
kmcintosh78 Member Posts: 195Log into the GUI and go to the antenna's and make sure they are enabled. By default they are disabled. Sometimes the GUI is slow, so make sure the whole page loads before trying to enable the antenna.
Ken~
I can set it up to broadcast and I can see the SSID on a scan.
But, I can't connect to it.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmusk01 Member Posts: 23 ■□□□□□□□□□So are you getting prompted to enter in the network key that you set? Try to remove the network key and leave it open and see if you can connect. I have seen some new devices not able to connect to WEP encryption as its too low of security. Needs to be at least WPA2 or just wide open.
Ken~ -
kmcintosh78 Member Posts: 195So are you getting prompted to enter in the network key that you set? Try to remove the network key and leave it open and see if you can connect. I have seen some new devices not able to connect to WEP encryption as its too low of security. Needs to be at least WPA2 or just wide open.
Ken~
The Foscom Cameras don't really auto prompt to enter in key info. You have to select the authentication type first.
I will look at it some more tomorrow in the AM.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmcintosh78 Member Posts: 195Anyone still able to help?What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmusk01 Member Posts: 23 ■□□□□□□□□□Is the port that the AP is plugged into set as a trunking port and trunking over your vlan 4? Also instead of trying to get the IP camera on wireless can you hard wire it just to make sure its working and that you can in fact ping it?
I deal with APs a lot, but mainly in LWAPP mode from a Controller. I am looking around to see if I have a spare AP in autonomous mode to drop your config on to test.
Ken~ -
kmcintosh78 Member Posts: 195Is the port that the AP is plugged into set as a trunking port and trunking over your vlan 4? Also instead of trying to get the IP camera on wireless can you hard wire it just to make sure its working and that you can in fact ping it?
I deal with APs a lot, but mainly in LWAPP mode from a Controller. I am looking around to see if I have a spare AP in autonomous mode to drop your config on to test.
Ken~
The port from the WAP to the 3560 is set as an access port.
The issue that I am seeing is not the connectivity from the WAP to the 3560, but from the IP Wireless Camera to the WAP.
If I set the SSID to broadcast, I can see it on the Camera from the scan function.
If I select it from the camera, with the camera having a static IP set, the WAP does not show it in the associates tab and the camera does not connect.
I am currently on Yahoo messenger, if that would be better then working over the forum here.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmusk01 Member Posts: 23 ■□□□□□□□□□Only have Skype in the office..
What happens if you remove the static on the camera and just let DHCP assign something to it? Also take off all encryption on the WAP and broadcast the SSID, then try to get the camera to connect.
Can you get a laptop or another wireless device to connect to the WAP as it sits right now?
Ken~ -
kmcintosh78 Member Posts: 195Tried to move it to a trunk, and it failed.
Don't think the FA port is available for the trunk setting.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmcintosh78 Member Posts: 195Update.
A different wireless device tried to connect. it seems to have peered, but no IP was given.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmcintosh78 Member Posts: 1951 Mar 23 09:10:13.505 Information Interface Dot11Radio0, Deauthenticating Station 74e5.0b1f.0b22 Reason: Sending station has left the BSS
2 Mar 23 09:09:23.752 Information Interface Dot11Radio0, Station CiscoAiroNet 74e5.0b1f.0b22 Associated KEY_MGMT[NONE]
3 Mar 23 09:08:10.981 Information Interface Dot11Radio0, Deauthenticating Station 0008.3071.fc61 Reason: Previous authentication no longer valid
4 Mar 23 09:08:10.980 Warning Packet to client 0008.3071.fc61 reached max retries, removing the client
5 Mar 23 09:06:52.626 Information Interface Dot11Radio0, Station 0008.3071.fc61 Associated KEY_MGMT[NONE]
6 Mar 23 09:06:09.998 Information Interface Dot11Radio0, Deauthenticating Station 74e5.0b1f.0b22 Reason: Sending station has left the BSS
7 Mar 23 09:03:48.960 Information Interface Dot11Radio0, Station CiscoAiroNet 74e5.0b1f.0b22 Associated KEY_MGMT[NONE]What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmcintosh78 Member Posts: 195Only have Skype in the office..
