Need assitance with setting up Cisco Aironet 1200

kmcintosh78kmcintosh78 Member Posts: 195
Having little to no experience is setting up a WAP, I am looking for some help.
I have it already set up as a basic config. I have the BVI1 interface configured for my local network (10.0.4.251/25) and need the WAP to basically function like a simple bridge, where the 3560 is driving the DHCP, as it already does for the rest of the network.
I need to have the IP network 10.0.4.0/24 handed out to the wireless devices, with simple password access and no broadcast of the SSID.

Thanks and I love this site.
What I am working on
CCNP Route (Currently) 80% done
CCNP Switch (Next Year)
CCNP TShoot (Next Year)

Comments

  • kmcintosh78kmcintosh78 Member Posts: 195
    I walked the process shown in this video https://www.youtube.com/watch?v=5RE55VBsyDE&list=WLK7a47Sy4vAxCu3HqxKRV2XZDFBMWi7iE, but I am not able to connect a device to it.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • xXErebuSxXErebuS Member Posts: 230
    post your config
  • kmcintosh78kmcintosh78 Member Posts: 195
    CiscoAiroNet#show run
    Building configuration...

    Current configuration : 1812 bytes
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname CiscoAiroNet
    !
    enable secret 5 XXXXX
    !
    ip subnet-zero
    !
    !
    no aaa new-model
    dot11 vlan-name DataVlan vlan 4
    !
    dot11 ssid EquityCamera
    vlan 4
    authentication open
    mobility network-id 4
    !
    !
    !
    username Cisco password 7 XXXXXX
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption mode ciphers wep128
    !
    encryption vlan 4 key 1 size 128bit 7 E54F376C597A16792841E3067927 transmit-key
    encryption vlan 4 mode wep mandatory
    !
    ssid EquityCamera
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.4
    encapsulation dot1Q 4
    no ip route-cache
    bridge-group 4
    bridge-group 4 subscriber-loop-control
    bridge-group 4 block-unknown-source
    no bridge-group 4 source-learning
    no bridge-group 4 unicast-flooding
    bridge-group 4 spanning-disabled
    !
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0.4
    encapsulation dot1Q 4
    no ip route-cache
    bridge-group 4
    no bridge-group 4 source-learning
    bridge-group 4 spanning-disabled
    !
    interface BVI1
    ip address 10.0.4.251 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 10.0.4.1
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    !
    bridge 1 route ip
    !
    !
    !
    line con 0
    line vty 0 4
    login local
    !
    end
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmcintosh78kmcintosh78 Member Posts: 195
    The internal network I need it to connect to is Vlan 4 10.0.4.0/24.

    Thanks
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • Legacy UserLegacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□
    How many vlans do you have for your data networks? I may be be able to help you but in my network I have 1 vlan for data and 1 for voice if your topology is similar I can give you a hand.
  • kmcintosh78kmcintosh78 Member Posts: 195
    dmarcisco wrote: »
    How many vlans do you have for your data networks? I may be be able to help you but in my network I have 1 vlan for data and 1 for voice if your topology is similar I can give you a hand.

    There are 4 VLANs in total, but the main VLAN for Data is VLAN 4 and VLAN 1 is for voice. The device I am trying to connect to the WAP is an IP Camera.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • Legacy UserLegacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□
    I assume dhcp is all setup so whatever connects to the ports in vlan 4 on the switch gets the correct ip addresses right?
  • kmcintosh78kmcintosh78 Member Posts: 195
    dmarcisco wrote: »
    I assume dhcp is all setup so whatever connects to the ports in vlan 4 on the switch gets the correct ip addresses right?

    Well, it should, but the IP Camera is set up with a static IP 10.0.4.250.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • Legacy UserLegacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□
    The ap is only giving out ip addresses from vlan 4 correct?
  • f0rgiv3nf0rgiv3n Connection Overlord Member Posts: 598 ■■■■□□□□□□
    Are you able to ping the BVI IP address from another device on vlan 4? Just verifying basic connectivity.
  • kmcintosh78kmcintosh78 Member Posts: 195
    f0rgiv3n wrote: »
    Are you able to ping the BVI IP address from another device on vlan 4? Just verifying basic connectivity.

