I'm thinking the line "workgroup-bridge client-vlan 12" may play into this somewhere?
I haven't seen the lab stuff yet, but I'm actually doing a similar situation here in my house, with a 1242 acting as a WGB, and clients on the wired net need to be on a different VLAN from native. Snippet: dot11 vlan-name NetMgt vlan 400 dot11 vlan-name RJR vlan 12 ! dot11 ssid WBR vlan 400 authentication open authentication key-management wpa infrastructure-ssid wpa-psk ascii 7 <yeah you wish> ! [...] interface Dot11Radio1 no ip address no ip route-cache ! encryption vlan 400 mode ciphers aes-ccm ! encryption vlan 12 mode ciphers aes-ccm ! ssid WBR ! station-role workgroup-bridge ! interface Dot11Radio1.12 encapsulation dot1Q 12 no ip route-cache bridge-group 12 bridge-group 12 subscriber-loop-control bridge-group 12 block-unknown-source no bridge-group 12 source-learning no bridge-group 12 unicast-flooding bridge-group 12 spanning-disabled ! interface Dot11Radio1.400 encapsulation dot1Q 400 native no ip route-cache bridge-group 1 ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 ! interface FastEthernet0.12 encapsulation dot1Q 12 no ip route-cache bridge-group 12 ! [...] workgroup-bridge client-vlan 12 end So while my net management traffic happens on VLAN 400 (172.20.1.x/24), the clients are on VLAN 12 (10.50.53.x/24)... and are fetching DHCP from upstream server. The switch connected to Fa0 is a dumb netgear 10/100, so doesn't understand 802.1q. I'm guessing the "workgroup-bridge client-vlan" is stripping out the 802.1q tag for vlan 12. ...Ron -- Ron Marosko, Jr. . . . . . . . . . . . . . . . . . . . . . . . . . . CCIE No. 4526 (R/S), CWNA [cid:[email protected]] Consulting Network Architect Advanced Technology Services Global Technology Resources, Inc. 1108 West Dickinson Blvd, Suite A Fort Stockton, TX 79735 USA o: +1 432 336 5600 x110 c: +1 720 233 3147 f: +1 303 865 5888 e: [email protected]<mailto:[email protected]> "To know me is to fly with me." Cisco Federal Mobility Partner of the Year and Western Region Partner of the Year - May 2010 GTRI provides world-class business solutions creatively tailored to the specific needs of each customer. Client satisfaction is our top priority, and we measure our success by our customer's ultimate success. From: [email protected] [mailto:[email protected]] On Behalf Of Stalder Dominic Sent: Friday, January 28, 2011 5:09 AM To: [email protected] Subject: [CCIE Wireless] Lab 3 question 3.10 Hi there I have some questions about 3.10: 1. Allow wired users to connect through AAP2 to the same VLAN as users on SSID Test2 As I understand, the wired clients should get an IP from 10.10.12.0 /24. But with the following configuration on AAP2, they get an IP from 10.10.210.0 /24: interface FastEthernet0.110 encapsulation dot1Q 110 native no ip route-cache bridge-group 1 ! If they should be in VLAN 12, the Fa 0.12 should be the native VLAN, shouldn't it? Or would it be a prerequisite, that I have configured a trunk on the access switch, connected to AAP2 Fa 0? 2. The AAP2 must also allow users to connect to SSID Test1, with the traffic passing back to through AAP1: Also here, the wireless clients connecting to SSID Test1 on AAP2 should get an IP from 10.10.11.0 /24? But then I would also need the following on AAP1, not only on AAP2. Otherwise the VLAN 11 is not provided over the bridge link: interface Dot11Radio0.11 encapsulation dot1Q 11 no ip route-cache bridge-group 11 ! Maybe I am wrong, but this is why I ask you guys ;-) Thanks a lot in advance and best regards Dominic
<<inline: image001.gif>>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