What happens if you remove the static on the camera and just let DHCP assign something to it? Also take off all encryption on the WAP and broadcast the SSID, then try to get the camera to connect.
Can you get a laptop or another wireless device to connect to the WAP as it sits right now?
Ken~What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmcintosh78 Member Posts: 195SO, new development here.
I can get the WAP to associate with the wireless devices, but the ones with static IPs will show up, the ones looking for DHCP from the switch never receive an IP.
Plus the Wireless device with the static IP, is not able to ping to the WAP, and vice versa. But, the switch can ping to the FA and BVI interface.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
xXErebuS Member Posts: 230You need to change your bridge-groups to 1 not 4.... think of a BVI as a vlan within the AP; but it doesn't isolate after the AP....
On second thought; if you only have 1 SSID why are you even using sub interfaces? Also you may be having an issue with WEP; can you use WPA?
dot11 ssid EquityCamera
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 YOURKEYHERE
interface Dot11Radio0
no ip address
no shut
ssid EquityCamera
bridge-group 1
interface FastEthernet0
no ip address
bridge-group 1
interface BVI1
ip address 10.0.4.251 255.255.255.0 -
kmcintosh78 Member Posts: 195You need to change your bridge-groups to 1 not 4.... think of a BVI as a vlan within the AP; but it doesn't isolate after the AP....
On second thought; if you only have 1 SSID why are you even using sub interfaces? Also you may be having an issue with WEP; can you use WPA?
dot11 ssid EquityCamera
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 YOURKEYHERE
interface Dot11Radio0
no ip address
no shut
ssid EquityCamera
bridge-group 1
interface FastEthernet0
no ip address
bridge-group 1
interface BVI1
ip address 10.0.4.251 255.255.255.0
Here is what I got now, at the direction of a member at the Cisco Forum.
Switch#show run
Building configuration...
Current configuration : 1959 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
vtp domain equity
vtp mode transparent
ip subnet-zero
!
ip dhcp pool user
network 10.0.4.0 255.255.255.0
domain-name equity-usa.com
default-router 10.0.4.1
dns-server 209.55.24.10 8.8.8.8
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
name equity-data-user-vl2
!
vlan 3
name equity-voice-voice-vl3
!
vlan 4
name equity-data-server-vl4
!
vlan 5
name equity-data-guestwifi-vl5
!
vlan 10
name testvlan
!
vlan 100
name equity-data-transit-vl100
!
interface FastEthernet0/1
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 4
switchport mode trunk
!
interface FastEthernet0/3
switchport mode access
!
interface FastEthernet0/4
switchport mode access
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
description equity-data-user-vl1(10.1.14.0/24)
no ip address
!
interface Vlan4
ip address 10.0.4.1 255.255.255.0
ip helper-address 10.0.4.1
!
ip classless
ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
line vty 0 4
no login
line vty 5 15
no login
!
!
end
CiscoAiroNet#show run
Building configuration...
Current configuration : 2067 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CiscoAiroNet
!
enable secret 5
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid EquityCamera
vlan 4
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 140713181F13253920
!
!
!
username Cisco password 7
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers wep128
!
encryption vlan 4 mode ciphers tkip
!
ssid EquityCamera
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
bridge-group 4 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0.4
encapsulation dot1Q 4
no ip route-cache
bridge-group 4
no bridge-group 4 source-learning
bridge-group 4 spanning-disabled
!
interface BVI1
ip address 10.0.4.251 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.4.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
endWhat I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
xXErebuS Member Posts: 230I still don't understand why you want to do it this way but w.e. we'll roll with it....
First add "sw trunk allowed vlan 1,4" onto your trunk link....
Clear your config on your AP and put this on it... not how I'd do it but I do not have enough information for VLAN 1 and you need to do more research on IBR...
