Hi Kristian, Thank you for looking so deep into this. I'm gonna try your configs tomorrow or in the weekend. But there are 2 things that comes into mind.
The configuration guide "Guidelines for Repeaters" point 4 says: "Repeater access points support only the native VLAN. You cannot configure multiple VLANs on a repeater access point.". !??! (Still this is for 12.3(8) which is in the Lab, I can see you are running a 12.4 code) And the IPX WB1 Lab 3.8 solves this in a different way, one SSID (not on bridge-group1). Did Jason use 12.3 or 12.4 code? Anyone how can comment on this issue? Join the battle Wireless Genies :o) /Ralph 2011/2/1 Kristján Ólafur Eðvarðsson <[email protected]>: > OK Ralph, here are my findings. > > nr.2 I don´t like to put the whole radio interface in a bridge group. I > usually try to go for the subinterfaces and bridge together. This gives you > more flexibility > But did you have a excersise that instructed this or was this just something > you made up ? At least I understand that this worked. > > nr.3 I first tried your configuration unchanged. It didn´t work any better > than in your case. Something bugged me with native vlan 20 between the Aps. > BVI interface always goes with bridge group 1 and always sends untagged > packets over the wire. This doesn´t mean that you have to have your root on > VLAN 1. It can be put on any VLAN with different switchport trunk native vlan > on the switchport. But this is of course managment traffic. In my example > that native vlan on my switches is 20. However I was able to make this work > with VLAN 20 as native on both Aps and the client worked over VLAN150. > However I could not do pings between the BVI interfaces of Root and Repeater, > but bridging of the 150 vlan was working fine. But I added an exra SSID with > VLAN for the clients. I am not sure how to make it work with the native in > bridge group 20. > > nr.4 I am without a clue :) But I have noticed when I configure EAP-fast with > root+WGB it takes about 10-15 sek to work if I don´t shut/no shut the radio > interfaces. > But yours is wpa-psk so it should be even simpler. > > But back to 3: > > So after this I took a look at my workbook and saw that the example used > vlan1 as the infrastructure vlan. So I wonder if that is mandatory. When I > changed > my configuration for vlan 1 and bridge-group 1 between the Aps I could ping > each other. So from what I understand is repeater infrastructure SSID always > has to be native (also for bridges with multiple vlans) and extra vlans > (ssids+vlans for clients for example) will be tagged at the repeater and the > native vlan will be used for > the Aps to communicate IAPP messages e.t.c for those extra SSIDs. > > So if you like the Repeater to be on some special vlan, it has to go with the > Root AP. Aswell will the client in a single ssid setup. Even though you use > vlan1 > between the Aps you can decide in your network what your native vlan trunk > will do. So you can set them in vlan 20 or whatever. > > My configuration files are attached. A little explanation: Root 1 is with > infrastructure ssid BOB in vlan1 (this is only between them) and bridge group > 1 - client can connect there too if they don´t mind the infrastructure SSId > setting. My ACU worked at least from the repeater. I created another VLAN 150 > and SSID client that trunks vlan 150 out to the wired network. A L3 switch > has vlan 20 and vlan 150 with corresponding ip dhcp pools. > > The Repeater has actually the same configuration exept for the station role > repeater. I created the fastethernet subinterfaces aswell. I decided to follow > my earlier configuration cause it worked last time. It might not make make > since the repeter ethernet interface is always down. But you can try to do > without them, it would be interesting to see if that worked too. I didn´t > bother to change subinterfaces names so don´t get confused ;) > > So Jason or any Autonomous Rainman, any comments or rectifications ? :-) > > regards. Kristjan > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Ralph Olsen > Sent: 31. janúar 2011 20:36 > To: Kristján Ólafur Eðvarðsson > Cc: [email protected] > Subject: Re: IPX-WB1 LAB 3.8 - Repeater (Ralph Olsen) > > Hi Kristjan, > > I still haven't found a way to make it work with vlans on the radio > interface. My VLAN config is in the WLAN20native-WPA-RootAP.txt file. > > I did 4 scenarios this evening. > > 