    Yep. Basic connectivity is good to go.
    Access to the GUI is good.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmusk01kmusk01 Member Posts: 23 ■□□□□□□□□□
    Log into the GUI and go to the antenna's and make sure they are enabled. By default they are disabled. Sometimes the GUI is slow, so make sure the whole page loads before trying to enable the antenna.

    Ken~
  • kmcintosh78kmcintosh78 Member Posts: 195
    kmusk01 wrote: »
    Log into the GUI and go to the antenna's and make sure they are enabled. By default they are disabled. Sometimes the GUI is slow, so make sure the whole page loads before trying to enable the antenna.

    Ken~


    I can set it up to broadcast and I can see the SSID on a scan.
    But, I can't connect to it.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmusk01kmusk01 Member Posts: 23 ■□□□□□□□□□
    So are you getting prompted to enter in the network key that you set? Try to remove the network key and leave it open and see if you can connect. I have seen some new devices not able to connect to WEP encryption as its too low of security. Needs to be at least WPA2 or just wide open.

    Ken~
  • kmcintosh78kmcintosh78 Member Posts: 195
    kmusk01 wrote: »
    So are you getting prompted to enter in the network key that you set? Try to remove the network key and leave it open and see if you can connect. I have seen some new devices not able to connect to WEP encryption as its too low of security. Needs to be at least WPA2 or just wide open.

    Ken~

    The Foscom Cameras don't really auto prompt to enter in key info. You have to select the authentication type first.

    I will look at it some more tomorrow in the AM.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmcintosh78kmcintosh78 Member Posts: 195
    Anyone still able to help?
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmusk01kmusk01 Member Posts: 23 ■□□□□□□□□□
    Is the port that the AP is plugged into set as a trunking port and trunking over your vlan 4? Also instead of trying to get the IP camera on wireless can you hard wire it just to make sure its working and that you can in fact ping it?

    I deal with APs a lot, but mainly in LWAPP mode from a Controller. I am looking around to see if I have a spare AP in autonomous mode to drop your config on to test.

    Ken~
  • kmcintosh78kmcintosh78 Member Posts: 195
    kmusk01 wrote: »
    Is the port that the AP is plugged into set as a trunking port and trunking over your vlan 4? Also instead of trying to get the IP camera on wireless can you hard wire it just to make sure its working and that you can in fact ping it?

    I deal with APs a lot, but mainly in LWAPP mode from a Controller. I am looking around to see if I have a spare AP in autonomous mode to drop your config on to test.

    Ken~

    The port from the WAP to the 3560 is set as an access port.

    The issue that I am seeing is not the connectivity from the WAP to the 3560, but from the IP Wireless Camera to the WAP.
    If I set the SSID to broadcast, I can see it on the Camera from the scan function.
    If I select it from the camera, with the camera having a static IP set, the WAP does not show it in the associates tab and the camera does not connect.

    I am currently on Yahoo messenger, if that would be better then working over the forum here.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmusk01kmusk01 Member Posts: 23 ■□□□□□□□□□
    Only have Skype in the office..

    What happens if you remove the static on the camera and just let DHCP assign something to it? Also take off all encryption on the WAP and broadcast the SSID, then try to get the camera to connect.

    Can you get a laptop or another wireless device to connect to the WAP as it sits right now?

    Ken~
  • kmcintosh78kmcintosh78 Member Posts: 195
    Tried to move it to a trunk, and it failed.

    Don't think the FA port is available for the trunk setting.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmcintosh78kmcintosh78 Member Posts: 195
    Update.