CiscoAiroNet#show run
Building configuration...
Current configuration : 2067 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CiscoAiroNet
!
enable secret 5
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid EquityCamera
vlan 4
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 140713181F13253920
!
!
!
username Cisco password 7
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers wep128
!
encryption vlan 4 mode ciphers tkip
!
ssid EquityCamera
!
!
mbssid
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface FastEthernet0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.0.4.251 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.4.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779...onfig/help/eag
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
If you ever decide to push that vlan 1 you will just need to create an ssid for it....
I think your issue is you think that BVI interfaces and bridge groups are tied to VLANs. They are not... The interface BVI is tied to a bridge group which is tied to the sub interfaces on the radio and ethernet interface....
EDIT: In case your wondering you can delete the interface BVI1 and use 4 if you wanted; the problem is that there is a process to delete it b/c its assigned to the fa0 interface and it will not allow you while the BVI is up; so in your case where your all ready having issues its easier for me to just assign the BVI1 and bridge-group 1 to your subinterface for vlan 4... -
kmcintosh78 Member Posts: 195I still don't understand why you want to do it this way but w.e. we'll roll with it....
First add "sw trunk allowed vlan 1,4" onto your trunk link....
Clear your config on your AP and put this on it... not how I'd do it but I do not have enough information for VLAN 1 and you need to do more research on IBR...
CiscoAiroNet#show run
Building configuration...
Current configuration : 2067 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CiscoAiroNet
!
enable secret 5
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid EquityCamera
vlan 4
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 140713181F13253920
!
!
!
username Cisco password 7
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers wep128
!
encryption vlan 4 mode ciphers tkip
!
ssid EquityCamera
!
!
mbssid
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface FastEthernet0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.0.4.251 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.4.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779...onfig/help/eag
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
If you ever decide to push that vlan 1 you will just need to create an ssid for it....
I think your issue is you think that BVI interfaces and bridge groups are tied to VLANs. They are not... The interface BVI is tied to a bridge group which is tied to the sub interfaces on the radio and ethernet interface....
EDIT: In case your wondering you can delete the interface BVI1 and use 4 if you wanted; the problem is that there is a process to delete it b/c its assigned to the fa0 interface and it will not allow you while the BVI is up; so in your case where your all ready having issues its easier for me to just assign the BVI1 and bridge-group 1 to your subinterface for vlan 4...
Pm Sent.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year) -
kmcintosh78 Member Posts: 195I still don't understand why you want to do it this way but w.e. we'll roll with it....
First add "sw trunk allowed vlan 1,4" onto your trunk link....
Clear your config on your AP and put this on it... not how I'd do it but I do not have enough information for VLAN 1 and you need to do more research on IBR...
CiscoAiroNet#show run
Building configuration...
Current configuration : 2067 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CiscoAiroNet
!
enable secret 5
!
ip subnet-zero
!
!
no aaa new-model
!
dot11 ssid EquityCamera
vlan 4
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 140713181F13253920
!
!
!
username Cisco password 7
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers wep128
!
encryption vlan 4 mode ciphers tkip
!
ssid EquityCamera
!
!
mbssid
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface FastEthernet0.4
encapsulation dot1Q 4 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.0.4.251 255.255.255.0
no ip route-cache
!
ip default-gateway 10.0.4.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779...onfig/help/eag
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end
If you ever decide to push that vlan 1 you will just need to create an ssid for it....
I think your issue is you think that BVI interfaces and bridge groups are tied to VLANs. They are not... The interface BVI is tied to a bridge group which is tied to the sub interfaces on the radio and ethernet interface....
EDIT: In case your wondering you can delete the interface BVI1 and use 4 if you wanted; the problem is that there is a process to delete it b/c its assigned to the fa0 interface and it will not allow you while the BVI is up; so in your case where your all ready having issues its easier for me to just assign the BVI1 and bridge-group 1 to your subinterface for vlan 4...
Oh yeah. We got it!!!! Thanks for all the help.What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year)