1. Simple root ap with repeater ap all on native vlan 1 and bridge-group1. I > attached the 2 configs. Simple-WPA. This is as I see it as vanilla as it > gets. And it works perfectly. > > 2. Same config but the Root AP now has bridge group 20 assigned to the d0 > interface and fas0.20 interface. Fa0.20 is dot1q vlan 20. I have attached the > 2 files. (BridgeG20-d0-WPA). This also works but I did have to reboot the > root-ap as the mac of the laptop client was stuck in bridge 1 mac table. > > 3. The ssid on the root ap now has a VLAN 20 assigned to it and the > bridge-group 20 has been moved to interface d0.20. d0.20 is encap dot1 20 > native. The Repeater AP and the client can associate with the Root AP and get > full IP traffic to VLAN 20. But when the client connects to the Repeater AP > it never gets an IP. The laptop client is simply not seen as a dot11 > association on the root ap. (Config VLAN20native) > > 4. This is the funny part. My saved config from step 2 is now copied into the > startup-config on both AP's and they are reloaded. They come up again and now > it doesn't work. Reload the laptop, try another. Nope just don't work. Start > pinging from the Repeater AP BVI1 to the Default Gateway in VLAN 20, and that > works fine. 30 seconds later the laptop gets an IP. So my note being..... you > need luck... :o) > > /Ralph > > > 2011/1/31 Kristján Ólafur Eðvarðsson <[email protected]>: >> I would be interesting to post your configurations for this. >> I remember having this at Bootcamp and made it work. There is one >> special think I remember. The AP-to-AP communication SSID+VLAN is >> always native. Others are tagged. The thing is that the communication >> goes over the native vlan but the Repeater and Root somehow bridge >> them over and put them on correct VLAN after the traffic is passed between >> the two. >> I don´t have IPX workbook, but I had a similar case in Fastlanes workbook. >> The user had a seperate SSID and repeater had another to communicate >> to Root on the native vlan. >> >> regards. Kristjan >> ------------------------------ >> >> Message: 5 >> Date: Sun, 30 Jan 2011 14:59:24 +0100 >> From: Ralph Olsen <[email protected]> >> To: [email protected] >> Subject: Re: [CCIE Wireless] IPX-WB1 LAB 3.8 - Repeater >> Message-ID: >> <[email protected]> >> Content-Type: text/plain; charset=ISO-8859-1 >> >> Conclusion after looking deeper into this. You need luck to make it >> work. :o) >> >> I have tried a lot of different combos and boilded it down to a SSID >> with auth open. When the PC connect directly to the root AP it works >> fine and gets an IP from a different VLAN that bridge-group one (vlan >> 12 in the WB), but when it connects to the Repeater AP it doesn't >> work. When the PC is on the repeater AP the traffic is unidirectional >> only working from the PC -> repeater -> rootap -> Def.gw. Traffic in >> the other direction gets cut off at the rootap. >> >> Can someone else try to make 3.8 work? >> >> /Ralph >> >> 2011/1/28 Ralph Olsen <[email protected]>: >>> Hi Group, >>> >>> I just been looking into lab 3.8 in the IPX-WB1. Radio Roles - Repeater. >>> >>> Most of the things I have done works perfectly, the repeater AP >>> associates with the root AP and I can see that it is using LEAP WPA >>> as I wanted. ?Associated To AP AP1 001a.302e.4850 [LEAP WPA]. >>> >>> But the part I can't get to work is: "Ensure that users would be able >>> to get a DHCP address in the 10.10.12.0/24 subnet. Do not configure >>> DHCP for this." >>> >>> In the DSG VLAN 12 on the AP1-d0 interface have been made native and >>> in my mind that would map it to the d0 interface on AP2. When I >>> connect with a client to AP1, I get the 10.10.12.0/24 DHCP offer >>> right away. When I connect to the AP2 I never get an offer (or see >>> request at the dhcp server). >>> >>> The ADU client associates fine with both AP1 and AP2: Interface >>> Dot11Radio0, Station WL02-LAPTOP 0040.96b1.8207 Associated >>> KEY_MGMT[WPA] >>> >>> Did Jason just become lucky in the DSG or is something missing? >>> >>> /Ralph >>> >> >> >> ------------------------------ >> >> _______________________________________________ >> CCIE_Wireless mailing list >> [email protected] >> http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless >> >> >> End of CCIE_Wireless Digest, Vol 22, Issue 41 >> ********************************************* >> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