    A different wireless device tried to connect. it seems to have peered, but no IP was given.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmcintosh78kmcintosh78 Member Posts: 195
    1 Mar 23 09:10:13.505 Information Interface Dot11Radio0, Deauthenticating Station 74e5.0b1f.0b22 Reason: Sending station has left the BSS
    2 Mar 23 09:09:23.752 Information Interface Dot11Radio0, Station CiscoAiroNet 74e5.0b1f.0b22 Associated KEY_MGMT[NONE]
    3 Mar 23 09:08:10.981 Information Interface Dot11Radio0, Deauthenticating Station 0008.3071.fc61 Reason: Previous authentication no longer valid
    4 Mar 23 09:08:10.980 Warning Packet to client 0008.3071.fc61 reached max retries, removing the client
    5 Mar 23 09:06:52.626 Information Interface Dot11Radio0, Station 0008.3071.fc61 Associated KEY_MGMT[NONE]
    6 Mar 23 09:06:09.998 Information Interface Dot11Radio0, Deauthenticating Station 74e5.0b1f.0b22 Reason: Sending station has left the BSS
    7 Mar 23 09:03:48.960 Information Interface Dot11Radio0, Station CiscoAiroNet 74e5.0b1f.0b22 Associated KEY_MGMT[NONE]
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmcintosh78kmcintosh78 Member Posts: 195
    kmusk01 wrote: »
    Only have Skype in the office..

    What happens if you remove the static on the camera and just let DHCP assign something to it? Also take off all encryption on the WAP and broadcast the SSID, then try to get the camera to connect.

    Can you get a laptop or another wireless device to connect to the WAP as it sits right now?

    Ken~
    PM Sent
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmcintosh78kmcintosh78 Member Posts: 195
    SO, new development here.
    I can get the WAP to associate with the wireless devices, but the ones with static IPs will show up, the ones looking for DHCP from the switch never receive an IP.
    Plus the Wireless device with the static IP, is not able to ping to the WAP, and vice versa. But, the switch can ping to the FA and BVI interface.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • xXErebuSxXErebuS Member Posts: 230
    You need to change your bridge-groups to 1 not 4.... think of a BVI as a vlan within the AP; but it doesn't isolate after the AP....

    On second thought; if you only have 1 SSID why are you even using sub interfaces? Also you may be having an issue with WEP; can you use WPA?


    dot11 ssid EquityCamera
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 0 YOURKEYHERE

    interface Dot11Radio0
    no ip address
    no shut
    ssid EquityCamera
    bridge-group 1

    interface FastEthernet0
    no ip address
    bridge-group 1

    interface BVI1
    ip address 10.0.4.251 255.255.255.0
  • kmcintosh78kmcintosh78 Member Posts: 195
    xXErebuS wrote: »
    You need to change your bridge-groups to 1 not 4.... think of a BVI as a vlan within the AP; but it doesn't isolate after the AP....

    On second thought; if you only have 1 SSID why are you even using sub interfaces? Also you may be having an issue with WEP; can you use WPA?


    dot11 ssid EquityCamera
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 0 YOURKEYHERE

    interface Dot11Radio0
    no ip address
    no shut
    ssid EquityCamera
    bridge-group 1

    interface FastEthernet0
    no ip address
    bridge-group 1

    interface BVI1
    ip address 10.0.4.251 255.255.255.0

    Here is what I got now, at the direction of a member at the Cisco Forum.

    Switch#show run
    Building configuration...

    Current configuration : 1959 bytes
    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Switch
    !
    !
    no aaa new-model
    vtp domain equity
    vtp mode transparent
    ip subnet-zero
    !
    ip dhcp pool user
    network 10.0.4.0 255.255.255.0
    domain-name equity-usa.com
    default-router 10.0.4.1
    dns-server 209.55.24.10 8.8.8.8
    !
    !
    !
    !
    !
    !
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    vlan 2
    name equity-data-user-vl2
    !
    vlan 3
    name equity-voice-voice-vl3
    !
    vlan 4
    name equity-data-server-vl4
    !
    vlan 5
    name equity-data-guestwifi-vl5
    !
    vlan 10
    name testvlan
    !
    vlan 100
    name equity-data-transit-vl100
    !
    interface FastEthernet0/1
    switchport access vlan 4
    switchport mode access
    !
    interface FastEthernet0/2
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 4
    switchport mode trunk
    !
    interface FastEthernet0/3
    switchport mode access
    !
    interface FastEthernet0/4
    switchport mode access
    !
    interface FastEthernet0/5
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    !
    interface FastEthernet0/10
    !
    interface FastEthernet0/11
    !
    interface FastEthernet0/12
    !
    interface FastEthernet0/13
    !
    interface FastEthernet0/14
    !
    interface FastEthernet0/15
    !
    interface FastEthernet0/16
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface GigabitEthernet0/1
    !
    interface GigabitEthernet0/2
    !
    interface Vlan1
    description equity-data-user-vl1(10.1.14.0/24)
    no ip address
    !
    interface Vlan4
    ip address 10.0.4.1 255.255.255.0
    ip helper-address 10.0.4.1
    !
    ip classless
    ip http server
    ip http secure-server
    !
    !
    control-plane
    !
    !
    line con 0
    line vty 0 4
    no login
    line vty 5 15
    no login
    !
    !
    end



    CiscoAiroNet#show run
    Building configuration...

    Current configuration : 2067 bytes
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname CiscoAiroNet
    !
    enable secret 5

    !
    ip subnet-zero
    !
    !
    no aaa new-model
    !
    dot11 ssid EquityCamera
    vlan 4
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 140713181F13253920
    !
    !
    !
    username Cisco password 7

    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption mode ciphers wep128
    !
    encryption vlan 4 mode ciphers tkip
    !
    ssid EquityCamera
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface Dot11Radio0.4
    encapsulation dot1Q 4
    no ip route-cache
    bridge-group 4
    bridge-group 4 subscriber-loop-control
    bridge-group 4 block-unknown-source
    no bridge-group 4 source-learning
    no bridge-group 4 unicast-flooding
    bridge-group 4 spanning-disabled
    !
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    !
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0.4
    encapsulation dot1Q 4
    no ip route-cache
    bridge-group 4
    no bridge-group 4 source-learning
    bridge-group 4 spanning-disabled
    !
    interface BVI1
    ip address 10.0.4.251 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 10.0.4.1
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    !
    bridge 1 route ip
    !
    !
    !
    line con 0
    line vty 0 4
    login local
    !
    end
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • xXErebuSxXErebuS Member Posts: 230
    I still don't understand why you want to do it this way but w.e. we'll roll with it....

    First add "sw trunk allowed vlan 1,4" onto your trunk link....


    Clear your config on your AP and put this on it... not how I'd do it but I do not have enough information for VLAN 1 and you need to do more research on IBR...


    CiscoAiroNet#show run
    Building configuration...

    Current configuration : 2067 bytes
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname CiscoAiroNet
    !
    enable secret 5

    !
    ip subnet-zero
    !
    !
    no aaa new-model
    !
    dot11 ssid EquityCamera
    vlan 4
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 140713181F13253920
    !
    !
    !
    username Cisco password 7

    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption mode ciphers wep128
    !
    encryption vlan 4 mode ciphers tkip
    !
    ssid EquityCamera
    !
    !
    mbssid
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1
    no ip route-cache
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    bridge-group 2 spanning-disabled
    !
    interface Dot11Radio0.4
    encapsulation dot1Q 4 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    !
    interface FastEthernet0.1
    encapsulation dot1Q 1
    no ip route-cache
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    bridge-group 2 spanning-disabled
    !
    interface FastEthernet0.4
    encapsulation dot1Q 4 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface BVI1
    ip address 10.0.4.251 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 10.0.4.1
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779...onfig/help/eag
    !
    bridge 1 route ip
    !
    !
    !
    line con 0
    line vty 0 4
    login local
    !
    end


    If you ever decide to push that vlan 1 you will just need to create an ssid for it....

    I think your issue is you think that BVI interfaces and bridge groups are tied to VLANs. They are not... The interface BVI is tied to a bridge group which is tied to the sub interfaces on the radio and ethernet interface....


    EDIT: In case your wondering you can delete the interface BVI1 and use 4 if you wanted; the problem is that there is a process to delete it b/c its assigned to the fa0 interface and it will not allow you while the BVI is up; so in your case where your all ready having issues its easier for me to just assign the BVI1 and bridge-group 1 to your subinterface for vlan 4...
  • kmcintosh78kmcintosh78 Member Posts: 195
    xXErebuS wrote: »
    I still don't understand why you want to do it this way but w.e. we'll roll with it....

    First add "sw trunk allowed vlan 1,4" onto your trunk link....


    Clear your config on your AP and put this on it... not how I'd do it but I do not have enough information for VLAN 1 and you need to do more research on IBR...


    CiscoAiroNet#show run
    Building configuration...

    Current configuration : 2067 bytes
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname CiscoAiroNet
    !
    enable secret 5

    !
    ip subnet-zero
    !
    !
    no aaa new-model
    !
    dot11 ssid EquityCamera
    vlan 4
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 140713181F13253920
    !
    !
    !
    username Cisco password 7

    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption mode ciphers wep128
    !
    encryption vlan 4 mode ciphers tkip
    !
    ssid EquityCamera
    !
    !
    mbssid
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1
    no ip route-cache
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    bridge-group 2 spanning-disabled
    !
    interface Dot11Radio0.4
    encapsulation dot1Q 4 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    !
    interface FastEthernet0.1
    encapsulation dot1Q 1
    no ip route-cache
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    bridge-group 2 spanning-disabled
    !
    interface FastEthernet0.4
    encapsulation dot1Q 4 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface BVI1
    ip address 10.0.4.251 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 10.0.4.1
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779...onfig/help/eag
    !
    bridge 1 route ip
    !
    !
    !
    line con 0
    line vty 0 4
    login local
    !
    end


    If you ever decide to push that vlan 1 you will just need to create an ssid for it....

    I think your issue is you think that BVI interfaces and bridge groups are tied to VLANs. They are not... The interface BVI is tied to a bridge group which is tied to the sub interfaces on the radio and ethernet interface....


    EDIT: In case your wondering you can delete the interface BVI1 and use 4 if you wanted; the problem is that there is a process to delete it b/c its assigned to the fa0 interface and it will not allow you while the BVI is up; so in your case where your all ready having issues its easier for me to just assign the BVI1 and bridge-group 1 to your subinterface for vlan 4...

    Pm Sent.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
  • kmcintosh78kmcintosh78 Member Posts: 195
    xXErebuS wrote: »
    I still don't understand why you want to do it this way but w.e. we'll roll with it....

    First add "sw trunk allowed vlan 1,4" onto your trunk link....


    Clear your config on your AP and put this on it... not how I'd do it but I do not have enough information for VLAN 1 and you need to do more research on IBR...


    CiscoAiroNet#show run
    Building configuration...

    Current configuration : 2067 bytes
    !
    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname CiscoAiroNet
    !
    enable secret 5

    !
    ip subnet-zero
    !
    !
    no aaa new-model
    !
    dot11 ssid EquityCamera
    vlan 4
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 140713181F13253920
    !
    !
    !
    username Cisco password 7

    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    no ip route-cache
    !
    encryption mode ciphers wep128
    !
    encryption vlan 4 mode ciphers tkip
    !
    ssid EquityCamera
    !
    !
    mbssid
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1
    no ip route-cache
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    bridge-group 2 spanning-disabled
    !
    interface Dot11Radio0.4
    encapsulation dot1Q 4 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    !
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    !
    interface FastEthernet0.1
    encapsulation dot1Q 1
    no ip route-cache
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    bridge-group 2 spanning-disabled
    !
    interface FastEthernet0.4
    encapsulation dot1Q 4 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    !
    interface BVI1
    ip address 10.0.4.251 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 10.0.4.1
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779...onfig/help/eag
    !
    bridge 1 route ip
    !
    !
    !
    line con 0
    line vty 0 4
    login local
    !
    end


    If you ever decide to push that vlan 1 you will just need to create an ssid for it....

    I think your issue is you think that BVI interfaces and bridge groups are tied to VLANs. They are not... The interface BVI is tied to a bridge group which is tied to the sub interfaces on the radio and ethernet interface....


    EDIT: In case your wondering you can delete the interface BVI1 and use 4 if you wanted; the problem is that there is a process to delete it b/c its assigned to the fa0 interface and it will not allow you while the BVI is up; so in your case where your all ready having issues its easier for me to just assign the BVI1 and bridge-group 1 to your subinterface for vlan 4...

    Oh yeah. We got it!!!! Thanks for all the help.
    What I am working on
    CCNP Route (Currently) 80% done
    CCNP Switch (Next Year)
    CCNP TShoot (Next Year)
Sign In or Register to comment.